Hello! I have followed your instructions and here are the logs:
FILE::
C:\WINDOWS\system32\qpuyiavb.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\qpuyiavb.dll
.
((((((((((((((((((((((((( Files Created from 2007-09-12 to 2007-10-12 )))))))))))))))))))))))))))))))
.
2007-10-12 15:39 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-11 21:41 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-10 14:50 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-10 14:33 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-10-09 14:08 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 17:47 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-10-08 12:05 <DIR> d-------- C:\Program Files\UWICK
2007-10-08 10:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-08 10:22 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2007-10-08 10:20 168,776 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-10-08 10:20 72,264 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-10-08 10:20 64,360 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-10-08 10:20 52,136 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2007-10-08 10:20 34,152 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-10-08 10:19 <DIR> d-------- C:\Program Files\McAfee
2007-10-08 10:19 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-10-08 09:47 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-08 09:47 <DIR> d-------- C:\Documents and Settings\Suzie Pun\Application Data\Lavasoft
2007-10-07 12:26 <DIR> d-------- C:\quarantine
2007-10-06 12:44 <DIR> d-------- C:\Program Files\Windows Defender
2007-10-05 09:57 <DIR> d-------- C:\WINDOWS\system32\vMW02a
2007-10-05 09:57 <DIR> d-------- C:\Temp\xOe
2007-09-15 13:46 <DIR> dr-h----- C:\Documents and Settings\Suzie Pun\Application Data\SecuROM
2007-09-15 13:14 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-09-15 11:29 <DIR> d-------- C:\Program Files\Ubisoft
2007-09-15 11:28 1 --a------ C:\WINDOWS\system32\SI.bin
2007-09-14 08:01 <DIR> d-------- C:\Program Files\iPod
2007-09-14 07:58 <DIR> d-------- C:\Program Files\QuickTime
2007-09-14 07:57 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-14 07:57 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-09-14 07:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-12 22:41 --------- d-----w C:\Program Files\Java
2007-10-11 12:08 --------- d-----w C:\Documents and Settings\Suzie Pun\Application Data\Wave Systems Corp
2007-10-08 19:17 --------- d-----w C:\Documents and Settings\Suzie Pun\Application Data\U3
2007-10-08 19:06 --------- d-----w C:\Documents and Settings\Suzie Pun\Application Data\SSH
2007-10-08 17:23 --------- d-----w C:\Program Files\Network Associates
2007-10-08 16:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-08 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-15 18:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-14 15:01 --------- d-----w C:\Program Files\iTunes
2007-09-14 15:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-14 14:53 --------- d-----w C:\Program Files\Apple Software Update
2007-09-05 19:57 --------- d-----w C:\Program Files\CambridgeSoft
2007-09-05 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\CambridgeSoft
2007-09-04 17:53 --------- d-----w C:\Program Files\Infotriever
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-31 02:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-31 02:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-31 02:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-12 23:31 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
2003-02-13 13:16 36,864 ----a-w C:\WINDOWS\inf\i386\Vizmicro.dll
2003-02-13 13:15 172,032 ----a-w C:\WINDOWS\inf\i386\viceo.dll
2003-02-13 13:02 35,190 ----a-w C:\WINDOWS\inf\i386\M5623_24.bin
2003-02-13 13:02 151,552 ----a-w C:\WINDOWS\inf\i386\rtscan.dll
2003-02-13 13:02 148,469 ----a-w C:\WINDOWS\inf\i386\M5623_24.dll
2001-08-04 01:29 13,824 ----a-w C:\WINDOWS\inf\i386\Usbscan.sys
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Program Files\UWICK ----
2006-10-25 12:53 32768 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\TectiaUserConfig.exe
2006-08-29 15:39 2672 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\global.dat
2006-08-16 10:30 368 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\licenses\stc51.dat
2006-08-15 22:53 888832 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\ssh-cmpclient-g3.exe
