Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help

Unread postby Brunsvold » January 22nd, 2009, 12:19 am

Help i am new to this hijack program. Sometimes my computer gets bogged down and i am unable to open up apllications and programs, when i open my task manger i often have multiple processes of multiple .exe's running at once. I keep getting trojan alerts and i clean them and they come back. Here is my log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:23 PM, on 1/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TuneUp Utilities 2009\Integrator.exe
C:\Program Files\TuneUp Utilities 2009\RegistryCleaner.exe
C:\Program Files\TuneUp Utilities 2009\RegistryCleaner.exe
C:\Program Files\Shaw Secure\FSGUI\scanwizard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2323991468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2342894015
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 8053 bytes
Brunsvold
Active Member
 
Posts: 5
Joined: January 22nd, 2009, 12:10 am
Advertisement
Register to Remove

Re: Help

Unread postby Bio-Hazard » January 26th, 2009, 9:55 am

Hello and Welcome to forums!

My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

  • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • I f you don't know or understand something please don't hesitate to ask.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Absence of symptoms does not mean that everything is clear.

NOTE: Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Help

Unread postby Bio-Hazard » January 26th, 2009, 10:08 am

random's system information tool (RSIT)

  • Download random's system information tool (RSIT) by random/random from HERE and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt (<<will be maximized)
    • info.txt (<<will be minimized)
  • Post both of these logs in your next reply (Sometimes you have to make several post to get the logs posted.)
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Help

Unread postby Brunsvold » January 26th, 2009, 8:24 pm

Thank You!

Logfile of random's system information tool 1.05 (written by random/random)
Run by Jarrett Brunsvold at 2009-01-26 18:22:27
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 183 GB (77%) free of 238 GB
Total RAM: 1535 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:44 PM, on 1/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shaw Secure\FSGUI\scanwizard.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Jarrett Brunsvold\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jarrett Brunsvold.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2323991468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2342894015
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 8085 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-18 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-18 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"=C:\Program Files\Shaw Secure\Common\FSM32.EXE [2008-09-23 182936]
"F-Secure TNB"=C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe [2008-09-23 957024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"=C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe [2009-01-16 4519832]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7181705-e5e3-11dd-b23a-000d877cf443}]
shell\AutoRun\command - E:\wd_windows_tools\setup.exe