2006-08-15 22:53 737280 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\ssh-ekview-g3.exe
2006-08-15 22:53 614400 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\ssh-certview-g3.exe
2006-08-15 22:43 589824 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\ssh-keygen2.exe
2006-08-15 22:43 589824 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\ssh-keygen-g3.exe
2006-08-15 22:40 827392 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\sftpg3.exe
2006-08-15 22:40 827392 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\sftp2.exe
2006-08-15 22:40 790528 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\scpg3.exe
2006-08-15 22:40 790528 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\scp2.exe
2006-08-15 22:40 532480 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\sshg3.exe
2006-08-15 22:40 532480 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\ssh2.exe
2006-08-15 22:40 393216 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Support binaries\ssh-user-fileio.exe
2006-08-15 22:40 1118208 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\ssh-client-g3.exe
2006-08-15 22:39 180224 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\sshclientngres_en.dll
2006-08-15 22:39 1699840 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Broker\ssh-tectia-configuration.exe
2006-08-15 22:38 372736 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Broker\ssh-broker-g3.exe
2006-08-15 22:38 1949696 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Support binaries\ssh-broker-gui.exe
2006-08-15 22:38 1474560 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Support binaries\ssh-broker-cli.exe
2006-08-15 22:37 61440 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Plugins\5.1\plugin_cryptolib.dll
2006-08-15 22:37 53248 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Plugins\5.1\plugin_authc_gssapi.dll
2006-08-15 22:37 45056 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Plugins\5.1\plugin_authc_kbdint.dll
2006-08-15 22:37 40960 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Plugins\5.1\plugin_authc_password.dll
2006-08-15 22:37 36864 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Plugins\5.1\plugin_kexdh.dll
2006-08-15 22:37 32768 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Plugins\5.1\plugin_authc_publickey.dll
2006-08-15 22:37 28672 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Plugins\5.1\plugin_mac_crypticore.dll
2006-08-15 22:37 28672 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Plugins\5.1\plugin_cipher_crypticore.dll
2006-08-15 22:36 110592 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Broker\sshtectia.dll
2006-08-15 22:32 2408999 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSHClientHelp.chm
2006-08-15 22:32 2408999 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Broker\ConnectorHelp.chm
2006-08-15 20:59 25509 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\documents\SSH_Tectia_Client_5.1_EULA.rtf
2006-08-15 20:59 17208 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\documents\SSH_Tectia_Client_5.1_EULA.txt
2006-08-15 20:58 3187277 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\documents\Server-admin.pdf
2006-08-15 20:55 3833252 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\documents\Client-user.pdf
2006-08-15 20:53 3464223 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\documents\Clientserver-product.pdf
2006-08-15 20:53 223967 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\documents\G3-migration.pdf
2006-07-03 09:21 5735 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Broker\ssh-broker-config-example.xml
2006-06-15 11:38 6859 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\ssh-broker-ng\ssh-broker-ng-config-1.dtd
2006-06-05 15:44 1476 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\ssh-broker-ng\ssh-broker-config-default.xml
2006-05-25 09:05 12769 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\ssh-broker-config.xml
2006-04-10 12:19 413696 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\msvcp60.dll
2006-03-24 11:27 871 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\af-hostkeycheck.xml
2006-03-24 11:27 800 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\af-hostkeycheck-gui.xml
2006-03-24 11:27 557 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\af-new-password.xml
2006-01-26 12:00 1197 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\8.ssh2
2006-01-26 12:00 1197 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\4.ssh2
2006-01-26 12:00 1197 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\12.ssh2
2006-01-26 12:00 1196 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\7.ssh2
2006-01-26 12:00 1196 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\3.ssh2
2006-01-26 12:00 1196 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\11.ssh2
2006-01-26 12:00 1196 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\10.ssh2
2006-01-26 12:00 1195 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\9.ssh2
2006-01-26 12:00 1190 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\2.ssh2
2006-01-26 12:00 1189 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\1.ssh2
2006-01-26 12:00 1175 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\6.ssh2
2006-01-26 12:00 1174 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\5.ssh2
2006-01-26 11:24 41 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\keys_83ad65c1a88ad330f71b7c8683154000ef5615ce
2006-01-25 11:33 41 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\keys_d2617e619b28403252407782c8750e66e55a708a
2006-01-25 11:22 41 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\keys_79ab3a976d9b4e522e782079daed1e6d9af4e083
2006-01-25 10:59 41 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\keys_ff1c0898af6fed29488bd5c523b6c092fef4f5e1
2006-01-25 10:56 64 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\salt
2006-01-25 10:56 41 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\keys_a3cc3b283999c04f8f5a2fb0648c6a8e58652980
2005-09-28 12:47 8628 --a------ C:\Program Files\UWICK\TTermPro\TTP.GID
2005-09-28 10:07 655 --a------ C:\Program Files\UWICK\TTermPro\rename.vbs
2005-09-05 15:06 690 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\af-hostkeycheck2.xml
2005-09-05 15:06 619 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\af-hostkeycheck2-gui.xml
2005-09-05 15:06 2128 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\af-hostkeychanged.xml
2005-09-05 15:06 1803 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\af-hostkeychanged-gui.xml
2005-08-08 12:21 7127 --a------ C:\Program Files\UWICK\TTermPro\TERATERM.INI
2005-08-08 09:07 9629 --a------ C:\Program Files\UWICK\TTermPro\ssh_known_hosts
2005-07-04 10:11 393 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\af-password.xml
2005-06-11 15:47 383 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\af-username.xml
2005-06-11 14:40 454 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\af-passphrase.xml
2005-03-30 15:17 57344 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Plugins\5.1\ccmac128.dll
2005-03-30 15:17 45056 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Plugins\5.1\ccsc128.dll
2005-03-08 09:12 27326 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\keymap22.map
2005-03-08 09:12 27326 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\keymap22.map
2005-03-08 09:12 2601 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\output.map
2005-03-08 09:12 2601 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\output.map
2005-02-15 15:23 303104 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Plugins\5.1\sshcrypto1.dll
2005-02-03 09:33 8464 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Support binaries\SpOrder.dll
2005-01-31 11:18 4001792 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\qt-mt333.dll
2005-01-31 11:18 1069056 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\BCGCB62.dll
2005-01-18 14:14 334 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\af-hostname.xml
2004-12-03 12:05 756 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_cicero.myuw.net.pub
2004-12-02 21:54 3278 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\ssh-secsh-auth-form-1.dtd
2004-03-02 14:35 98304 --a------ C:\Program Files\UWICK\TTermPro\ttpdlg.dll
2004-03-02 14:35 87342 --a------ C:\Program Files\UWICK\TTermPro\ttermp.hlp
2004-03-02 14:35 81920 --a------ C:\Program Files\UWICK\TTermPro\ttpset.dll
2004-03-02 14:35 61440 --a------ C:\Program Files\UWICK\TTermPro\ttpcmn.dll
2004-03-02 14:35 241664 --a------ C:\Program Files\UWICK\TTermPro\ttermpro.exe
2004-03-02 14:35 114688 --a------ C:\Program Files\UWICK\TTermPro\ttpfile.dll
2003-06-03 10:58 225358 --a------ C:\Program Files\UWICK\TTermPro\ttxssh.dll
2003-06-03 10:27 6850 --a------ C:\Program Files\UWICK\TTermPro\curie.INI
2003-06-02 20:46 8373 --a------ C:\Program Files\UWICK\TTermPro\RSAREF.TXT