======List of files/folders created in the last 1 months======

2009-01-26 18:22:27 ----D---- C:\rsit
2009-01-21 22:06:07 ----D---- C:\Program Files\Trend Micro
2009-01-21 19:58:07 ----D---- C:\WINDOWS\system32\XPSViewer
2009-01-21 19:57:53 ----D---- C:\Program Files\Reference Assemblies
2009-01-21 19:56:57 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-01-20 22:50:49 ----D---- C:\Documents and Settings\Jarrett Brunsvold\Application Data\FrostWire
2009-01-20 21:52:16 ----D---- C:\Program Files\Common Files\Adobe
2009-01-20 21:52:16 ----D---- C:\Program Files\Adobe
2009-01-20 21:50:39 ----D---- C:\Documents and Settings\Jarrett Brunsvold\Application Data\Google
2009-01-20 21:48:57 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-01-20 21:47:48 ----D---- C:\Program Files\Google
2009-01-20 18:35:47 ----D---- C:\Documents and Settings\Jarrett Brunsvold\Application Data\Malwarebytes
2009-01-20 18:35:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-20 18:35:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-20 18:30:30 ----HD---- C:\Config.Msi
2009-01-19 21:56:29 ----HD---- C:\WINDOWS\Icons
2009-01-19 21:52:32 ----A---- C:\WINDOWS\system32\TUKernel.exe
2009-01-19 21:01:54 ----D---- C:\WINDOWS\pss
2009-01-19 20:56:59 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-19 20:56:56 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-01-19 20:56:47 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-01-19 20:55:37 ----D---- C:\WINDOWS\system32\Adobe
2009-01-19 20:52:25 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-01-19 20:52:23 ----D---- C:\Program Files\NOS
2009-01-19 18:45:51 ----D---- C:\Program Files\TheWeatherNetwork
2009-01-19 14:17:53 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-01-19 14:17:53 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-01-19 02:52:03 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-19 02:26:56 ----D---- C:\Documents and Settings\Jarrett Brunsvold\Application Data\WinRAR
2009-01-19 02:16:32 ----A---- C:\WINDOWS\system32\ins2.exe
2009-01-19 00:41:01 ----D---- C:\Program Files\WinRAR
2009-01-19 00:41:00 ----A---- C:\WINDOWS\system32\javan.exe
2009-01-19 00:22:53 ----A---- C:\WINDOWS\system32\unrar.dll
2009-01-19 00:22:43 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-01-19 00:22:42 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-01-19 00:22:41 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-01-19 00:22:40 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2009-01-19 00:22:40 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-01-19 00:22:38 ----A---- C:\WINDOWS\system32\divx.dll
2009-01-19 00:22:34 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-01-19 00:22:34 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-01-19 00:22:31 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-01-19 00:22:27 ----D---- C:\Program Files\K-Lite Codec Pack
2009-01-19 00:20:55 ----D---- C:\WINDOWS\ie8updates
2009-01-19 00:03:45 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-01-18 23:40:47 ----A---- C:\WINDOWS\system32\TUProgSt.exe
2009-01-18 23:40:45 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2009-01-18 23:40:43 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2009-01-18 23:40:42 ----D---- C:\Documents and Settings\Jarrett Brunsvold\Application Data\TuneUp Software
2009-01-18 23:39:16 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2009-01-18 23:39:12 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-01-18 23:38:53 ----SHD---- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-18 23:27:12 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-01-18 23:24:45 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-01-18 23:22:49 ----D---- C:\Program Files\Microsoft Works
2009-01-18 23:22:34 ----D---- C:\Program Files\MSBuild
2009-01-18 23:21:56 ----D---- C:\Program Files\Microsoft Visual Studio
2009-01-18 23:21:56 ----D---- C:\Program Files\Common Files\DESIGNER
2009-01-18 23:20:49 ----D---- C:\Program Files\Microsoft.NET
2009-01-18 23:18:20 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-01-18 23:17:36 ----D---- C:\WINDOWS\SHELLNEW
2009-01-18 23:16:59 ----D---- C:\Program Files\Microsoft Office
2009-01-18 23:16:57 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-18 23:16:32 ----RHD---- C:\MSOCache
2009-01-18 22:57:18 ----D---- C:\Program Files\CCleaner
2009-01-18 22:44:18 ----D---- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2009-01-18 22:44:08 ----D---- C:\Program Files\Winamp Remote
2009-01-18 22:42:12 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-01-18 22:42:12 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-01-18 22:42:05 ----D---- C:\Program Files\Winamp
2009-01-18 22:42:05 ----D---- C:\Documents and Settings\Jarrett Brunsvold\Application Data\Winamp
2009-01-18 22:30:03 ----A---- C:\WINDOWS\system32\ChCfg.exe
2009-01-18 22:29:24 ----D---- C:\Program Files\Realtek AC97
2009-01-18 22:29:22 ----A---- C:\WINDOWS\system32\RTLCPL.exe
2009-01-18 22:29:20 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll
2009-01-18 22:29:20 ----A---- C:\WINDOWS\soundman.exe
2009-01-18 22:29:17 ----A---- C:\WINDOWS\Alcrmv.exe
2009-01-18 21:57:18 ----HDC---- C:\WINDOWS\ie8
2009-01-18 21:49:14 ----D---- C:\Documents and Settings\Jarrett Brunsvold\Application Data\MSN6
2009-01-18 21:49:14 ----D---- C:\Documents and Settings\All Users\Application Data\MSN6
2009-01-18 21:48:53 ----SHD---- C:\RECYCLER
2009-01-18 21:48:53 ----D---- C:\Documents and Settings\Jarrett Brunsvold\Application Data\Windows Search
2009-01-18 21:47:15 ----D---- C:\Program Files\Microsoft Silverlight
2009-01-18 21:47:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-18 21:46:29 ----D---- C:\Program Files\Microsoft Sync Framework
2009-01-18 21:45:41 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-01-18 21:45:24 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-01-18 21:43:51 ----D---- C:\Program Files\Microsoft
2009-01-18 21:43:32 ----D---- C:\Program Files\Windows Live SkyDrive
2009-01-18 21:43:09 ----D---- C:\Program Files\Windows Live
2009-01-18 21:39:35 ----D---- C:\Program Files\Common Files\Windows Live
2009-01-18 21:37:11 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-18 21:37:11 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-18 21:37:11 ----A---- C:\WINDOWS\system32\java.exe
2009-01-18 21:37:11 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-18 21:30:46 ----D---- C:\Documents and Settings\Jarrett Brunsvold\Application Data\ATI
2009-01-18 21:24:21 ----D---- C:\Program Files\Java
2009-01-18 21:24:19 ----D---- C:\Program Files\Common Files\Java
2009-01-18 21:23:56 ----D---- C:\Documents and Settings\Jarrett Brunsvold\Application Data\Sun
2009-01-18 21:23:21 ----D---- C:\Program Files\FrostWire
2009-01-18 20:58:33 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-01-18 20:58:10 ----D---- C:\Program Files\ATI Technologies
2009-01-18 20:58:08 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-18 20:57:47 ----D---- C:\Program Files\Common Files\InstallShield
2009-01-18 20:57:28 ----D---- C:\ATI
2009-01-18 20:53:51 ----D---- C:\Documents and Settings\Jarrett Brunsvold\Application Data\Windows Desktop Search
2009-01-18 20:53:16 ----D---- C:\Program Files\Windows Desktop Search
2009-01-18 20:53:15 ----D---- C:\WINDOWS\system32\GroupPolicy
2009-01-18 20:53:00 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2009-01-18 20:52:37 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2009-01-18 20:52:26 ----D---- C:\Documents and Settings\Jarrett Brunsvold\Application Data\Azureus
2009-01-18 20:52:03 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-01-18 20:52:01 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-01-18 20:51:40 ----D---- C:\Program Files\Windows Media Connect 2
2009-01-18 20:51:21 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-01-18 20:50:36 ----D---- C:\Program Files\Vuze
2009-01-18 20:50:36 ----D---- C:\Program Files\Common Files\i4j_jres
2009-01-18 20:50:15 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-01-18 20:49:39 ----D---- C:\WINDOWS\system32\LogFiles
2009-01-18 20:49:35 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-01-18 20:48:43 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-01-18 20:48:20 ----D---- C:\Documents and Settings\Jarrett Brunsvold\Application Data\Adobe
2009-01-18 20:48:08 ----D---- C:\Documents and Settings\Jarrett Brunsvold\Application Data\Macromedia
2009-01-18 20:44:30 ----RSD---- C:\WINDOWS\assembly
2009-01-18 20:44:30 ----D---- C:\WINDOWS\Microsoft.NET