2003-06-02 20:46 751 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_shell.myuw.net.pub
2003-06-02 17:43 6850 --a------ C:\Program Files\UWICK\TTermPro\keynes.ini
2003-06-02 17:43 6843 --a------ C:\Program Files\UWICK\TTermPro\fms.ini
2003-06-02 17:43 2557 --a------ C:\Program Files\UWICK\TTermPro\kerberos.ini
2003-06-02 09:58 80384 --a------ C:\Program Files\UWICK\TTermPro\ttptek.dll
2003-06-02 09:58 770 --a------ C:\Program Files\UWICK\TTermPro\readme.txt
2003-06-02 09:58 74086 --a------ C:\Program Files\UWICK\TTermPro\macroj.hlp
2003-06-02 09:58 70868 --a------ C:\Program Files\UWICK\TTermPro\macro.hlp
2003-06-02 09:58 5262 --a------ C:\Program Files\UWICK\TTermPro\readmej.txt
2003-06-02 09:58 425 --a------ C:\Program Files\UWICK\TTermPro\login.ttl
2003-06-02 09:58 339968 --a------ C:\Program Files\UWICK\TTermPro\libeay32.dll
2003-06-02 09:58 3071 --a------ C:\Program Files\UWICK\TTermPro\lss.cnf
2003-06-02 09:58 3038 --a------ C:\Program Files\UWICK\TTermPro\keynes.CNF
2003-06-02 09:58 249 --a------ C:\Program Files\UWICK\TTermPro\delpassw.ttl
2003-06-02 09:58 1593 --a------ C:\Program Files\UWICK\TTermPro\fms.cnf
2003-06-02 09:58 13915 --a------ C:\Program Files\UWICK\TTermPro\keycodej.txt
2003-06-02 09:58 13120 --a------ C:\Program Files\UWICK\TTermPro\keycode.txt
2003-06-02 09:58 109222 --a------ C:\Program Files\UWICK\TTermPro\ttermpj.hlp
2003-06-02 09:58 1047 --a------ C:\Program Files\UWICK\TTermPro\dialup.ttl
2003-06-02 09:57 767 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_red.cac.washington.edu.pub
2003-06-02 09:57 762 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_fastrans.u.washington.edu.pub
2003-06-02 09:57 761 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_roswell.u.washington.edu.pub
2003-06-02 09:57 761 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_pisco.cac.washington.edu.pub
2003-06-02 09:57 761 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_aagaard.u.washington.edu.pub
2003-06-02 09:57 760 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_wheels.u.washington.edu.pub
2003-06-02 09:57 760 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_vitcos.u.washington.edu.pub
2003-06-02 09:57 760 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_keynes.u.washington.edu.pub
2003-06-02 09:57 760 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_becker.u.washington.edu.pub
2003-06-02 09:57 759 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_homer.u.washington.edu.pub
2003-06-02 09:57 759 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_dante.u.washington.edu.pub
2003-06-02 09:57 759 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_curie.u.washington.edu.pub
2003-06-02 09:57 758 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_mead.u.washington.edu.pub
2003-06-02 09:57 758 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_bank.u.washington.edu.pub
2003-06-02 09:57 378 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_littlejohn.u.washington.edu.pub
2003-06-02 09:57 377 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_secure2.cac.washington.edu.pub
2003-06-02 09:57 377 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_secure1.cac.washington.edu.pub
2003-06-02 09:57 376 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_sisyphus.u.washington.edu.pub
2003-06-02 09:57 375 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_rmequip.u.washington.edu.pub
2003-06-02 09:57 375 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_olympia.u.washington.edu.pub
2003-06-02 09:57 375 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_nazca.cac.washington.edu.pub
2003-06-02 09:57 375 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_hope2.cac.washington.edu.pub
2003-06-02 09:57 375 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_hope1.cac.washington.edu.pub
2003-06-02 09:57 374 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_castor.u.washington.edu.pub
2003-06-02 09:57 3489 --a------ C:\Program Files\UWICK\TTermPro\Libeay.txt
2003-06-02 09:57 2600 --a------ C:\Program Files\UWICK\TTermPro\PC98KEYB.CNF
2003-06-02 09:57 2599 --a------ C:\Program Files\UWICK\TTermPro\NT98KEYB.CNF
2003-06-02 09:57 2562 --a------ C:\Program Files\UWICK\TTermPro\KEYBOARD.CNF
2003-06-02 09:57 2562 --a------ C:\Program Files\UWICK\TTermPro\IBMKEYB.CNF
2003-06-02 09:57 14497 --a------ C:\Program Files\UWICK\TTermPro\TTP.HLP
1999-09-22 12:25 28672 --a------ C:\Program Files\UWICK\TTermPro\ttssh.exe