2009-01-18 20:44:28 ----D---- C:\WINDOWS\system32\URTTemp
2009-01-18 20:15:11 ----D---- C:\WINDOWS\ie7updates
2009-01-18 20:14:44 ----D---- C:\WINDOWS\WBEM
2009-01-18 20:13:43 ----HDC---- C:\WINDOWS\ie7
2009-01-18 20:13:27 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-01-18 20:13:13 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-01-18 20:12:22 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-18 19:49:39 ----D---- C:\WINDOWS\Prefetch
2009-01-18 19:32:04 ----D---- C:\WINDOWS\system32\en-us
2009-01-18 19:32:01 ----D---- C:\WINDOWS\system32\scripting
2009-01-18 19:31:57 ----D---- C:\WINDOWS\l2schemas
2009-01-18 19:31:56 ----D---- C:\WINDOWS\system32\en
2009-01-18 19:24:37 ----D---- C:\WINDOWS\network diagnostic
2009-01-18 19:14:27 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2009-01-18 19:14:26 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-01-18 19:14:22 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-01-18 19:14:19 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-01-18 19:14:18 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-01-18 19:14:18 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-01-18 19:14:15 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-01-18 19:14:11 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-01-18 19:14:11 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-01-18 19:14:11 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-01-18 19:14:00 ----N---- C:\WINDOWS\system32\setupn.exe
2009-01-18 19:13:56 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-01-18 19:13:55 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-01-18 19:13:54 ----N---- C:\WINDOWS\system32\qutil.dll
2009-01-18 19:13:54 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-01-18 19:13:53 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-01-18 19:13:53 ----N---- C:\WINDOWS\system32\qagent.dll
2009-01-18 19:13:52 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-01-18 19:13:49 ----N---- C:\WINDOWS\system32\onex.dll
2009-01-18 19:13:41 ----N---- C:\WINDOWS\system32\napstat.exe
2009-01-18 19:13:41 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-01-18 19:13:41 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-01-18 19:13:40 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-01-18 19:13:40 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-01-18 19:13:38 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-01-18 19:13:38 ----N---- C:\WINDOWS\system32\mssha.dll
2009-01-18 19:13:26 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-01-18 19:13:25 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-01-18 19:13:25 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-01-18 19:13:25 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-01-18 19:13:17 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-01-18 19:13:16 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-01-18 19:13:16 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-01-18 19:13:16 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-01-18 19:13:15 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-01-18 19:13:15 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-01-18 19:12:59 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-01-18 19:12:59 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-01-18 19:12:59 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-01-18 19:12:59 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-01-18 19:12:59 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-01-18 19:12:59 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-01-18 19:12:59 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-01-18 19:12:59 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-01-18 19:12:56 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-01-18 19:12:56 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-01-18 19:12:56 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-01-18 19:12:56 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-01-18 19:12:56 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-01-18 19:12:56 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-01-18 19:12:56 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-01-18 19:12:54 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-01-18 19:12:54 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-01-18 19:12:53 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-01-18 19:12:51 ----N---- C:\WINDOWS\system32\credssp.dll
2009-01-18 19:12:46 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-01-18 19:12:45 ----N---- C:\WINDOWS\system32\azroles.dll
2009-01-18 19:12:37 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-01-18 18:58:19 ----D---- C:\WINDOWS\system32\PreInstall
2009-01-18 18:58:16 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-18 18:46:35 ----D---- C:\WINDOWS\peernet
2009-01-18 18:46:34 ----D---- C:\WINDOWS\provisioning
2009-01-18 18:44:11 ----D---- C:\WINDOWS\ServicePackFiles
2009-01-18 18:40:08 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-18 18:39:55 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-01-18 18:38:02 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-01-18 18:38:00 ----D---- C:\WINDOWS\EHome
2009-01-18 18:33:27 ----N---- C:\WINDOWS\system32\spnpinst.exe
2009-01-18 18:25:52 ----SD---- C:\WINDOWS\system32\Microsoft
2009-01-18 18:25:51 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-01-18 18:22:34 ----D---- C:\WINDOWS\system32\bits
2009-01-18 18:22:17 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2009-01-18 18:22:17 ----A---- C:\WINDOWS\system32\xpob2res.dll
2009-01-18 18:22:16 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2009-01-18 18:22:16 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-01-18 18:22:16 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-01-18 18:20:27 ----D---- C:\Documents and Settings\Jarrett Brunsvold\Application Data\F-Secure
2009-01-18 18:19:34 ----A---- C:\WINDOWS\system32\wups2.dll
2009-01-18 18:19:34 ----A---- C:\WINDOWS\system32\wups.dll
2009-01-18 18:19:34 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-01-18 18:19:34 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-01-18 18:19:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-01-18 18:19:33 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-01-18 18:19:33 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-01-18 18:13:41 ----D---- C:\Program Files\Shaw Secure
2009-01-18 18:13:28 ----D---- C:\Documents and Settings\All Users\Application Data\fssg
2009-01-18 18:13:18 ----D---- C:\WINDOWS\SoftwareDistribution
2009-01-18 18:12:11 ----D---- C:\Documents and Settings\All Users\Application Data\f-secure
2009-01-18 18:09:39 ----A---- C:\WINDOWS\system32\wpa.bak
2009-01-18 18:05:30 ----SHD---- C:\WINDOWS\Installer
2009-01-18 18:05:28 ----D---- C:\Documents and Settings\Jarrett Brunsvold\Application Data\Identities
2009-01-18 18:05:25 ----HD---- C:\Program Files\Uninstall Information
2009-01-18 18:05:19 ----SD---- C:\Documents and Settings\Jarrett Brunsvold\Application Data\Microsoft
2009-01-18 18:05:19 ----ASH---- C:\Documents and Settings\Jarrett Brunsvold\Application Data\desktop.ini
2009-01-18 18:02:00 ----SHD---- C:\System Volume Information
2009-01-18 18:01:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-18 17:59:46 ----D---- C:\WINDOWS\system32\xircom
2009-01-18 17:59:46 ----D---- C:\Program Files\xerox
2009-01-18 17:59:46 ----D---- C:\Program Files\microsoft frontpage
2009-01-18 17:59:37 ----A---- C:\WINDOWS\control.ini
2009-01-18 17:59:37 ----A---- C:\AUTOEXEC.BAT
2009-01-18 17:59:28 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-01-18 17:58:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-18 17:58:50 ----RD---- C:\WINDOWS\Offline Web Pages
2009-01-18 17:58:50 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-01-18 17:58:45 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-01-18 17:58:32 ----D---- C:\WINDOWS\srchasst
2009-01-18 17:58:27 ----D---- C:\WINDOWS\system32\DirectX
2009-01-18 17:58:26 ----D---- C:\WINDOWS\system32\Macromed
2009-01-18 17:58:18 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-01-18 17:58:17 ----D---- C:\Program Files\Movie Maker
2009-01-18 17:58:05 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-01-18 17:58:05 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-01-18 17:58:05 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-01-18 17:58:05 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-01-18 17:58:05 ----A---- C:\WINDOWS\system32\atrace.dll
2009-01-18 17:58:01 ----A---- C:\WINDOWS\system32\desktop.ini
2009-01-18 17:58:01 ----A---- C:\WINDOWS\desktop.ini
2009-01-18 17:57:56 ----D---- C:\WINDOWS\system32\Restore
2009-01-18 17:57:56 ----D---- C:\Program Files\Windows Media Player
2009-01-18 17:57:56 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-01-18 17:57:56 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-01-18 17:57:56 ----A---- C:\WINDOWS\system32\srclient.dll
2009-01-18 17:57:55 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-01-18 17:57:55 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-01-18 17:57:55 ----A---- C:\WINDOWS\system32\msconf.dll
2009-01-18 17:57:55 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-01-18 17:57:55 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-01-18 17:57:55 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-01-18 17:57:55 ----A---- C:\WINDOWS\system32\ils.dll
2009-01-18 17:57:52 ----D---- C:\WINDOWS\PCHEALTH
2009-01-18 17:57:52 ----D---- C:\Program Files\NetMeeting
2009-01-18 17:57:52 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-01-18 17:57:52 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-01-18 17:57:52 ----A---- C:\WINDOWS\system32\acctres.dll
2009-01-18 17:57:51 ----D---- C:\Program Files\Common Files\Services
2009-01-18 17:57:50 ----A---- C:\WINDOWS\system32\inetres.dll
2009-01-18 17:57:50 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-01-18 17:57:48 ----SD---- C:\WINDOWS\Tasks
2009-01-18 17:57:48 ----D---- C:\Program Files\Outlook Express
2009-01-18 17:57:48 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-01-18 17:57:47 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-01-18 17:57:47 ----A---- C:\WINDOWS\system32\mstask.dll
2009-01-18 17:57:47 ----A---- C:\WINDOWS\system32\isign32.dll
2009-01-18 17:57:47 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-01-18 17:57:47 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-01-18 17:57:47 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-01-18 17:57:47 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-01-18 17:57:45 ----D---- C:\Program Files\Common Files\MSSoap
2009-01-18 17:57:42 ----D---- C:\Program Files\Common Files\System
2009-01-18 17:57:41 ----D---- C:\Program Files\Internet Explorer
2009-01-18 17:57:28 ----D---- C:\Program Files\ComPlus Applications
2009-01-18 17:57:27 ----A---- C:\WINDOWS\vbaddin.ini
2009-01-18 17:57:27 ----A---- C:\WINDOWS\vb.ini
2009-01-18 17:57:23 ----D---- C:\WINDOWS\Registration
2009-01-18 17:57:02 ----HD---- C:\Program Files\WindowsUpdate
2009-01-18 17:57:02 ----D---- C:\Program Files\Online Services
2009-01-18 17:56:58 ----D---- C:\Program Files\Messenger
2009-01-18 17:56:54 ----D---- C:\Program Files\MSN
2009-01-18 17:56:51 ----D---- C:\Program Files\MSN Gaming Zone
2009-01-18 17:56:51 ----A---- C:\WINDOWS\system32\write.exe
2009-01-18 17:56:44 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-01-18 17:56:44 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-01-18 17:56:44 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-01-18 17:56:44 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-01-18 17:56:44 ----A---- C:\WINDOWS\system32\hticons.dll
2009-01-18 17:56:44 ----A---- C:\WINDOWS\system32\avwav.dll
2009-01-18 17:56:44 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-01-18 17:56:44 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-01-18 17:56:44 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-01-18 17:56:43 ----D---- C:\Program Files\Windows NT
2009-01-18 17:56:43 ----A---- C:\WINDOWS\system32\winchat.exe
2009-01-18 17:56:42 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-01-18 17:56:39 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-01-18 17:56:38 ----A---- C:\WINDOWS\system32\spider.exe
2009-01-18 17:56:38 ----A---- C:\WINDOWS\system32\sol.exe
2009-01-18 17:56:38 ----A---- C:\WINDOWS\system32\getuname.dll
2009-01-18 17:56:38 ----A---- C:\WINDOWS\system32\charmap.exe
2009-01-18 17:56:38 ----A---- C:\WINDOWS\system32\calc.exe
2009-01-18 17:56:37 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-01-18 17:56:37 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-01-18 17:56:37 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-01-18 17:56:37 ----A---- C:\WINDOWS\system32\winmine.exe
2009-01-18 17:56:37 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-01-18 17:56:37 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-01-18 17:56:37 ----A---- C:\WINDOWS\system32\freecell.exe
2009-01-18 17:56:36 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-01-18 17:56:36 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-01-18 17:56:36 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-01-18 17:56:36 ----A---- C:\WINDOWS\system32\tskill.exe
2009-01-18 17:56:36 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-01-18 17:56:36 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-01-18 17:56:36 ----A---- C:\WINDOWS\system32\tscon.exe
2009-01-18 17:56:36 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-01-18 17:56:36 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-01-18 17:56:36 ----A---- C:\WINDOWS\system32\reset.exe
2009-01-18 17:56:36 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-01-18 17:56:36 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-01-18 17:56:36 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-01-18 17:56:36 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-01-18 17:56:36 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-01-18 17:56:36 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-01-18 17:56:35 ----D---- C:\WINDOWS\system32\MsDtc
2009-01-18 17:56:35 ----A---- C:\WINDOWS\system32\shadow.exe
2009-01-18 17:56:35 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-01-18 17:56:35 ----A---- C:\WINDOWS\system32\regini.exe
2009-01-18 17:56:35 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-01-18 17:56:35 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-01-18 17:56:35 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-01-18 17:56:35 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-01-18 17:56:35 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-01-18 17:56:35 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-01-18 17:56:35 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-01-18 17:56:35 ----A---- C:\WINDOWS\system32\msg.exe
2009-01-18 17:56:35 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-01-18 17:56:35 ----A---- C:\WINDOWS\system32\logoff.exe
2009-01-18 17:56:35 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-01-18 17:56:35 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-01-18 17:56:35 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-01-18 17:56:34 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-01-18 17:56:34 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-01-18 17:56:34 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-01-18 17:56:34 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-01-18 17:56:34 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-01-18 17:56:34 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-01-18 17:56:34 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-01-18 17:56:33 ----D---- C:\WINDOWS\system32\Com
2009-01-18 17:56:33 ----A---- C:\WINDOWS\system32\stclient.dll
2009-01-18 17:56:33 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-01-18 17:56:33 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-01-18 17:56:33 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-01-18 17:56:33 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-01-18 17:56:33 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-01-18 17:56:33 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-01-18 17:56:33 ----A---- C:\WINDOWS\system32\colbact.dll
2009-01-18 17:56:32 ----A---- C:\WINDOWS\system32\comuid.dll
2009-01-18 17:56:32 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-01-18 17:56:32 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-01-18 17:56:32 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-01-18 17:56:32 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-01-18 17:56:32 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-01-18 17:56:32 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-01-18 17:56:32 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-01-18 17:56:25 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-01-18 17:56:25 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-01-18 17:56:25 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-01-18 17:56:25 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-01-18 17:56:25 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-01-18 11:55:04 ----A---- C:\WINDOWS\system32\h323log.txt