1999-02-01 17:53 30720 --a------ C:\Program Files\UWICK\TTermPro\keycode.exe
1999-02-01 17:53 188416 --a------ C:\Program Files\UWICK\TTermPro\ttpmacro.exe
---- Directory of C:\quarantine ----
2007-10-10 15:38 154624 --a------ C:\quarantine\7d7aaf26211280.bup
2007-10-10 15:35 12288 --a------ C:\quarantine\7d7aaf231f2fd0.bup
2007-10-09 12:49 154624 --a------ C:\quarantine\7d7a9c311e1280.bup
2007-10-09 12:49 12288 --a------ C:\quarantine\7d7a9c312b2610.bup
2007-10-08 12:49 12288 --a------ C:\quarantine\7d7a8c31241f40.bup
2007-10-08 12:47 78336 --a------ C:\quarantine\7d7a8c2f327d0.bup
2007-10-08 12:47 78336 --a------ C:\quarantine\7d7a8c2f3138a0.bup
---- Directory of C:\Temp\xOe ----
---- Directory of C:\WINDOWS\SxsCaPendDel ----
---- Directory of C:\WINDOWS\system32\vMW02a ----
((((((((((((((((((((((((((((( snapshot@2007-10-11_23.04.05.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2003-11-19 21:36:26 24,681 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-25 05:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2003-11-19 21:36:30 28,779 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 05:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 06:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 10:13]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 14:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 14:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 14:45]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 06:08]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 14:30 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 18:29]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 12:58]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [2006-11-17 13:39]
"BounceBack Setup"="C:\Program Files\CMS Peripherals\BounceBack Express\AppLaunch.exe" []
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-09-23 09:50]
"OneTouch Monitor"="C:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [2003-02-14 06:13]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 05:06]
"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 12:43]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-26 11:43]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe" [2006-02-14 02:32]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 08:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 00:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-09-15 08:52:28]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-30 15:21:13]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 09:11:42]
BounceBack Launcher.lnk - C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe [2006-08-30 15:30:27]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-16 17:48:09]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wxvault.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McTaskManager"=2 (0x2)
"McShield"=2 (0x2)
"McAfeeFramework"=2 (0x2)
R0 PBADRV;PBADRV;C:\WINDOWS\system32\drivers\pbadrv.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 DgiVecp;Team MFP Comm Driver;C:\WINDOWS\system32\Drivers\DgiVecp.sys
R2 portD;CMS PortIO Service;C:\WINDOWS\system32\DRIVERS\portd2k.sys
R2 WinDriver;WinDriver;C:\WINDOWS\system32\drivers\WinDrvr.SYS
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
R3 USBCCID;USB Smart Card reader;C:\WINDOWS\system32\DRIVERS\usbccid.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5815557a-5e4a-11dc-8bdd-0016cf282806}]
AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2007-09-26 15:02:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-12 22:42:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-10-12 15:48:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-12 15:49:25 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-11 23:04
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:03:32 PM, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBReminder.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.washington.edu/uwin/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ntu.edu.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [BounceBack Setup] "C:\Program Files\CMS Peripherals\BounceBack Express\AppLaunch.exe" /Launchit
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) -
https://download.infotriever.com/bin/ifhelper.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 6797354358
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 6799513718
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 10634 bytes