2009-01-18 11:53:07 ----A---- C:\WINDOWS\system32\usbui.dll
2009-01-18 07:00:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-18 07:00:26 ----D---- C:\Program Files\Common Files\ODBC
2009-01-18 07:00:26 ----A---- C:\WINDOWS\ODBCINST.INI
2009-01-18 07:00:24 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-01-18 07:00:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-18 07:00:23 ----RD---- C:\Program Files
2009-01-18 07:00:23 ----D---- C:\Program Files\Common Files
2009-01-18 07:00:22 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-01-18 07:00:22 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-01-18 07:00:22 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-01-18 07:00:20 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-01-18 07:00:20 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-01-18 07:00:20 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-01-18 07:00:20 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-01-18 07:00:20 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-01-18 07:00:20 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-01-18 07:00:20 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-01-18 07:00:20 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-01-18 07:00:20 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-01-18 07:00:20 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-01-18 07:00:20 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-01-18 07:00:20 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-01-18 07:00:19 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-01-18 07:00:19 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-01-18 07:00:19 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-01-18 07:00:19 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-01-18 07:00:19 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-01-18 07:00:19 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-01-18 07:00:19 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-01-18 07:00:18 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-01-18 07:00:18 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-01-18 07:00:18 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-01-18 07:00:18 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-01-18 07:00:18 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-01-18 07:00:16 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-01-18 07:00:16 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-01-18 07:00:16 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-01-18 07:00:16 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-01-18 07:00:16 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-01-18 07:00:16 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-01-18 07:00:16 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-01-18 07:00:16 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-01-18 07:00:16 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-01-18 07:00:16 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-01-18 07:00:16 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-01-18 07:00:16 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-01-18 07:00:16 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-01-18 07:00:14 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-01-18 07:00:14 ----A---- C:\WINDOWS\system32\irclass.dll
2009-01-18 07:00:14 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-01-18 07:00:14 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-01-18 07:00:14 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-01-18 07:00:14 ----A---- C:\WINDOWS\system32\batt.dll
2009-01-18 07:00:12 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-01-18 07:00:12 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-01-18 07:00:12 ----A---- C:\WINDOWS\notepad.exe
2009-01-18 07:00:11 ----A---- C:\WINDOWS\system32\storprop.dll
2009-01-18 07:00:05 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-01-18 07:00:02 ----RA---- C:\WINDOWS\SET7.tmp
2009-01-18 07:00:00 ----RA---- C:\WINDOWS\SET3.tmp
2009-01-18 06:59:56 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-18 06:59:56 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-18 06:59:50 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-18 06:59:39 ----D---- C:\Documents and Settings
2009-01-18 06:58:43 ----RSH---- C:\boot.ini
2009-01-18 06:56:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-18 06:56:22 ----RSD---- C:\WINDOWS\Fonts
2009-01-18 06:56:22 ----RD---- C:\WINDOWS\Web
2009-01-18 06:56:22 ----HD---- C:\WINDOWS\inf
2009-01-18 06:56:22 ----D---- C:\WINDOWS\WinSxS
2009-01-18 06:56:22 ----D---- C:\WINDOWS\twain_32
2009-01-18 06:56:22 ----D---- C:\WINDOWS\Temp
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\wins
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\wbem
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\usmt
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\spool
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\ShellExt
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\Setup
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\ras
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\oobe
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\npp
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\mui
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\IME
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\icsxml
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\ias
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\export
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\drivers
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\dhcp
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\config
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\3com_dmi
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\3076
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\2052
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\1054
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\1042
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\1041
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\1037
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\1033
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\1031
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\1028
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32\1025
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system32
2009-01-18 06:56:22 ----D---- C:\WINDOWS\system
2009-01-18 06:56:22 ----D---- C:\WINDOWS\security
2009-01-18 06:56:22 ----D---- C:\WINDOWS\Resources
2009-01-18 06:56:22 ----D---- C:\WINDOWS\repair
2009-01-18 06:56:22 ----D---- C:\WINDOWS\mui
2009-01-18 06:56:22 ----D---- C:\WINDOWS\msapps
2009-01-18 06:56:22 ----D---- C:\WINDOWS\msagent
2009-01-18 06:56:22 ----D---- C:\WINDOWS\Media
2009-01-18 06:56:22 ----D---- C:\WINDOWS\java
2009-01-18 06:56:22 ----D---- C:\WINDOWS\ime
2009-01-18 06:56:22 ----D---- C:\WINDOWS\Help
2009-01-18 06:56:22 ----D---- C:\WINDOWS\Driver Cache
2009-01-18 06:56:22 ----D---- C:\WINDOWS\Debug
2009-01-18 06:56:22 ----D---- C:\WINDOWS\Cursors
2009-01-18 06:56:22 ----D---- C:\WINDOWS\Connection Wizard
2009-01-18 06:56:22 ----D---- C:\WINDOWS\Config
2009-01-18 06:56:22 ----D---- C:\WINDOWS\AppPatch
2009-01-18 06:56:22 ----D---- C:\WINDOWS\addins
2009-01-18 06:56:22 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2009-01-19 21:04:02 ----A---- C:\WINDOWS\win.ini
2009-01-19 21:04:02 ----A---- C:\WINDOWS\system.ini
2009-01-18 18:41:16 ----RASH---- C:\NTDETECT.COM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys []
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-12-02 118656]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSrec.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe [2008-09-23 215648]
R2 FSMA;F-Secure Management Agent; C:\Program Files\Shaw Secure\Common\FSMA32.EXE [2008-09-23 117400]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-18 152984]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-01-18 603904]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe [2008-09-23 490080]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe [2008-09-23 510560]
R3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe [2008-09-23 55904]
R3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-01-18 360192]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe []

-----------------EOF-----------------

And the other...

info.txt logfile of random's system information tool 1.05 2009-01-26 18:22:48

======Uninstall list======

-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS2"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ISP News"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ORSP Client"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
FrostWire 4.17.2-->C:\Program Files\FrostWire\Uninstall.exe
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
K-Lite Codec Pack 4.5.3 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{299CF645-48C7-4FA1-8BCD-5CE200CF180D}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB960714)-->"C:\WINDOWS\ie8updates\KB960714-IE8\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shaw Secure-->"C:\Program Files\Shaw Secure\FSGUI\PostInstall.exe" /tUnInstall
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office InfoPath 2007 Help (KB957243)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {766DF26B-5F03-48ED-9307-5326F2790ED0}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}
Vuze-->C:\Program Files\Vuze\uninstall.exe
Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 8 Beta 2-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711}
Windows Live Family Safety-->MsiExec.exe /X{DC509FE5-1445-46C9-827C-6120429CB942}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{F73A5B18-EB75-4B2C-B32D-9457576E2417}
Windows Live Sign-in Assistant-->MsiExec.exe /I{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}
Windows Live Sync-->MsiExec.exe /X{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}
Windows Live Toolbar-->MsiExec.exe /X{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: Shaw Secure 8.00
FW: Shaw Secure 8.00

System event log

Computer Name: BRUNSVOLD
Event Code: 3260
Message: This computer has been successfully joined to workgroup 'WORKGROUP'.

Record Number: 5
Source Name: Workstation
Time Written: 20090118175618.000000-360
Event Type: information
User:

Computer Name: BRUNSVOLD
Event Code: 6011
Message: The NetBIOS name and DNS host name of this machine have been changed from MACHINENAME to BRUNSVOLD.

Record Number: 4
Source Name: EventLog
Time Written: 20090118175519.000000-360
Event Type: information
User:

Computer Name: MACHINENAME
Event Code: 6005
Message: The Event log service was started.

Record Number: 3
Source Name: EventLog
Time Written: 20090118065945.000000-360
Event Type: information
User:

Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Multiprocessor Free.

Record Number: 2
Source Name: EventLog
Time Written: 20090118065945.000000-360
Event Type: information
User:

Computer Name: MACHINENAME
Event Code: 2
Message: While validating that \Device\Serial0 was really a serial port, a fifo was detected. The fifo will be used.

Record Number: 1
Source Name: Serial
Time Written: 20090118070006.000000-360
Event Type: information
User:

Application event log

Computer Name: BRUNSVOLD
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 215
Source Name: SecurityCenter
Time Written: 20090118222249.000000-360
Event Type: information
User:

Computer Name: BRUNSVOLD
Event Code: 0
Message:
Record Number: 214
Source Name: SeaPort
Time Written: 20090118222249.000000-360
Event Type: information
User:

Computer Name: BRUNSVOLD
Event Code: 105
Message: The service was started.

Record Number: 213
Source Name: ATI Smart
Time Written: 20090118222247.000000-360
Event Type: information
User:

Computer Name: BRUNSVOLD
Event Code: 1517
Message: Windows saved user BRUNSVOLD\Jarrett Brunsvold registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 212
Source Name: Userenv
Time Written: 20090118222157.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: BRUNSVOLD
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 211
Source Name: Userenv
Time Written: 20090118222156.000000-360
Event Type: warning
User: BRUNSVOLD\Jarrett Brunsvold

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------
Brunsvold
Active Member
 
Posts: 5
Joined: January 22nd, 2009, 12:10 am

Re: Help

Unread postby Bio-Hazard » January 27th, 2009, 1:25 pm

I'd like you to check (a file/some files) for Viruses.
C:\WINDOWS\system32\ins2.exe

  • Copy/Paste file into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Copy and Paste results in your next reply.


OTMoveIt3

Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt3.exe to run it.
  • Copy the lines in the codebox below.
Code: Select all
:files
C:\Documents and Settings\Jarrett Brunsvold\Application Data\FrostWire
C:\Program Files\FrostWire
C:\Documents and Settings\All Users\Application Data\Azureus
C:\Documents and Settings\Jarrett Brunsvold\Application Data\Azureus
C:\WINDOWS\SET7.tmp
C:\WINDOWS\SET3.tmp
:commands
[EmptyTemp]

  • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply along with a fresh HijackThis log.

Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • OTMoveit Log
  • Kaspersky Log
  • A fresh HijackThis Log ( after all the above has been done)
  • A description of how your computer is behaving
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Help

Unread postby Brunsvold » January 27th, 2009, 11:48 pm

So... when i open iexplore.exe, in my taskmanager i notice more than one of this process may open up at any given time, thus slowing down my internet all together. This seems to be similar with my Windows live mail (wlmail.exe) i wil try to open it and can't because the process already seems to be running but unattainable. Normally i will have to close either of these processes down and restart them all together

Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...

File ins2.exe received on 01.12.2009 17:38:53 (CET)
Current status: finished

Result: 0/38 (0.00%)
Compact Print results Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.12 -
AhnLab-V3 2009.1.10.0 2009.01.12 -
AntiVir 7.9.0.54 2009.01.12 -
Authentium 5.1.0.4 2009.01.12 -
Avast 4.8.1281.0 2009.01.12 -
AVG 8.0.0.229 2009.01.12 -
BitDefender 7.2 2009.01.12 -
CAT-QuickHeal 10.00 2009.01.12 -
ClamAV 0.94.1 2009.01.12 -
Comodo 919 2009.01.12 -
DrWeb 4.44.0.09170 2009.01.12 -
eSafe 7.0.17.0 2009.01.12 -
eTrust-Vet 31.6.6304 2009.01.12 -
F-Prot 4.4.4.56 2009.01.12 -
F-Secure 8.0.14470.0 2009.01.12 -
Fortinet 3.117.0.0 2009.01.11 -
GData 19 2009.01.12 -
Ikarus T3.1.1.45.0 2009.01.12 -
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.12 -
McAfee 5492 2009.01.11 -
McAfee+Artemis 5492 2009.01.11 -
Microsoft 1.4205 2009.01.12 -
NOD32 3759 2009.01.12 -
Norman 5.93.01 2009.01.12 -
Panda 9.4.3.3 2009.01.11 -
PCTools 4.4.2.0 2009.01.12 -
Prevx1 V2 2009.01.12 -
Rising 21.12.02.00 2009.01.12 -
SecureWeb-Gateway 6.7.6 2009.01.12 -
Sophos 4.37.0 2009.01.12 -
Sunbelt 3.2.1831.2 2009.01.09 -
Symantec 10 2009.01.12 -
TheHacker 6.3.1.4.218 2009.01.11 -
TrendMicro 8.700.0.1004 2009.01.12 -
VBA32 3.12.8.10 2009.01.12 -
ViRobot 2009.1.12.1554 2009.01.12 -
VirusBuster 4.5.11.0 2009.01.12 -
Additional information
File size: 45984 bytes
MD5...: efffd151787c0049a92022a8eb683611
SHA1..: 32ad73156ee1bc5e56ec9056dc081559e2f1b753
SHA256: d3138923794b158bf06b213b70eaee6c9a041fcd7ab5429d9c1d9a80c67d7eb2
SHA512: 5275c7d15155458b4feabf2bc1222f502b3255c9312949468eba469bcb9c37e1
f6b397607828a6c8920ced6b59609ef05710bef543310cca5a42e64fefb4755d

ssdeep: 768:C8V60pic8jAQVSISj980nSwRdxi4XAfF/O71mJJSEXFdzHMpTtrdxMQm/KHb
VuZ:1FicEAwSIknNAUmJv/zHM1pPE/sBuZ

PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403233
timedatestamp.....: 0x494ce7df (Sat Dec 20 12:41:03 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5a4a 0x5c00 6.42 baa0bbc3631ab14b4619a5f0f8c20230
.rdata 0x7000 0x1190 0x1200 5.18 db16645055619c0cc73276ff5c3adb75
.data 0x9000 0x1af98 0x400 4.71 889379c97ddaedb548a899642f74c872
.ndata 0x24000 0x8000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x2c000 0x6c8 0x800 2.92 b3eea649cd2c734f0ff0d05dd8d99ef5

( 8 imports )
> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports )

========== FILES ==========
C:\Documents and Settings\Jarrett Brunsvold\Application Data\FrostWire\themes\frostwirePro_theme moved successfully.
C:\Documents and Settings\Jarrett Brunsvold\Application Data\FrostWire\themes moved successfully.
C:\Documents and Settings\Jarrett Brunsvold\Application Data\FrostWire\.NetworkShare\Incomplete moved successfully.
C:\Documents and Settings\Jarrett Brunsvold\Application Data\FrostWire\.NetworkShare moved successfully.
C:\Documents and Settings\Jarrett Brunsvold\Application Data\FrostWire\.AppSpecialShare moved successfully.
C:\Documents and Settings\Jarrett Brunsvold\Application Data\FrostWire moved successfully.
C:\Program Files\FrostWire moved successfully.
C:\Documents and Settings\All Users\Application Data\Azureus moved successfully.
C:\Documents and Settings\Jarrett Brunsvold\Application Data\Azureus\updates moved successfully.
C:\Documents and Settings\Jarrett Brunsvold\Application Data\Azureus\torrents moved successfully.
C:\Documents and Settings\Jarrett Brunsvold\Application Data\Azureus\tmp moved successfully.
C:\Documents and Settings\Jarrett Brunsvold\Application Data\Azureus\subs moved successfully.
C:\Documents and Settings\Jarrett Brunsvold\Application Data\Azureus\shares moved successfully.
C:\Documents and Settings\Jarrett Brunsvold\Application Data\Azureus\plugins moved successfully.
C:\Documents and Settings\Jarrett Brunsvold\Application Data\Azureus\net moved successfully.
C:\Documents and Settings\Jarrett Brunsvold\Application Data\Azureus\media\azpd moved successfully.
C:\Documents and Settings\Jarrett Brunsvold\Application Data\Azureus\media moved successfully.
C:\Documents and Settings\Jarrett Brunsvold\Application Data\Azureus\logs\save moved successfully.
C:\Documents and Settings\Jarrett Brunsvold\Application Data\Azureus\logs moved successfully.
C:\Documents and Settings\Jarrett Brunsvold\Application Data\Azureus\friends moved successfully.
C:\Documents and Settings\Jarrett Brunsvold\Application Data\Azureus\dht moved successfully.
C:\Documents and Settings\Jarrett Brunsvold\Application Data\Azureus\active moved successfully.
C:\Documents and Settings\Jarrett Brunsvold\Application Data\Azureus moved successfully.
C:\WINDOWS\SET7.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\JARRET~1\LOCALS~1\Temp\MessengerCache\1gzWt7FkQVw00SAMUCgTDQn8iY8= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JARRET~1\LOCALS~1\Temp\MessengerCache\2st2FsKrrNgIW+2FsHsFeE3FT0QQ8= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JARRET~1\LOCALS~1\Temp\MessengerCache\BYE7E8jlZ3PsHzW2bGek1pleHbo= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JARRET~1\LOCALS~1\Temp\MessengerCache\J3MUo9Nme+3M2FIL7W1iqRT+Yy6Y= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JARRET~1\LOCALS~1\Temp\MessengerCache\R+BMd4x1kZBido4gaA2FlkCg77zw= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JARRET~1\LOCALS~1\Temp\Perflib_Perfdata_8f0.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JARRET~1\LOCALS~1\Temp\~DF159C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JARRET~1\LOCALS~1\Temp\~DF15C6.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\nvcbin.def.76167175.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_790.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01272009_192507

Files moved on Reboot...
C:\DOCUME~1\JARRET~1\LOCALS~1\Temp\MessengerCache\1gzWt7FkQVw00SAMUCgTDQn8iY8= moved successfully.
C:\DOCUME~1\JARRET~1\LOCALS~1\Temp\MessengerCache\2st2FsKrrNgIW+2FsHsFeE3FT0QQ8= moved successfully.
C:\DOCUME~1\JARRET~1\LOCALS~1\Temp\MessengerCache\BYE7E8jlZ3PsHzW2bGek1pleHbo= moved successfully.
C:\DOCUME~1\JARRET~1\LOCALS~1\Temp\MessengerCache\J3MUo9Nme+3M2FIL7W1iqRT+Yy6Y= moved successfully.
C:\DOCUME~1\JARRET~1\LOCALS~1\Temp\MessengerCache\R+BMd4x1kZBido4gaA2FlkCg77zw= moved successfully.
File move failed. C:\DOCUME~1\JARRET~1\LOCALS~1\Temp\Perflib_Perfdata_8f0.dat scheduled to be moved on reboot.
File C:\DOCUME~1\JARRET~1\LOCALS~1\Temp\~DF159C.tmp not found!
File C:\DOCUME~1\JARRET~1\LOCALS~1\Temp\~DF15C6.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\nvcbin.def.76167175.TMP scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_790.dat scheduled to be moved on reboot.

Plus there was no log for the Kaspersky Onlive Scanner as there was nothing to report.
Brunsvold
Active Member
 
Posts: 5
Joined: January 22nd, 2009, 12:10 am

Re: Help

Unread postby Brunsvold » January 27th, 2009, 11:51 pm

And here is a fresh Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:58 PM, on 1/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shaw Secure\FSGUI\scanwizard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2323991468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2342894015
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 7919 bytes
Brunsvold
Active Member
 
Posts: 5
Joined: January 22nd, 2009, 12:10 am

Re: Help

Unread postby Bio-Hazard » January 28th, 2009, 9:44 am

Hello!

Logs look clean, before i give you all: clear Do you have any problems?
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Help

Unread postby Elrond » February 2nd, 2009, 11:59 am

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 24 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware