Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please Help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Please Help

Unread postby demarq2001 » October 2nd, 2009, 5:42 pm

Sorry about that. Here is the latest log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:40:56 PM, on 10/2/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files\HP USB Multimedia Keyboard\Kmaestro.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SpywareDetector\MaxSDTray.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\MaxSDTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; QS 4.2.4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www8.agame.com/games/shockwave/t/traffic_slam/game_agame_com.htm"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://housecall65.trendmicro.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - http://www.ppiwidget.com/campaigns/star ... taller.exe
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AHLMQN - Unknown owner - C:\Users\Damien\AppData\Local\Temp\AHLMQN.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JMQCPWOCUOF - Unknown owner - C:\Users\Damien\AppData\Local\Temp\JMQCPWOCUOF.exe (file missing)
O23 - Service: KRQX - Unknown owner - C:\Users\Damien\AppData\Local\Temp\KRQX.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LJGGFJQHQTSAT - Unknown owner - C:\Users\Damien\AppData\Local\Temp\LJGGFJQHQTSAT.exe (file missing)
O23 - Service: MaxWatchDogService - Max Secure Software - C:\Program Files\SpywareDetector\MaxWatchDogService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NAAFJJDRRKUQIO - Unknown owner - C:\Users\Damien\AppData\Local\Temp\NAAFJJDRRKUQIO.exe (file missing)
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: QODCQIWZUVM - Unknown owner - C:\Users\Damien\AppData\Local\Temp\QODCQIWZUVM.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: SBSHVSZWQ - Unknown owner - C:\Users\Damien\AppData\Local\Temp\SBSHVSZWQ.exe (file missing)
O23 - Service: SHI - Unknown owner - C:\Users\Damien\AppData\Local\Temp\SHI.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11778 bytes
demarq2001
Active Member
 
Posts: 13
Joined: September 15th, 2009, 9:42 pm
Advertisement
Register to Remove

Re: Please Help

Unread postby deltalima » October 3rd, 2009, 5:07 pm

Hi demarq2001,

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Now please post the log from Malwarebytes Anti-Malware along with a new HijackThis log.

If possible please leave your computer switched on and do not reboot the computer until I get back to you.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Please Help

Unread postby demarq2001 » October 4th, 2009, 8:02 am

Malwarebytes Anti-Malware did not find any infections. Here are the results:

Malwarebytes' Anti-Malware 1.41
Database version: 2902
Windows 6.0.6002 Service Pack 2

10/4/2009 7:51:56 AM
mbam-log-2009-10-04 (07-51-56).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 376286
Time elapsed: 1 hour(s), 48 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Here is the latest HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:25 AM, on 10/4/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files\HP USB Multimedia Keyboard\Kmaestro.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SpywareDetector\MaxSDTray.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
c:\windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\MaxSDTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; QS 4.2.4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www8.agame.com/games/shockwave/t/traffic_slam/game_agame_com.htm"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://housecall65.trendmicro.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - http://www.ppiwidget.com/campaigns/star ... taller.exe
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AHLMQN - Unknown owner - C:\Users\Damien\AppData\Local\Temp\AHLMQN.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JMQCPWOCUOF - Unknown owner - C:\Users\Damien\AppData\Local\Temp\JMQCPWOCUOF.exe (file missing)
O23 - Service: KRQX - Unknown owner - C:\Users\Damien\AppData\Local\Temp\KRQX.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LJGGFJQHQTSAT - Unknown owner - C:\Users\Damien\AppData\Local\Temp\LJGGFJQHQTSAT.exe (file missing)
O23 - Service: MaxWatchDogService - Max Secure Software - C:\Program Files\SpywareDetector\MaxWatchDogService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NAAFJJDRRKUQIO - Unknown owner - C:\Users\Damien\AppData\Local\Temp\NAAFJJDRRKUQIO.exe (file missing)
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: QODCQIWZUVM - Unknown owner - C:\Users\Damien\AppData\Local\Temp\QODCQIWZUVM.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: SBSHVSZWQ - Unknown owner - C:\Users\Damien\AppData\Local\Temp\SBSHVSZWQ.exe (file missing)
O23 - Service: SHI - Unknown owner - C:\Users\Damien\AppData\Local\Temp\SHI.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11844 bytes
demarq2001
Active Member
 
Posts: 13
Joined: September 15th, 2009, 9:42 pm

Re: Please Help

Unread postby deltalima » October 4th, 2009, 3:18 pm

Hi demarq2001,

Please run a new HijackThis scan and save a copy of the log.

Now copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.

@echo off
sc stop AHLMQN >> results.txt 2>>&1
sc stop JMQCPWOCUOF >> results.txt 2>>&1
sc stop KRQX >> results.txt 2>>&1
sc stop LJGGFJQHQTSAT >> results.txt 2>>&1
sc stop NAAFJJDRRKUQIO >> results.txt 2>>&1
sc stop QODCQIWZUVM >> results.txt 2>>&1
sc stop SBSHVSZWQ >> results.txt 2>>&1
sc stop SHI >> results.txt 2>>&1
sc config AHLMQN start= disabled >> results.txt 2>>&1
sc config JMQCPWOCUOF start= disabled >> results.txt 2>>&1
sc config KRQX start= disabled >> results.txt 2>>&1
sc config LJGGFJQHQTSAT start= disabled >> results.txt 2>>&1
sc config NAAFJJDRRKUQIO start= disabled >> results.txt 2>>&1
sc config QODCQIWZUVM start= disabled >> results.txt 2>>&1
sc config SBSHVSZWQ start= disabled >> results.txt 2>>&1
sc config SHI start= disabled >> results.txt 2>>&1
sc delete AHLMQN >> results.txt 2>>&1
sc delete JMQCPWOCUOF >> results.txt 2>>&1
sc delete KRQX >> results.txt 2>>&1
sc delete LJGGFJQHQTSAT >> results.txt 2>>&1
sc delete NAAFJJDRRKUQIO >> results.txt 2>>&1
sc delete QODCQIWZUVM >> results.txt 2>>&1
sc delete SBSHVSZWQ >> results.txt 2>>&1
sc delete SHI >> results.txt 2>>&1
start notepad results.txt


  • Click File > Save as
  • In the box labelled File name copy and paste FixServices.bat
  • Change Save as type to All Files
  • Save it to your desktop
  • Close the notepad window
  • Right click on FixServices.bat and click Run as administrator
  • If windows tells you that it needs your permission to continue, click Continue
  • A black window will come up briefly and then disappear, this is normal

A notepad window will now open with a log file, save this log file and include it in the next post.

Now please run a second HijackThis scan and save a copy of the second log.

Now please reboot and run a third scan and save the third log also.

Please post back with all 3 HijackThis logs and the log produced by FixServices.bat.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Please Help

Unread postby demarq2001 » October 4th, 2009, 4:07 pm

Here is the first log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:01 PM, on 10/4/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files\HP USB Multimedia Keyboard\Kmaestro.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\SpywareDetector\MaxSDTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\MaxSDTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; QS 4.2.4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www8.agame.com/games/shockwave/t/traffic_slam/game_agame_com.htm"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://housecall65.trendmicro.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - http://www.ppiwidget.com/campaigns/star ... taller.exe
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AHLMQN - Unknown owner - C:\Users\Damien\AppData\Local\Temp\AHLMQN.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JMQCPWOCUOF - Unknown owner - C:\Users\Damien\AppData\Local\Temp\JMQCPWOCUOF.exe (file missing)
O23 - Service: KRQX - Unknown owner - C:\Users\Damien\AppData\Local\Temp\KRQX.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LJGGFJQHQTSAT - Unknown owner - C:\Users\Damien\AppData\Local\Temp\LJGGFJQHQTSAT.exe (file missing)
O23 - Service: MaxWatchDogService - Max Secure Software - C:\Program Files\SpywareDetector\MaxWatchDogService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NAAFJJDRRKUQIO - Unknown owner - C:\Users\Damien\AppData\Local\Temp\NAAFJJDRRKUQIO.exe (file missing)
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: QODCQIWZUVM - Unknown owner - C:\Users\Damien\AppData\Local\Temp\QODCQIWZUVM.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: SBSHVSZWQ - Unknown owner - C:\Users\Damien\AppData\Local\Temp\SBSHVSZWQ.exe (file missing)
O23 - Service: SHI - Unknown owner - C:\Users\Damien\AppData\Local\Temp\SHI.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11778 bytes


Here is the txt file that was generated after FixServices.bat

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.



Here is the second HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:37 PM, on 10/4/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files\HP USB Multimedia Keyboard\Kmaestro.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\SpywareDetector\MaxSDTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\MaxSDTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; QS 4.2.4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www8.agame.com/games/shockwave/t/traffic_slam/game_agame_com.htm"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://housecall65.trendmicro.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - http://www.ppiwidget.com/campaigns/star ... taller.exe
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MaxWatchDogService - Max Secure Software - C:\Program Files\SpywareDetector\MaxWatchDogService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10916 bytes


Here is the HJT log after reboot:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:46 PM, on 10/4/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files\HP USB Multimedia Keyboard\Kmaestro.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\SpywareDetector\MaxSDTray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\MaxSDTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; QS 4.2.4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www8.agame.com/games/shockwave/t/traffic_slam/game_agame_com.htm"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://housecall65.trendmicro.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - http://www.ppiwidget.com/campaigns/star ... taller.exe
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MaxWatchDogService - Max Secure Software - C:\Program Files\SpywareDetector\MaxWatchDogService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10809 bytes
demarq2001
Active Member
 
Posts: 13
Joined: September 15th, 2009, 9:42 pm

Re: Please Help

Unread postby deltalima » October 4th, 2009, 4:56 pm

Hi demarq2001,

Please download RSIT by random/random... save it to your desktop.
  1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  2. Please read the disclaimer... click on Continue.
  3. RSIT will start running. When done... 2 logs files...will be produced.
    The first one, "log.txt", will be maximized ... the second one, "info.txt", will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Please Help

Unread postby demarq2001 » October 4th, 2009, 7:57 pm

This is the info.txt log:

info.txt logfile of random's system information tool 1.06 2009-10-04 19:28:18

======Uninstall list======

Sansa Media Converter-->"C:\Program Files\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe" --u:{FC053571-8507-44E4-8B6D-AACEAB8CA57C}
-->"C:\Program Files\HP Games\18 Wheels of Steel - American Long Haul\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Adventures\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chessmaster Challenge\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash - Flo on the Go\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest 2 - Tournament Edition\Uninstall.exe"
-->"C:\Program Files\HP Games\Luxor 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Poker Superstars 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\SpongeBob SquarePants 3D Obstacle Odyssey\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Swarm\Uninstall.exe"
-->"C:\Program Files\HP Games\Tank-o-Box\Uninstall.exe"
-->"C:\Program Files\HP Games\The Treasures of Montezuma\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Ad-Aware-->"C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Any Video Converter 2.7.1-->"C:\Program Files\Any Video Converter\unins000.exe"
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avery Wizard 3.1-->MsiExec.exe /I{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BlackBerry Desktop Software 4.2.2-->MsiExec.exe /i{75D6745B-2239-4182-A31F-F95CEBB35099}
BlackBerry Desktop Software 4.2.2-->MsiExec.exe /I{75D6745B-2239-4182-A31F-F95CEBB35099}
BlackBerry Device Software Updater-->MsiExec.exe /X{62880A3B-2F9C-4C58-8FFA-1DA280262B5E}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
DeductionPro 2007-->"C:\Program Files\InstallShield Installation Information\{8A5EBB62-ADE7-41E2-8884-1517DE3505D1}\setup.exe" -runfromtemp -l0x0009 -removeonly
DesignPro 5.4 Limited Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}
Digital Voice Editor 3-->C:\Program Files\InstallShield Installation Information\{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}\setup.exe -runfromtemp -l0x0009 UNINSTALL /z -removeonly
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Garmin Communicator Plugin-->MsiExec.exe /X{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}
Garmin USB Drivers-->MsiExec.exe /X{B1102A25-3AA3-446B-AA0F-A699B07A02FD}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library 32 bit components-->MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}
HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet & Photosmart Printer Driver Software 8.0.A-->C:\Program Files\HP\Digital Imaging\{981DE354-9301-440f-AAFC-025AA2354A93}\setup\hpzscr01.exe -datfile hppscr20.dat -onestop -showdisconnect -forcereboot
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP My Display-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15733AD1-1CEF-459A-9245-0924FC63BDD5}\setup.exe" -l0x9 -removeonly
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Share-to-Web-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" %MAIN -l9
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Total Care Advisor-->MsiExec.exe /X{0DDA7620-4F8B-43B3-8828-CA5EE292FA3B}
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HP USB Multimedia Keyboard Driver V1.1-->C:\Windows\system32\KmRemove.exe
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
iPhone Configuration Utility-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}
iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}
Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) SE Development Kit 6 Update 13-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160130}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
jGRASP-->"C:\Program Files\jGRASP\uninstall.exe"
Kidzui-->"C:\Program Files\Kidzui\uninstall.exe"
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe
Micrografx Picture Publisher 8-->C:\Windows\mgxclean.exe /r"SOFTWARE\Micrografx\Uninstaller4" pp80.app leadpp8.app
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Home and Student 60 day trial-->c:\hp\bin\MSOffice\uninst2.cmd
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C++ 2008 Express Edition - ENU\setup.exe
Microsoft Visual C++ 2008 Express Edition - ENU-->MsiExec.exe /X{D1846BA1-6118-3EDF-8C57-6E1A04646738}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework-->MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32-->MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Motorola Driver Installation 3.4.0-->MsiExec.exe /I{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSDN Library for Microsoft Visual Studio 2008 Express Editions-->C:\Program Files\Microsoft Visual Studio 9.0\MSDN Library for Microsoft Visual Studio 2008 Express Editions\install.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{14AF024E-2E3B-49D0-A175-D1C1A06B155A}\setup.exe -runfromtemp -l0x0009 -removeonly
NSIS SensitivityToolkit-->"C:\Program Files\SensitivityToolkit\uninstall.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Pdf995 (installed by TaxCut)-->C:\Program Files\pdf995\setup.exe uninstall
PdfEdit995 (installed by TaxCut)-->C:\Program Files\pdf995\res\utilities\thinsetup.exe - uninstall
Photo Viewer 2.4-->"C:\Program Files\Photo Viewer\uninstall.exe"
Pivot Software-->"C:\Program Files\InstallShield Installation Information\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}\setup.exe" -runfromtemp -l0x0009 -removeonly
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
Questionmark Secure Browser-->C:\Program Files\InstallShield Installation Information\{4004E7A9-C6AF-4A1C-A4D9-FE63F163964C}\setup.exe -runfromtemp -l0x0409
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Media Manager-->MsiExec.exe /X{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}
Roxio MyDVD Basic v9-->MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
Sandlot Games Client Services-->"C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
SDK-->"C:\Program Files\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -runfromtemp -l0x0009
Snapfish Picture Mover-->MsiExec.exe /X{029B5901-1F27-4347-9923-E8ACC8F54E15}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Symantec Technical Support Web Controls-->MsiExec.exe /X{9743AF47-B746-4324-B4C4-512E67D04370}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TaxCut Premium + State + Efile 2008-->MsiExec.exe /X{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}
TaxCut Virginia 2008-->MsiExec.exe /X{D55D73C4-E4D1-4EC2-9BA9-3068AE2006D8}
Trend Micro RUBotted-->C:\Program Files\InstallShield Installation Information\{12650598-D7B9-4FB5-91B2-2CAA641AC589}\setup.exe -runfromtemp -l0x0009 -removeonly
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC Runtimes MSI-->MsiExec.exe /X{FF29527A-44CD-3422-945E-981A13584000}
Verizon Online DSL-->C:\Program Files\Common Files\SupportSoft\Verizon\vzuninstall.exe /starthidden
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Wal-Mart Music Downloads Store-->MsiExec.exe /I{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283}
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\grmnusb.inf_6b094708\grmnusb.inf
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======Security center information======

AS: Lavasoft Ad-Watch Live!
AS: Windows Defender

======System event log======

Computer Name: Damien-PC
Event Code: 8003
Message: The master browser has received a server announcement from the computer LATESHA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1EC309B9-FD60-4618-AA2B-5827AA9. The master browser is stopping or an election is being forced.
Record Number: 166427
Source Name: bowser
Time Written: 20090310045742.563233-000
Event Type: Error
User:

Computer Name: Damien-PC
Event Code: 8003
Message: The master browser has received a server announcement from the computer LATESHA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1EC309B9-FD60-4618-AA2B-5827AA9. The master browser is stopping or an election is being forced.
Record Number: 166423
Source Name: bowser
Time Written: 20090310044541.979233-000
Event Type: Error
User:

Computer Name: Damien-PC
Event Code: 8003
Message: The master browser has received a server announcement from the computer LATESHA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1EC309B9-FD60-4618-AA2B-5827AA9. The master browser is stopping or an election is being forced.
Record Number: 166421
Source Name: bowser
Time Written: 20090310043344.462233-000
Event Type: Error
User:

Computer Name: Damien-PC
Event Code: 8003
Message: The master browser has received a server announcement from the computer LATESHA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1EC309B9-FD60-4618-AA2B-5827AA9. The master browser is stopping or an election is being forced.
Record Number: 166420
Source Name: bowser
Time Written: 20090310042146.821233-000
Event Type: Error
User:

Computer Name: Damien-PC
Event Code: 8003
Message: The master browser has received a server announcement from the computer LATESHA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1EC309B9-FD60-4618-AA2B-5827AA9. The master browser is stopping or an election is being forced.
Record Number: 166418
Source Name: bowser
Time Written: 20090310040947.483233-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Damien-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
18 user registry handles leaked from \Registry\User\S-1-5-21-3471299953-1073286343-1600455127-1000:
Process 1928 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3471299953-1073286343-1600455127-1000
Process 1928 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3471299953-1073286343-1600455127-1000
Process 1928 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3471299953-1073286343-1600455127-1000
Process 1928 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3471299953-1073286343-1600455127-1000
Process 1004 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3471299953-1073286343-1600455127-1000
Process 1928 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3471299953-1073286343-1600455127-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1928 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3471299953-1073286343-1600455127-1000\Software\Microsoft\SystemCertificates\CA
Process 1928 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3471299953-1073286343-1600455127-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1928 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3471299953-1073286343-1600455127-1000\Software\Microsoft\SystemCertificates\Root
Process 1928 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3471299953-1073286343-1600455127-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1904 (\Device\HarddiskVolume1\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-3471299953-1073286343-1600455127-1000\Software\Policies
Process 1928 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3471299953-1073286343-1600455127-1000\Software\Microsoft\SystemCertificates\trust
Process 1928 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3471299953-1073286343-1600455127-1000\Software\Policies\Microsoft\SystemCertificates
Process 1928 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3471299953-1073286343-1600455127-1000\Software\Policies\Microsoft\SystemCertificates
Process 1928 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3471299953-1073286343-1600455127-1000\Software\Policies\Microsoft\SystemCertificates
Process 1928 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3471299953-1073286343-1600455127-1000\Software\Policies\Microsoft\SystemCertificates
Process 1904 (\Device\HarddiskVolume1\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-3471299953-1073286343-1600455127-1000\Software
Process 1928 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3471299953-1073286343-1600455127-1000\Software\Microsoft\SystemCertificates\My

Record Number: 32425
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080730061210.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Damien-PC
Event Code: 1000
Message: Faulting application MediaManager9.exe, version 9.1.1.32, time stamp 0x4607d102, faulting module MSVCR71.dll, version 7.10.3052.4, time stamp 0x3e561eac, exception code 0xc0000005, fault offset 0x000301de, process id 0x1f84, application start time 0x01c8f1ffdea5ee30.
Record Number: 32407
Source Name: Application Error
Time Written: 20080730045149.000000-000
Event Type: Error
User:

Computer Name: Damien-PC
Event Code: 1000
Message: Faulting application autoruns.exe, version 9.32.0.0, time stamp 0x48884e96, faulting module ADVAPI32.dll, version 6.0.6001.18000, time stamp 0x4791a64b, exception code 0xc00000fd, fault offset 0x0002bd29, process id 0x1d70, application start time 0x01c8f136d4817100.
Record Number: 32242
Source Name: Application Error
Time Written: 20080729045323.000000-000
Event Type: Error
User:

Computer Name: Damien-PC
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6001.18000, time stamp 0x47918f11, faulting module kernel32.dll, version 6.0.6001.18000, time stamp 0x4791a76d, exception code 0x0eedfade, fault offset 0x000442eb, process id 0x1edc, application start time 0x01c8f020e0e9af50.
Record Number: 32133
Source Name: Application Error
Time Written: 20080727231236.000000-000
Event Type: Error
User:

Computer Name: Damien-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {acee2623-448f-4371-a9c7-44ced200c7a7}
Record Number: 31175
Source Name: VSS
Time Written: 20080718222233.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Damien-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-3471299953-1073286343-1600455127-501
Account Name: Guest
Account Domain: Damien-PC
Logon ID: 0x3cb2236

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 233131
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081220135413.845518-000
Event Type: Audit Success
User:

Computer Name: Damien-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-3471299953-1073286343-1600455127-501
Account Name: Guest
Account Domain: Damien-PC
Logon ID: 0x3c93f45

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 233130
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081220134913.075518-000
Event Type: Audit Success
User:

Computer Name: Damien-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-3471299953-1073286343-1600455127-501
Account Name: Guest
Account Domain: Damien-PC
Logon ID: 0x3c762cc

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 233129
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081220134412.074518-000
Event Type: Audit Success
User:

Computer Name: Damien-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x3c672a2

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 233128
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081220134134.558518-000
Event Type: Audit Success
User:

Computer Name: Damien-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x3c672a2
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: LATESHA-PC
Source Network Address: 192.168.1.47
Source Port: 49563

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 233127
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081220134124.131518-000
Event Type: Audit Success
User:

======Environment variables======

"CLASSPATH"=.;%JAVA_HOME%\lib;C:\Program Files\Java\jre6\lib;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"JAVA_HOME"=C:\Program Files\Java\jdk1.6.0_13
"JAVA_PLUGIN_WEBCONTROL_ENABLE"=1
"NUMBER_OF_PROCESSORS"=2
"OnlineServices"=Online Services
"OS"=Windows_NT
"Path"=%JAVA_HOME%\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\Adobe\AGL;C:\xerces-c-3.0.1-x86-windows-vc-9.0\bin;C:\Program Files\Java\jre6\bin;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PCBRAND"=Pavilion
"PLATFORM"=HPD
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=4303
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"VS90COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
"windir"=%SystemRoot%
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
demarq2001
Active Member
 
Posts: 13
Joined: September 15th, 2009, 9:42 pm

Re: Please Help

Unread postby demarq2001 » October 4th, 2009, 7:58 pm

This is the log.txt result:


Logfile of random's system information tool 1.06 (written by random/random)
Run by Damien at 2009-10-04 19:28:04
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 222 GB (47%) free of 468 GB
Total RAM: 2942 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:16 PM, on 10/4/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files\HP USB Multimedia Keyboard\Kmaestro.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\SpywareDetector\MaxSDTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Damien\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Damien.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\MaxSDTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; QS 4.2.4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www8.agame.com/games/shockwave/t/traffic_slam/game_agame_com.htm"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3471299953-1073286343-1600455127-501\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Guest')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://housecall65.trendmicro.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - http://www.ppiwidget.com/campaigns/star ... taller.exe
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MaxWatchDogService - Max Secure Software - C:\Program Files\SpywareDetector\MaxWatchDogService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11396 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Damien.job
C:\Windows\tasks\User_Feed_Synchronization-{378DE6ED-B8CA-4DE2-AD76-AF33BEAEFB6F}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-01 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-09-16 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-08-26 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-08-26 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-08-26 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-08-26 204048]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-26 256112]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2007-04-07 54936]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
""= []
"PivotSoftware"=C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe [2009-06-23 850544]
"DT HPW"=C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe [2007-04-25 280064]
"BtcMaestro"=C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe [2007-08-29 344064]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-01 185896]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
"SDActiveMonitor"=C:\Program Files\SpywareDetector\MaxSDTray.exe [2009-08-04 570800]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"TMRUBottedTray"=C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe [2008-11-06 288088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-31 149280]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-10-03 2023704]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-06-01 1783400]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE [2008-08-06 447928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-03-26 228088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
C:\Users\Damien\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [2009-08-25 79872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE [2008-08-06 447928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

%programdata%\microsoft\windows\start menu\programs\startup
Ad-Aware Update (Weekly).job
Google Software Updater.job
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
Norton Internet Security - Run Full System Scan - Damien.job
SA.DAT
SCHEDLGU.TXT
User_Feed_Synchronization-{378DE6ED-B8CA-4DE2-AD76-AF33BEAEFB6F}.job

c:\users\public\appdata\roaming\microsoft\windows\start menu\programs\startup\\\
Ad-Aware Update (Weekly).job
Google Software Updater.job
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
Norton Internet Security - Run Full System Scan - Damien.job
SA.DAT
SCHEDLGU.TXT
User_Feed_Synchronization-{378DE6ED-B8CA-4DE2-AD76-AF33BEAEFB6F}.job

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"=C:\Windows\system32\ieframe.dll [2009-07-21 11067392]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{132052b7-87a5-11de-9e0a-001bb9d460d3}]
shell\AutoRun\command - K:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fa98d07-d0bb-11dc-b813-001bb9d460d3}]
shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5096b92f-3262-11de-a15c-001bb9d460d3}]
shell\AutoRun\command - K:\Autorun.exe /run
shell\Shell00\command - K:\Autorun.exe /run
shell\Shell01\command - K:\Autorun.exe /action
shell\Shell02\command - K:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dab5ac91-9ee7-11dc-be23-001bb9d460d3}]
shell\AutoRun\command - K:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e79c1b7e-f122-11dd-bb2d-001bb9d460d3}]
shell\AutoRun\command - K:\LaunchU3.exe -a


======File associations======

.inf - install - c:\windows\system32\rundll32.exe setupapi,installhinfsection defaultinstall 132 %1
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - "c:\windows\system32\notepad.exe" %1

======List of files/folders created in the last 3 months======

2009-10-04 19:28:04 ----D---- C:\rsit
2009-10-04 15:51:26 ----A---- C:\Windows\system32\results.txt
2009-10-04 14:57:50 ----A---- C:\Windows\pdf995.ini
2009-10-04 14:40:16 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-10-04 14:40:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-18 03:57:17 ----HD---- C:\$AVG8.VAULT$
2009-09-18 00:18:35 ----D---- C:\ProgramData\Office Genuine Advantage
2009-09-17 22:14:58 ----D---- C:\Program Files\iPhone Configuration Utility
2009-09-17 22:14:12 ----A---- C:\Windows\system32\GEARAspi.dll
2009-09-17 22:13:37 ----D---- C:\Program Files\iPod
2009-09-17 22:13:33 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-17 22:13:33 ----D---- C:\Program Files\iTunes
2009-09-17 03:12:16 ----A---- C:\Windows\system32\tzres.dll
2009-09-16 21:05:05 ----A---- C:\Windows\system32\jscript.dll
2009-09-16 21:04:48 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-16 21:04:44 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-16 21:04:43 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-16 21:04:43 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-16 21:04:43 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-16 21:04:43 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-16 21:04:43 ----A---- C:\Windows\system32\finger.exe
2009-09-16 21:04:43 ----A---- C:\Windows\system32\ARP.EXE
2009-09-16 21:04:42 ----A---- C:\Windows\system32\netevent.dll
2009-09-16 21:03:11 ----A---- C:\Windows\system32\wlansec.dll
2009-09-16 21:03:11 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-16 21:03:11 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-16 21:03:10 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-16 21:03:10 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-16 21:02:59 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-16 21:02:58 ----A---- C:\Windows\system32\mf.dll
2009-09-16 21:02:50 ----A---- C:\Windows\system32\atl.dll
2009-09-16 20:59:21 ----A---- C:\Windows\system32\avgrsstx.dll
2009-09-16 20:59:13 ----D---- C:\ProgramData\AVG Security Toolbar
2009-09-16 20:59:08 ----D---- C:\Program Files\AVG
2009-09-16 20:59:06 ----D---- C:\ProgramData\avg8
2009-09-16 20:18:33 ----A---- C:\Windows\system32\wkssvc.dll
2009-09-16 20:18:31 ----A---- C:\Windows\system32\mstscax.dll
2009-09-16 20:18:29 ----A---- C:\Windows\system32\avifil32.dll
2009-09-16 20:18:23 ----A---- C:\Windows\system32\mshtml.dll
2009-09-16 20:18:22 ----A---- C:\Windows\system32\iertutil.dll
2009-09-16 20:18:22 ----A---- C:\Windows\system32\ieframe.dll
2009-09-16 20:18:21 ----A---- C:\Windows\system32\wininet.dll
2009-09-16 20:18:21 ----A---- C:\Windows\system32\urlmon.dll
2009-09-16 20:18:21 ----A---- C:\Windows\system32\occache.dll
2009-09-16 20:18:21 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-09-16 20:18:21 ----A---- C:\Windows\system32\msfeeds.dll
2009-09-16 20:18:21 ----A---- C:\Windows\system32\ieUnatt.exe
2009-09-16 20:18:21 ----A---- C:\Windows\system32\ieui.dll
2009-09-16 20:18:21 ----A---- C:\Windows\system32\iepeers.dll
2009-09-16 20:18:21 ----A---- C:\Windows\system32\iedkcs32.dll
2009-09-16 20:18:20 ----A---- C:\Windows\system32\msfeedssync.exe
2009-09-16 20:18:20 ----A---- C:\Windows\system32\jsproxy.dll
2009-09-16 20:18:20 ----A---- C:\Windows\system32\iesysprep.dll
2009-09-16 20:18:20 ----A---- C:\Windows\system32\iesetup.dll
2009-09-16 20:18:20 ----A---- C:\Windows\system32\iernonce.dll
2009-09-16 20:18:20 ----A---- C:\Windows\system32\ie4uinit.exe
2009-09-16 20:18:12 ----A---- C:\Windows\system32\wmp.dll
2009-09-16 20:18:11 ----A---- C:\Windows\system32\wmpdxm.dll
2009-09-16 20:18:11 ----A---- C:\Windows\system32\dxmasf.dll
2009-09-16 20:18:10 ----A---- C:\Windows\system32\wmploc.DLL
2009-09-16 20:18:10 ----A---- C:\Windows\system32\spwmp.dll
2009-09-16 20:18:02 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-09-16 20:18:01 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-15 00:13:28 ----A---- C:\Windows\system32\javaws.exe
2009-09-15 00:13:28 ----A---- C:\Windows\system32\javaw.exe
2009-09-15 00:13:28 ----A---- C:\Windows\system32\java.exe
2009-09-15 00:03:16 ----D---- C:\Program Files\Trend Micro
2009-09-14 23:36:46 ----D---- C:\Windows\system32\eu-ES
2009-09-14 23:36:46 ----D---- C:\Windows\system32\ca-ES
2009-09-14 23:36:44 ----D---- C:\Windows\system32\vi-VN
2009-09-14 23:20:13 ----A---- C:\Windows\RTKAUDIOSERVICE.EXE
2009-09-14 23:18:25 ----D---- C:\Windows\system32\SPReview
2009-09-14 23:06:03 ----A---- C:\Windows\system32\scavenge.dll
2009-09-14 23:05:52 ----A---- C:\Windows\system32\compcln.exe
2009-09-14 23:04:37 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-09-14 23:04:36 ----A---- C:\Windows\system32\secur32.dll
2009-09-14 23:04:36 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-09-14 23:04:36 ----A---- C:\Windows\system32\secproc_isv.dll
2009-09-14 23:04:36 ----A---- C:\Windows\system32\secproc.dll
2009-09-14 23:04:35 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-09-14 23:04:35 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-09-14 23:04:35 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-09-14 23:04:35 ----A---- C:\Windows\system32\sdohlp.dll
2009-09-14 23:04:35 ----A---- C:\Windows\system32\sdclt.exe
2009-09-14 23:04:35 ----A---- C:\Windows\system32\samlib.dll
2009-09-14 23:04:35 ----A---- C:\Windows\system32\rtutils.dll
2009-09-14 23:04:35 ----A---- C:\Windows\system32\rtffilt.dll
2009-09-14 23:04:35 ----A---- C:\Windows\system32\rsaenh.dll
2009-09-14 23:04:35 ----A---- C:\Windows\system32\rrinstaller.exe
2009-09-14 23:04:35 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-09-14 23:04:34 ----A---- C:\Windows\system32\scrrun.dll
2009-09-14 23:04:34 ----A---- C:\Windows\system32\rpcss.dll
2009-09-14 23:04:34 ----A---- C:\Windows\system32\rpchttp.dll
2009-09-14 23:04:34 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-09-14 23:04:34 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-09-14 23:04:34 ----A---- C:\Windows\system32\RMActivate.exe
2009-09-14 23:04:34 ----A---- C:\Windows\system32\riched20.dll
2009-09-14 23:04:33 ----A---- C:\Windows\system32\scrobj.dll
2009-09-14 23:04:33 ----A---- C:\Windows\system32\scksp.dll
2009-09-14 23:04:33 ----A---- C:\Windows\system32\schedsvc.dll
2009-09-14 23:04:33 ----A---- C:\Windows\system32\schannel.dll
2009-09-14 23:04:33 ----A---- C:\Windows\system32\scesrv.dll
2009-09-14 23:04:33 ----A---- C:\Windows\system32\scecli.dll
2009-09-14 23:04:33 ----A---- C:\Windows\system32\SCardSvr.dll
2009-09-14 23:04:33 ----A---- C:\Windows\system32\scansetting.dll
2009-09-14 23:04:33 ----A---- C:\Windows\system32\samsrv.dll
2009-09-14 23:04:28 ----A---- C:\Windows\system32\powercpl.dll
2009-09-14 23:04:28 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-09-14 23:04:28 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-09-14 23:04:28 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-09-14 23:04:28 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-09-14 23:04:28 ----A---- C:\Windows\system32\PnPutil.exe
2009-09-14 23:04:28 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-09-14 23:04:28 ----A---- C:\Windows\system32\pnpui.dll
2009-09-14 23:04:28 ----A---- C:\Windows\system32\pnpsetup.dll
2009-09-14 23:04:28 ----A---- C:\Windows\system32\pnidui.dll
2009-09-14 23:04:28 ----A---- C:\Windows\system32\perfdisk.dll
2009-09-14 23:04:28 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-09-14 23:04:28 ----A---- C:\Windows\system32\pdh.dll
2009-09-14 23:04:28 ----A---- C:\Windows\system32\pcaui.dll
2009-09-14 23:04:28 ----A---- C:\Windows\system32\p2psvc.dll
2009-09-14 23:04:28 ----A---- C:\Windows\system32\P2PGraph.dll
2009-09-14 23:04:27 ----A---- C:\Windows\system32\PkgMgr.exe
2009-09-14 23:04:27 ----A---- C:\Windows\system32\pidgenx.dll
2009-09-14 23:04:27 ----A---- C:\Windows\system32\photowiz.dll
2009-09-14 23:04:27 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-09-14 23:04:26 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-09-14 23:04:26 ----A---- C:\Windows\system32\ntdll.dll
2009-09-14 23:04:26 ----A---- C:\Windows\system32\nslookup.exe
2009-09-14 23:04:26 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-09-14 23:04:25 ----A---- C:\Windows\system32\osk.exe
2009-09-14 23:04:25 ----A---- C:\Windows\system32\oobefldr.dll
2009-09-14 23:04:25 ----A---- C:\Windows\system32\onex.dll
2009-09-14 23:04:25 ----A---- C:\Windows\system32\olepro32.dll
2009-09-14 23:04:25 ----A---- C:\Windows\system32\oleprn.dll
2009-09-14 23:04:25 ----A---- C:\Windows\system32\oleaut32.dll
2009-09-14 23:04:25 ----A---- C:\Windows\system32\ole32.dll
2009-09-14 23:04:25 ----A---- C:\Windows\system32\offfilt.dll
2009-09-14 23:04:25 ----A---- C:\Windows\system32\odbccp32.dll
2009-09-14 23:04:25 ----A---- C:\Windows\system32\odbcconf.dll
2009-09-14 23:04:25 ----A---- C:\Windows\system32\odbc32.dll
2009-09-14 23:04:25 ----A---- C:\Windows\system32\ocsetup.exe
2009-09-14 23:04:25 ----A---- C:\Windows\system32\ntprint.dll
2009-09-14 23:04:25 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-09-14 23:04:25 ----A---- C:\Windows\system32\ntmarta.dll
2009-09-14 23:04:25 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-09-14 23:04:25 ----A---- C:\Windows\system32\nlhtml.dll
2009-09-14 23:04:24 ----A---- C:\Windows\system32\RelMon.dll
2009-09-14 23:04:24 ----A---- C:\Windows\system32\regsvc.dll
2009-09-14 23:04:24 ----A---- C:\Windows\system32\rastls.dll
2009-09-14 23:04:24 ----A---- C:\Windows\system32\rastapi.dll
2009-09-14 23:04:24 ----A---- C:\Windows\system32\rasppp.dll
2009-09-14 23:04:24 ----A---- C:\Windows\system32\rasplap.dll
2009-09-14 23:04:24 ----A---- C:\Windows\system32\rasmontr.dll
2009-09-14 23:04:24 ----A---- C:\Windows\system32\rasmans.dll
2009-09-14 23:04:24 ----A---- C:\Windows\system32\rasgcw.dll
2009-09-14 23:04:24 ----A---- C:\Windows\system32\rasdlg.dll
2009-09-14 23:04:24 ----A---- C:\Windows\system32\rasdial.exe
2009-09-14 23:04:24 ----A---- C:\Windows\system32\rasdiag.dll
2009-09-14 23:04:24 ----A---- C:\Windows\system32\raschap.dll
2009-09-14 23:04:24 ----A---- C:\Windows\system32\rasapi32.dll
2009-09-14 23:04:24 ----A---- C:\Windows\system32\RacEngn.dll
2009-09-14 23:04:24 ----A---- C:\Windows\system32\Query.dll
2009-09-14 23:04:24 ----A---- C:\Windows\system32\quartz.dll
2009-09-14 23:04:24 ----A---- C:\Windows\system32\qmgr.dll
2009-09-14 23:04:24 ----A---- C:\Windows\system32\qedit.dll
2009-09-14 23:04:23 ----A---- C:\Windows\system32\rekeywiz.exe
2009-09-14 23:04:23 ----A---- C:\Windows\system32\regapi.dll
2009-09-14 23:04:23 ----A---- C:\Windows\system32\reg.exe
2009-09-14 23:04:23 ----A---- C:\Windows\system32\rdpwsx.dll
2009-09-14 23:04:23 ----A---- C:\Windows\system32\rdpencom.dll
2009-09-14 23:04:23 ----A---- C:\Windows\system32\prnntfy.dll
2009-09-14 23:04:23 ----A---- C:\Windows\system32\printui.dll
2009-09-14 23:04:23 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-09-14 23:04:23 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-09-14 23:04:23 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-09-14 23:04:23 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-09-14 23:04:23 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-09-14 23:04:23 ----A---- C:\Windows\system32\PresentationHost.exe
2009-09-14 23:04:23 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-09-14 23:04:22 ----A---- C:\Windows\system32\qdvd.dll
2009-09-14 23:04:22 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-09-14 23:04:22 ----A---- C:\Windows\system32\puiapi.dll
2009-09-14 23:04:22 ----A---- C:\Windows\system32\propsys.dll
2009-09-14 23:04:22 ----A---- C:\Windows\system32\propdefs.dll
2009-09-14 23:04:22 ----A---- C:\Windows\system32\profsvc.dll
2009-09-14 23:04:22 ----A---- C:\Windows\system32\powrprof.dll
2009-09-14 23:04:21 ----A---- C:\Windows\system32\psisdecd.dll
2009-09-14 23:04:21 ----A---- C:\Windows\system32\PSHED.DLL
2009-09-14 23:04:18 ----A---- C:\Windows\system32\sendmail.dll
2009-09-14 23:04:17 ----A---- C:\Windows\system32\shlwapi.dll
2009-09-14 23:04:17 ----A---- C:\Windows\system32\shell32.dll
2009-09-14 23:04:17 ----A---- C:\Windows\system32\shdocvw.dll
2009-09-14 23:04:17 ----A---- C:\Windows\system32\sethc.exe
2009-09-14 23:04:17 ----A---- C:\Windows\system32\services.exe
2009-09-14 23:04:16 ----A---- C:\Windows\system32\setupapi.dll
2009-09-14 23:04:07 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-09-14 23:04:07 ----A---- C:\Windows\system32\eapphost.dll
2009-09-14 23:04:07 ----A---- C:\Windows\system32\eappgnui.dll
2009-09-14 23:04:07 ----A---- C:\Windows\system32\eappcfg.dll
2009-09-14 23:04:07 ----A---- C:\Windows\system32\eapp3hst.dll
2009-09-14 23:04:06 ----A---- C:\Windows\system32\dwm.exe
2009-09-14 23:04:06 ----A---- C:\Windows\system32\dsprop.dll
2009-09-14 23:04:06 ----A---- C:\Windows\system32\dsound.dll
2009-09-14 23:04:03 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-09-14 23:04:03 ----A---- C:\Windows\system32\evr.dll
2009-09-14 23:04:03 ----A---- C:\Windows\system32\eudcedit.exe
2009-09-14 23:04:03 ----A---- C:\Windows\system32\esent.dll
2009-09-14 23:04:03 ----A---- C:\Windows\explorer.exe
2009-09-14 23:04:02 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-09-14 23:04:02 ----A---- C:\Windows\system32\es.dll
2009-09-14 23:04:02 ----A---- C:\Windows\system32\EncDec.dll
2009-09-14 23:04:02 ----A---- C:\Windows\system32\emdmgmt.dll
2009-09-14 23:04:02 ----A---- C:\Windows\system32\EhStorShell.dll
2009-09-14 23:04:02 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-09-14 23:04:02 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-09-14 23:04:01 ----A---- C:\Windows\system32\dimsroam.dll
2009-09-14 23:04:01 ----A---- C:\Windows\system32\diagperf.dll
2009-09-14 23:04:01 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-09-14 23:04:00 ----A---- C:\Windows\system32\diskraid.exe
2009-09-14 23:04:00 ----A---- C:\Windows\system32\diskpart.exe
2009-09-14 23:04:00 ----A---- C:\Windows\system32\dfsr.exe
2009-09-14 23:04:00 ----A---- C:\Windows\system32\dfshim.dll
2009-09-14 23:04:00 ----A---- C:\Windows\system32\devmgr.dll
2009-09-14 23:03:59 ----A---- C:\Windows\system32\drvstore.dll
2009-09-14 23:03:59 ----A---- C:\Windows\system32\drvinst.exe
2009-09-14 23:03:59 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-09-14 23:03:59 ----A---- C:\Windows\system32\dpapimig.exe
2009-09-14 23:03:59 ----A---- C:\Windows\system32\dot3svc.dll
2009-09-14 23:03:59 ----A---- C:\Windows\system32\dot3msm.dll
2009-09-14 23:03:59 ----A---- C:\Windows\system32\dot3cfg.dll
2009-09-14 23:03:59 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-09-14 23:03:58 ----A---- C:\Windows\system32\hbaapi.dll
2009-09-14 23:03:58 ----A---- C:\Windows\system32\drmv2clt.dll
2009-09-14 23:03:58 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-09-14 23:03:58 ----A---- C:\Windows\system32\dnsapi.dll
2009-09-14 23:03:58 ----A---- C:\Windows\system32\dmusic.dll
2009-09-14 23:03:58 ----A---- C:\Windows\system32\dmsynth.dll
2009-09-14 23:03:57 ----A---- C:\Windows\system32\gpsvc.dll
2009-09-14 23:03:57 ----A---- C:\Windows\system32\gpresult.exe
2009-09-14 23:03:56 ----A---- C:\Windows\system32\iasnap.dll
2009-09-14 23:03:56 ----A---- C:\Windows\system32\IasMigReader.exe
2009-09-14 23:03:56 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-09-14 23:03:56 ----A---- C:\Windows\system32\iashlpr.dll
2009-09-14 23:03:56 ----A---- C:\Windows\system32\iasdatastore.dll
2009-09-14 23:03:56 ----A---- C:\Windows\system32\iasads.dll
2009-09-14 23:03:56 ----A---- C:\Windows\system32\iasacct.dll
2009-09-14 23:03:56 ----A---- C:\Windows\system32\gpupdate.exe
2009-09-14 23:03:54 ----A---- C:\Windows\system32\hidserv.dll
2009-09-14 23:03:54 ----A---- C:\Windows\system32\hdwwiz.exe
2009-09-14 23:03:54 ----A---- C:\Windows\system32\fontext.dll
2009-09-14 23:03:54 ----A---- C:\Windows\system32\findstr.exe
2009-09-14 23:03:53 ----A---- C:\Windows\system32\gpapi.dll
2009-09-14 23:03:53 ----A---- C:\Windows\system32\gdi32.dll
2009-09-14 23:03:53 ----A---- C:\Windows\system32\feclient.dll
2009-09-14 23:03:53 ----A---- C:\Windows\system32\fdWSD.dll
2009-09-14 23:03:53 ----A---- C:\Windows\system32\fdWCN.dll
2009-09-14 23:03:53 ----A---- C:\Windows\system32\fdSSDP.dll
2009-09-14 23:03:53 ----A---- C:\Windows\system32\fdProxy.dll
2009-09-14 23:03:53 ----A---- C:\Windows\system32\fdeploy.dll
2009-09-14 23:03:53 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-09-14 23:03:53 ----A---- C:\Windows\system32\fdBth.dll
2009-09-14 23:03:53 ----A---- C:\Windows\system32\fc.exe
2009-09-14 23:03:53 ----A---- C:\Windows\system32\Faultrep.dll
2009-09-14 23:03:52 ----A---- C:\Windows\system32\gpedit.dll
2009-09-14 23:03:52 ----A---- C:\Windows\system32\fundisc.dll
2009-09-14 23:03:52 ----A---- C:\Windows\system32\ftp.exe
2009-09-14 23:03:51 ----A---- C:\Windows\system32\gameux.dll
2009-09-14 23:03:51 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-09-14 23:03:51 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-09-14 23:03:51 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-09-14 23:03:51 ----A---- C:\Windows\system32\audiosrv.dll
2009-09-14 23:03:50 ----A---- C:\Windows\system32\authui.dll
2009-09-14 23:03:49 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2009-09-14 23:03:49 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2009-09-14 23:03:49 ----A---- C:\Windows\system32\autofmt.exe
2009-09-14 23:03:49 ----A---- C:\Windows\system32\autochk.exe
2009-09-14 23:03:49 ----A---- C:\Windows\system32\authz.dll
2009-09-14 23:03:49 ----A---- C:\Windows\system32\AudioSes.dll
2009-09-14 23:03:49 ----A---- C:\Windows\system32\audiodg.exe
2009-09-14 23:03:45 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-09-14 23:03:45 ----A---- C:\Windows\system32\autoconv.exe
2009-09-14 23:03:44 ----A---- C:\Windows\system32\autoplay.dll
2009-09-14 23:03:42 ----A---- C:\Windows\system32\bthci.dll
2009-09-14 23:03:42 ----A---- C:\Windows\system32\browseui.dll
2009-09-14 23:03:42 ----A---- C:\Windows\system32\brcpl.dll
2009-09-14 23:03:42 ----A---- C:\Windows\system32\basecsp.dll
2009-09-14 23:03:42 ----A---- C:\Windows\system32\azroles.dll
2009-09-14 23:03:41 ----A---- C:\Windows\system32\blackbox.dll
2009-09-14 23:03:41 ----A---- C:\Windows\system32\bitsigd.dll
2009-09-14 23:03:41 ----A---- C:\Windows\system32\BFE.DLL
2009-09-14 23:03:41 ----A---- C:\Windows\system32\bcrypt.dll
2009-09-14 23:03:41 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-09-14 23:03:40 ----A---- C:\Windows\system32\aaclient.dll
2009-09-14 23:03:39 ----A---- C:\Windows\system32\apphelp.dll
2009-09-14 23:03:39 ----A---- C:\Windows\system32\apds.dll
2009-09-14 23:03:38 ----A---- C:\Windows\system32\conime.exe
2009-09-14 23:03:38 ----A---- C:\Windows\system32\comuid.dll
2009-09-14 23:03:38 ----A---- C:\Windows\system32\comsvcs.dll
2009-09-14 23:03:38 ----A---- C:\Windows\system32\advapi32.dll
2009-09-14 23:03:38 ----A---- C:\Windows\system32\adtschema.dll
2009-09-14 23:03:38 ----A---- C:\Windows\system32\adsmsext.dll
2009-09-14 23:03:38 ----A---- C:\Windows\system32\adsldpc.dll
2009-09-14 23:03:37 ----A---- C:\Windows\system32\crypt32.dll
2009-09-14 23:03:37 ----A---- C:\Windows\system32\credui.dll
2009-09-14 23:03:37 ----A---- C:\Windows\system32\connect.dll
2009-09-14 23:03:37 ----A---- C:\Windows\system32\comdlg32.dll
2009-09-14 23:03:37 ----A---- C:\Windows\system32\cmdial32.dll
2009-09-14 23:03:36 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-09-14 23:03:36 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-09-14 23:03:36 ----A---- C:\Windows\system32\DevicePairing.dll
2009-09-14 23:03:36 ----A---- C:\Windows\system32\DeviceEject.exe
2009-09-14 23:03:36 ----A---- C:\Windows\system32\dbgeng.dll
2009-09-14 23:03:36 ----A---- C:\Windows\system32\davclnt.dll
2009-09-14 23:03:36 ----A---- C:\Windows\system32\dataclen.dll
2009-09-14 23:03:36 ----A---- C:\Windows\system32\d3d9.dll
2009-09-14 23:03:36 ----A---- C:\Windows\system32\cscdll.dll
2009-09-14 23:03:36 ----A---- C:\Windows\system32\cscapi.dll
2009-09-14 23:03:36 ----A---- C:\Windows\system32\cmmon32.exe
2009-09-14 23:03:35 ----A---- C:\Windows\system32\csrstub.exe
2009-09-14 23:03:35 ----A---- C:\Windows\system32\cscript.exe
2009-09-14 23:03:35 ----A---- C:\Windows\system32\cryptui.dll
2009-09-14 23:03:35 ----A---- C:\Windows\system32\cryptsvc.dll
2009-09-14 23:03:35 ----A---- C:\Windows\system32\cdd.dll
2009-09-14 23:03:34 ----A---- C:\Windows\system32\cipher.exe
2009-09-14 23:03:34 ----A---- C:\Windows\system32\ci.dll
2009-09-14 23:03:34 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-09-14 23:03:34 ----A---- C:\Windows\system32\chtbrkr.dll
2009-09-14 23:03:34 ----A---- C:\Windows\system32\chsbrkr.dll
2009-09-14 23:03:34 ----A---- C:\Windows\system32\certmgr.dll
2009-09-14 23:03:34 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-09-14 23:03:34 ----A---- C:\Windows\system32\CertEnroll.dll
2009-09-14 23:03:34 ----A---- C:\Windows\system32\certcli.dll
2009-09-14 23:03:34 ----A---- C:\Windows\system32\cbsra.exe
2009-09-14 23:03:34 ----A---- C:\Windows\system32\bthudtask.exe
2009-09-14 23:03:34 ----A---- C:\Windows\system32\bthserv.dll
2009-09-14 23:03:33 ----A---- C:\Windows\system32\certreq.exe
2009-09-14 23:03:33 ----A---- C:\Windows\system32\certprop.dll
2009-09-14 23:03:32 ----A---- C:\Windows\system32\msihnd.dll
2009-09-14 23:03:32 ----A---- C:\Windows\system32\msiexec.exe
2009-09-14 23:03:32 ----A---- C:\Windows\system32\msi.dll
2009-09-14 23:03:32 ----A---- C:\Windows\system32\msftedit.dll
2009-09-14 23:03:32 ----A---- C:\Windows\system32\msexcl40.dll
2009-09-14 23:03:32 ----A---- C:\Windows\system32\msexch40.dll
2009-09-14 23:03:32 ----A---- C:\Windows\system32\msdtctm.dll
2009-09-14 23:03:32 ----A---- C:\Windows\system32\msdtcprx.dll
2009-09-14 23:03:32 ----A---- C:\Windows\system32\msdrm.dll
2009-09-14 23:03:32 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-09-14 23:03:32 ----A---- C:\Windows\system32\certutil.exe
2009-09-14 23:03:31 ----A---- C:\Windows\system32\msimsg.dll
2009-09-14 23:03:31 ----A---- C:\Windows\system32\msctfui.dll
2009-09-14 23:03:31 ----A---- C:\Windows\system32\msctfp.dll
2009-09-14 23:03:31 ----A---- C:\Windows\system32\msctf.dll
2009-09-14 23:03:31 ----A---- C:\Windows\system32\MPSSVC.dll
2009-09-14 23:03:31 ----A---- C:\Windows\system32\mprapi.dll
2009-09-14 23:03:31 ----A---- C:\Windows\system32\mpr.dll
2009-09-14 23:03:30 ----A---- C:\Windows\system32\mscms.dll
2009-09-14 23:03:30 ----A---- C:\Windows\system32\mscandui.dll
2009-09-14 23:03:30 ----A---- C:\Windows\system32\modemui.dll
2009-09-14 23:03:30 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-09-14 23:03:29 ----A---- C:\Windows\system32\netplwiz.dll
2009-09-14 23:03:29 ----A---- C:\Windows\system32\netcenter.dll
2009-09-14 23:03:29 ----A---- C:\Windows\system32\netapi32.dll
2009-09-14 23:03:29 ----A---- C:\Windows\system32\ncryptui.dll
2009-09-14 23:03:29 ----A---- C:\Windows\system32\ncrypt.dll
2009-09-14 23:03:29 ----A---- C:\Windows\system32\mscories.dll
2009-09-14 23:03:29 ----A---- C:\Windows\system32\mscorier.dll
2009-09-14 23:03:29 ----A---- C:\Windows\system32\mscoree.dll
2009-09-14 23:03:28 ----A---- C:\Windows\system32\NetProjW.dll
2009-09-14 23:03:28 ----A---- C:\Windows\system32\netlogon.dll
2009-09-14 23:03:28 ----A---- C:\Windows\system32\NcdProp.dll
2009-09-14 23:03:28 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-09-14 23:03:28 ----A---- C:\Windows\system32\mtxclu.dll
2009-09-14 23:03:28 ----A---- C:\Windows\system32\msxml6.dll
2009-09-14 23:03:28 ----A---- C:\Windows\system32\msxml3.dll
2009-09-14 23:03:27 ----A---- C:\Windows\system32\newdev.exe
2009-09-14 23:03:27 ----A---- C:\Windows\system32\newdev.dll
2009-09-14 23:03:27 ----A---- C:\Windows\system32\networkmap.dll
2009-09-14 23:03:27 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-09-14 23:03:27 ----A---- C:\Windows\system32\networkexplorer.dll
2009-09-14 23:03:27 ----A---- C:\Windows\system32\netshell.dll
2009-09-14 23:03:27 ----A---- C:\Windows\system32\msscntrs.dll
2009-09-14 23:03:27 ----A---- C:\Windows\system32\msscb.dll
2009-09-14 23:03:27 ----A---- C:\Windows\system32\msrepl40.dll
2009-09-14 23:03:27 ----A---- C:\Windows\system32\msrd3x40.dll
2009-09-14 23:03:27 ----A---- C:\Windows\system32\msrd2x40.dll
2009-09-14 23:03:27 ----A---- C:\Windows\system32\mspbde40.dll
2009-09-14 23:03:27 ----A---- C:\Windows\system32\msnetobj.dll
2009-09-14 23:03:27 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-09-14 23:03:27 ----A---- C:\Windows\system32\msltus40.dll
2009-09-14 23:03:27 ----A---- C:\Windows\system32\msinfo32.exe
2009-09-14 23:03:27 ----A---- C:\Windows\system32\msimtf.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\msxbde40.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\mswstr10.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\mswsock.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\mswdat10.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\msvcrt.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\msvcp60.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\msv1_0.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\msutb.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\mstsc.exe
2009-09-14 23:03:26 ----A---- C:\Windows\system32\mstlsapi.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\mstext40.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\mssvp.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\msstrc.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\mssrch.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\mssprxy.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\mssphtb.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\mssph.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\mssitlb.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\msshsq.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\msshooks.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\msscp.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\msjtes40.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\msjter40.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\msjint40.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\msjet40.dll
2009-09-14 23:03:26 ----A---- C:\Windows\system32\msisip.dll
2009-09-14 23:03:25 ----A---- C:\Windows\system32\InkEd.dll
2009-09-14 23:03:25 ----A---- C:\Windows\system32\infocardapi.dll
2009-09-14 23:03:25 ----A---- C:\Windows\system32\inetppui.dll
2009-09-14 23:03:25 ----A---- C:\Windows\system32\inetpp.dll
2009-09-14 23:03:25 ----A---- C:\Windows\system32\inetcomm.dll
2009-09-14 23:03:22 ----A---- C:\Windows\system32\iscsilog.dll
2009-09-14 23:03:22 ----A---- C:\Windows\system32\imm32.dll
2009-09-14 23:03:21 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-09-14 23:03:20 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-09-14 23:03:17 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-09-14 23:03:17 ----A---- C:\Windows\system32\ipconfig.exe
2009-09-14 23:03:17 ----A---- C:\Windows\system32\input.dll
2009-09-14 23:03:16 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-09-14 23:03:16 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-09-14 23:03:10 ----A---- C:\Windows\system32\ifmon.dll
2009-09-14 23:03:09 ----A---- C:\Windows\system32\icardres.dll
2009-09-14 23:03:09 ----A---- C:\Windows\system32\icardagt.exe
2009-09-14 23:03:09 ----A---- C:\Windows\system32\iassvcs.dll
2009-09-14 23:03:09 ----A---- C:\Windows\system32\iassdo.dll
2009-09-14 23:03:09 ----A---- C:\Windows\system32\iasrad.dll
2009-09-14 23:03:09 ----A---- C:\Windows\system32\iaspolcy.dll
2009-09-14 23:03:08 ----A---- C:\Windows\system32\iassam.dll
2009-09-14 23:03:08 ----A---- C:\Windows\system32\iasrecst.dll
2009-09-14 23:03:07 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-09-14 23:03:06 ----A---- C:\Windows\system32\mfpmp.exe
2009-09-14 23:03:06 ----A---- C:\Windows\system32\mfplat.dll
2009-09-14 23:03:06 ----A---- C:\Windows\system32\mferror.dll
2009-09-14 23:03:06 ----A---- C:\Windows\system32\imapi2fs.dll
2009-09-14 23:03:06 ----A---- C:\Windows\system32\imapi2.dll
2009-09-14 23:03:06 ----A---- C:\Windows\system32\imapi.dll
2009-09-14 23:03:06 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-09-14 23:03:05 ----A---- C:\Windows\system32\mmcico.dll
2009-09-14 23:03:05 ----A---- C:\Windows\system32\mmci.dll
2009-09-14 23:03:05 ----A---- C:\Windows\system32\mimefilt.dll
2009-09-14 23:03:05 ----A---- C:\Windows\system32\milcore.dll
2009-09-14 23:03:05 ----A---- C:\Windows\system32\midimap.dll
2009-09-14 23:03:05 ----A---- C:\Windows\system32\mfps.dll
2009-09-14 23:03:05 ----A---- C:\Windows\system32\mfc42u.dll
2009-09-14 23:03:05 ----A---- C:\Windows\system32\mfc42.dll
2009-09-14 23:03:04 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-09-14 23:03:04 ----A---- C:\Windows\system32\mmc.exe
2009-09-14 23:03:04 ----A---- C:\Windows\system32\korwbrkr.dll
2009-09-14 23:03:03 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-09-14 23:03:03 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-09-14 23:03:03 ----A---- C:\Windows\system32\mcmde.dll
2009-09-14 23:03:03 ----A---- C:\Windows\system32\mblctr.exe
2009-09-14 23:03:03 ----A---- C:\Windows\system32\logman.exe
2009-09-14 23:03:03 ----A---- C:\Windows\system32\logagent.exe
2009-09-14 23:03:03 ----A---- C:\Windows\system32\l2nacp.dll
2009-09-14 23:03:03 ----A---- C:\Windows\system32\kernel32.dll
2009-09-14 23:03:03 ----A---- C:\Windows\system32\kerberos.dll
2009-09-14 23:03:03 ----A---- C:\Windows\system32\kdusb.dll
2009-09-14 23:03:03 ----A---- C:\Windows\system32\kdcom.dll
2009-09-14 23:03:03 ----A---- C:\Windows\system32\kd1394.dll
2009-09-14 23:03:02 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-09-14 23:03:02 ----A---- C:\Windows\system32\wercon.exe
2009-09-14 23:03:02 ----A---- C:\Windows\system32\wer.dll
2009-09-14 23:03:02 ----A---- C:\Windows\system32\WebClnt.dll
2009-09-14 23:03:02 ----A---- C:\Windows\system32\wdscore.dll
2009-09-14 23:03:02 ----A---- C:\Windows\system32\wdc.dll
2009-09-14 23:03:02 ----A---- C:\Windows\system32\shsetup.dll
2009-09-14 23:03:02 ----A---- C:\Windows\system32\Magnify.exe
2009-09-14 23:03:02 ----A---- C:\Windows\system32\lsasrv.dll
2009-09-14 23:03:01 ----A---- C:\Windows\system32\winhttp.dll
2009-09-14 23:03:01 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-09-14 23:03:01 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-09-14 23:03:01 ----A---- C:\Windows\system32\win32spl.dll
2009-09-14 23:03:01 ----A---- C:\Windows\system32\wiaaut.dll
2009-09-14 23:03:01 ----A---- C:\Windows\system32\whealogr.dll
2009-09-14 23:03:01 ----A---- C:\Windows\system32\wevtutil.exe
2009-09-14 23:03:01 ----A---- C:\Windows\system32\wevtsvc.dll
2009-09-14 23:03:01 ----A---- C:\Windows\system32\wevtapi.dll
2009-09-14 23:03:01 ----A---- C:\Windows\system32\wersvc.dll
2009-09-14 23:03:01 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-09-14 23:03:01 ----A---- C:\Windows\system32\WerFault.exe
2009-09-14 23:03:00 ----A---- C:\Windows\system32\wiaservc.dll
2009-09-14 23:03:00 ----A---- C:\Windows\system32\version.dll
2009-09-14 23:03:00 ----A---- C:\Windows\system32\vdsutil.dll
2009-09-14 23:03:00 ----A---- C:\Windows\system32\vdsdyn.dll
2009-09-14 23:03:00 ----A---- C:\Windows\system32\vds.exe
2009-09-14 23:03:00 ----A---- C:\Windows\system32\vdmdbg.dll
2009-09-14 23:03:00 ----A---- C:\Windows\system32\uxsms.dll
2009-09-14 23:03:00 ----A---- C:\Windows\system32\Utilman.exe
2009-09-14 23:03:00 ----A---- C:\Windows\system32\usp10.dll
2009-09-14 23:03:00 ----A---- C:\Windows\system32\userenv.dll
2009-09-14 23:03:00 ----A---- C:\Windows\system32\usercpl.dll
2009-09-14 23:03:00 ----A---- C:\Windows\system32\user32.dll
2009-09-14 23:02:59 ----A---- C:\Windows\system32\wscisvif.dll
2009-09-14 23:02:59 ----A---- C:\Windows\system32\WscEapPr.dll
2009-09-14 23:02:59 ----A---- C:\Windows\system32\wscapi.dll
2009-09-14 23:02:59 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-09-14 23:02:59 ----A---- C:\Windows\system32\wcnwiz.dll
2009-09-14 23:02:59 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-09-14 23:02:59 ----A---- C:\Windows\system32\wcncsvc.dll
2009-09-14 23:02:59 ----A---- C:\Windows\system32\w32time.dll
2009-09-14 23:02:59 ----A---- C:\Windows\system32\VSSVC.exe
2009-09-14 23:02:59 ----A---- C:\Windows\system32\vssapi.dll
2009-09-14 23:02:58 ----A---- C:\Windows\system32\xmlfilter.dll
2009-09-14 23:02:58 ----A---- C:\Windows\system32\wusa.exe
2009-09-14 23:02:58 ----A---- C:\Windows\system32\WSDMon.dll
2009-09-14 23:02:58 ----A---- C:\Windows\system32\wsdchngr.dll
2009-09-14 23:02:58 ----A---- C:\Windows\system32\WSDApi.dll
2009-09-14 23:02:58 ----A---- C:\Windows\system32\wscsvc.dll
2009-09-14 23:02:58 ----A---- C:\Windows\system32\wscript.exe
2009-09-14 23:02:58 ----A---- C:\Windows\system32\wscntfy.dll
2009-09-14 23:02:58 ----A---- C:\Windows\system32\wpcsvc.dll
2009-09-14 23:02:58 ----A---- C:\Windows\system32\wpccpl.dll
2009-09-14 23:02:58 ----A---- C:\Windows\system32\wpcao.dll
2009-09-14 23:02:58 ----A---- C:\Windows\system32\wow32.dll
2009-09-14 23:02:58 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-09-14 23:02:58 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-09-14 23:02:58 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-09-14 23:02:57 ----A---- C:\Windows\system32\wsnmp32.dll
2009-09-14 23:02:57 ----A---- C:\Windows\system32\WsmSvc.dll
2009-09-14 23:02:57 ----A---- C:\Windows\system32\wshext.dll
2009-09-14 23:02:57 ----A---- C:\Windows\system32\wshbth.dll
2009-09-14 23:02:57 ----A---- C:\Windows\system32\wsepno.dll
2009-09-14 23:02:56 ----A---- C:\Windows\system32\WMPhoto.dll
2009-09-14 23:02:56 ----A---- C:\Windows\system32\wmpeffects.dll
2009-09-14 23:02:56 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-09-14 23:02:56 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-09-14 23:02:56 ----A---- C:\Windows\system32\Wldap32.dll
2009-09-14 23:02:56 ----A---- C:\Windows\system32\wlanui.dll
2009-09-14 23:02:56 ----A---- C:\Windows\system32\wlanpref.dll
2009-09-14 23:02:56 ----A---- C:\Windows\system32\wlanhlp.dll
2009-09-14 23:02:56 ----A---- C:\Windows\system32\wlangpui.dll
2009-09-14 23:02:56 ----A---- C:\Windows\system32\wisptis.exe
2009-09-14 23:02:56 ----A---- C:\Windows\system32\winsrv.dll
2009-09-14 23:02:56 ----A---- C:\Windows\system32\WinSCard.dll
2009-09-14 23:02:56 ----A---- C:\Windows\system32\WinSAT.exe
2009-09-14 23:02:56 ----A---- C:\Windows\system32\winrnr.dll
2009-09-14 23:02:56 ----A---- C:\Windows\system32\winresume.exe
2009-09-14 23:02:56 ----A---- C:\Windows\system32\winmm.dll
2009-09-14 23:02:56 ----A---- C:\Windows\system32\winlogon.exe
2009-09-14 23:02:56 ----A---- C:\Windows\system32\winload.exe
2009-09-14 23:02:55 ----A---- C:\Windows\system32\wmpmde.dll
2009-09-14 23:02:55 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-09-14 23:02:54 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-09-14 23:02:54 ----A---- C:\Windows\system32\sud.dll
2009-09-14 23:02:54 ----A---- C:\Windows\system32\Storprop.dll
2009-09-14 23:02:54 ----A---- C:\Windows\system32\stobject.dll
2009-09-14 23:02:54 ----A---- C:\Windows\system32\srcore.dll
2009-09-14 23:02:54 ----A---- C:\Windows\system32\srchadmin.dll
2009-09-14 23:02:53 ----A---- C:\Windows\system32\sysmain.dll
2009-09-14 23:02:53 ----A---- C:\Windows\system32\sysclass.dll
2009-09-14 23:02:53 ----A---- C:\Windows\system32\swprv.dll
2009-09-14 23:02:53 ----A---- C:\Windows\system32\srvsvc.dll
2009-09-14 23:02:52 ----A---- C:\Windows\system32\SyncCenter.dll
2009-09-14 23:02:52 ----A---- C:\Windows\system32\smss.exe
2009-09-14 23:02:52 ----A---- C:\Windows\system32\SmiEngine.dll
2009-09-14 23:02:52 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-09-14 23:02:52 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-09-14 23:02:52 ----A---- C:\Windows\system32\slwmi.dll
2009-09-14 23:02:52 ----A---- C:\Windows\system32\SLUI.exe
2009-09-14 23:02:52 ----A---- C:\Windows\system32\SLsvc.exe
2009-09-14 23:02:52 ----A---- C:\Windows\system32\slcc.dll
2009-09-14 23:02:52 ----A---- C:\Windows\system32\SLC.dll
2009-09-14 23:02:52 ----A---- C:\Windows\system32\shwebsvc.dll
2009-09-14 23:02:52 ----A---- C:\Windows\system32\shsvcs.dll
2009-09-14 23:02:51 ----A---- C:\Windows\system32\spp.dll
2009-09-14 23:02:51 ----A---- C:\Windows\system32\spoolsv.exe
2009-09-14 23:02:51 ----A---- C:\Windows\system32\spoolss.dll
2009-09-14 23:02:51 ----A---- C:\Windows\system32\spinstall.exe
2009-09-14 23:02:51 ----A---- C:\Windows\system32\spcmsg.dll
2009-09-14 23:02:51 ----A---- C:\Windows\system32\slwga.dll
2009-09-14 23:02:51 ----A---- C:\Windows\system32\SLUINotify.dll
2009-09-14 23:02:51 ----A---- C:\Windows\system32\slmgr.vbs
2009-09-14 23:02:51 ----A---- C:\Windows\system32\SLLUA.exe
2009-09-14 23:02:51 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-09-14 23:02:51 ----A---- C:\Windows\system32\slcinst.dll
2009-09-14 23:02:51 ----A---- C:\Windows\system32\SLCExt.dll
2009-09-14 23:02:46 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-09-14 23:02:46 ----A---- C:\Windows\system32\spwizui.dll
2009-09-14 23:02:46 ----A---- C:\Windows\system32\spwinsat.dll
2009-09-14 23:02:46 ----A---- C:\Windows\system32\spreview.exe
2009-09-14 23:02:46 ----A---- C:\Windows\system32\sperror.dll
2009-09-14 23:02:45 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-09-14 23:02:45 ----A---- C:\Windows\system32\TSTheme.exe
2009-09-14 23:02:45 ----A---- C:\Windows\system32\softkbd.dll
2009-09-14 23:02:45 ----A---- C:\Windows\system32\SnippingTool.exe
2009-09-14 23:02:45 ----A---- C:\Windows\system32\SndVol.exe
2009-09-14 23:02:44 ----A---- C:\Windows\system32\zipfldr.dll
2009-09-14 23:02:44 ----A---- C:\Windows\system32\untfs.dll
2009-09-14 23:02:44 ----A---- C:\Windows\system32\tsgqec.dll
2009-09-14 23:02:44 ----A---- C:\Windows\system32\tscupgrd.exe
2009-09-14 23:02:43 ----A---- C:\Windows\system32\uDWM.dll
2009-09-14 23:02:42 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-09-14 23:02:42 ----A---- C:\Windows\system32\ulib.dll
2009-09-14 23:02:42 ----A---- C:\Windows\system32\systemcpl.dll
2009-09-14 23:02:39 ----A---- C:\Windows\system32\tsbyuv.dll
2009-09-14 23:02:39 ----A---- C:\Windows\system32\tquery.dll
2009-09-14 23:02:39 ----A---- C:\Windows\system32\tcpmon.dll
2009-09-14 23:02:39 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-09-14 23:02:34 ----A---- C:\Windows\system32\thawbrkr.dll
2009-09-14 23:02:34 ----A---- C:\Windows\system32\termsrv.dll
2009-09-14 23:02:34 ----A---- C:\Windows\system32\taskeng.exe
2009-09-14 23:02:34 ----A---- C:\Windows\system32\taskcomp.dll
2009-09-14 23:02:34 ----A---- C:\Windows\system32\tapisrv.dll
2009-09-14 23:02:33 ----A---- C:\Windows\system32\themeui.dll
2009-09-14 23:02:33 ----A---- C:\Windows\system32\themecpl.dll
2009-09-14 22:54:20 ----D---- C:\Windows\system32\EventProviders
2009-09-10 21:45:22 ----A---- C:\Windows\system32\VB6STKIT.DLL
2009-09-10 21:45:22 ----A---- C:\Windows\system32\VB6FR.DLL
2009-09-10 21:45:22 ----A---- C:\Windows\system32\TABCTFR.DLL
2009-09-10 21:45:22 ----A---- C:\Windows\system32\MSCMCFR.DLL
2009-09-10 21:45:22 ----A---- C:\Windows\system32\Mscc2fr.dll
2009-09-10 21:45:22 ----A---- C:\Windows\system32\inetfr.DLL
2009-09-10 21:45:22 ----A---- C:\Windows\system32\CMDLGFR.DLL
2009-09-10 21:45:22 ----A---- C:\Windows\system32\AudPlayer.dll
2009-09-10 21:45:22 ----A---- C:\Windows\system32\AudioVisu.dll
2009-09-10 21:45:22 ----A---- C:\Windows\system32\AudioRecord.dll
2009-09-10 21:45:22 ----A---- C:\Windows\system32\AudioInfos.dll
2009-09-10 21:45:22 ----A---- C:\Windows\system32\AudFile.dll
2009-09-10 21:45:22 ----A---- C:\Windows\system32\AudDisplay.dll
2009-09-10 21:45:22 ----A---- C:\Windows\system32\AudDesign.dll
2009-09-05 12:11:04 ----D---- C:\Users\Damien\AppData\Roaming\GARMIN
2009-09-05 12:10:40 ----D---- C:\Program Files\Garmin GPS Plugin
2009-09-05 12:10:40 ----D---- C:\Program Files\DIFX
2009-09-05 12:10:37 ----D---- C:\Program Files\Garmin
2009-08-26 22:53:25 ----A---- C:\Windows\system32\lsdelete.exe
2009-08-26 19:34:12 ----HDC---- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-26 00:06:54 ----D---- C:\Program Files\Unlocker
2009-08-25 23:33:16 ----A---- C:\Windows\system32\xactengine2_0.dll
2009-08-25 23:33:16 ----A---- C:\Windows\system32\x3daudio1_0.dll
2009-08-25 23:33:09 ----A---- C:\Windows\system32\d3dx9_29.dll
2009-08-25 23:33:08 ----A---- C:\Windows\system32\d3dx9_28.dll
2009-08-25 23:33:07 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-08-25 23:33:07 ----A---- C:\Windows\system32\d3dx9_26.dll
2009-08-25 23:33:07 ----A---- C:\Windows\system32\d3dx9_25.dll
2009-08-25 23:33:06 ----A---- C:\Windows\system32\d3dx9_24.dll
2009-08-25 23:32:31 ----D---- C:\Program Files\SanDisk
2009-08-25 21:34:08 ----D---- C:\Users\Damien\AppData\Roaming\SanDisk
2009-08-03 15:07:42 ----A---- C:\Windows\system32\OGAEXEC.exe
2009-08-03 15:07:42 ----A---- C:\Windows\system32\OGACheckControl.dll
2009-08-03 15:07:42 ----A---- C:\Windows\system32\OGAAddin.dll
2009-07-20 21:58:05 ----D---- C:\Windows\pss
2009-07-20 18:54:54 ----RASH---- C:\SdHeuristic.txt
2009-07-19 20:46:33 ----RSH---- C:\MaxSignature.txt
2009-07-19 20:46:30 ----RSH---- C:\MaxVirus.txt
2009-07-14 14:25:04 ----A---- C:\Windows\system32\t2embed.dll
2009-07-14 14:25:04 ----A---- C:\Windows\system32\lpk.dll
2009-07-14 14:25:04 ----A---- C:\Windows\system32\fontsub.dll
2009-07-14 14:25:04 ----A---- C:\Windows\system32\dciman32.dll
2009-07-14 14:25:04 ----A---- C:\Windows\system32\atmlib.dll
2009-07-14 14:25:04 ----A---- C:\Windows\system32\atmfd.dll
2009-07-13 02:37:52 ----RASH---- C:\SDSignature.txt

======List of files/folders modified in the last 3 months======

2009-10-04 19:28:16 ----D---- C:\Windows\Prefetch
2009-10-04 19:28:09 ----D---- C:\Windows\Temp
2009-10-04 18:00:52 ----SHD---- C:\System Volume Information
2009-10-04 16:24:08 ----D---- C:\Windows\System32
2009-10-04 16:24:08 ----D---- C:\Windows\inf
2009-10-04 16:24:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-04 15:59:30 ----D---- C:\Windows\Tasks
2009-10-04 15:37:40 ----D---- C:\Windows
2009-10-04 14:57:54 ----D---- C:\ProgramData\pdf995
2009-10-04 14:40:16 ----HD---- C:\ProgramData
2009-10-04 14:40:16 ----D---- C:\Program Files
2009-10-04 13:20:12 ----D---- C:\ProgramData\Google Updater
2009-10-04 08:39:47 ----D---- C:\Windows\Debug
2009-10-03 06:12:06 ----D---- C:\Windows\system32\LogFiles
2009-09-30 07:11:22 ----D---- C:\Windows\system32\Tasks
2009-09-30 06:56:30 ----D---- C:\Windows\system32\catroot2
2009-09-27 18:03:35 ----D---- C:\Windows\system32\drivers
2009-09-27 08:58:44 ----D---- C:\Program Files\SpywareDetector
2009-09-19 11:34:40 ----SHD---- C:\Windows\Installer
2009-09-19 11:34:40 ----HD---- C:\Config.Msi
2009-09-19 11:34:40 ----D---- C:\Windows\winsxs
2009-09-18 00:19:56 ----D---- C:\Windows\system32\WDI
2009-09-17 22:14:13 ----D---- C:\Windows\system32\catroot
2009-09-17 22:14:12 ----DC---- C:\Windows\system32\DRVSTORE
2009-09-17 22:13:37 ----D---- C:\Program Files\Common Files\Apple
2009-09-17 22:12:09 ----D---- C:\Program Files\QuickTime
2009-09-17 06:53:31 ----D---- C:\Windows\system32\zh-TW
2009-09-17 06:53:31 ----D---- C:\Windows\system32\zh-HK
2009-09-17 06:53:31 ----D---- C:\Windows\system32\tr-TR
2009-09-17 06:53:31 ----D---- C:\Windows\system32\sv-SE
2009-09-17 06:53:31 ----D---- C:\Windows\system32\pt-BR
2009-09-17 06:53:31 ----D---- C:\Windows\system32\nl-NL
2009-09-17 06:53:31 ----D---- C:\Windows\system32\nb-NO
2009-09-17 06:53:31 ----D---- C:\Windows\system32\ko-KR
2009-09-17 06:53:31 ----D---- C:\Windows\system32\it-IT
2009-09-17 06:53:31 ----D---- C:\Windows\system32\he-IL
2009-09-17 06:53:31 ----D---- C:\Windows\system32\fr-FR
2009-09-17 06:53:31 ----D---- C:\Windows\system32\fi-FI
2009-09-17 06:53:31 ----D---- C:\Windows\system32\es-ES
2009-09-17 06:53:31 ----D---- C:\Windows\system32\en-US
2009-09-17 06:53:31 ----D---- C:\Windows\system32\el-GR
2009-09-17 06:53:31 ----D---- C:\Windows\system32\de-DE
2009-09-17 06:53:31 ----D---- C:\Windows\system32\da-DK
2009-09-17 06:53:31 ----D---- C:\Windows\system32\ar-SA
2009-09-17 03:37:51 ----D---- C:\Windows\rescache
2009-09-17 03:21:43 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-17 03:19:51 ----D---- C:\Program Files\Windows Mail
2009-09-17 03:19:50 ----D---- C:\Windows\system32\migration
2009-09-17 03:19:45 ----D---- C:\Program Files\Internet Explorer
2009-09-17 03:19:34 ----D---- C:\Program Files\Windows Media Player
2009-09-17 03:19:28 ----D---- C:\Windows\AppPatch
2009-09-17 03:05:10 ----RSD---- C:\Windows\assembly
2009-09-17 03:00:59 ----D---- C:\Windows\ehome
2009-09-16 22:06:16 ----D---- C:\Windows\Microsoft.NET
2009-09-16 21:06:06 ----D---- C:\Program Files\Mozilla Firefox
2009-09-16 20:43:49 ----D---- C:\ProgramData\Microsoft Help
2009-09-16 20:43:48 ----D---- C:\Program Files\Common Files\microsoft shared
2009-09-16 20:43:42 ----D---- C:\Program Files\Common Files\Merge Modules
2009-09-16 20:36:48 ----D---- C:\ProgramData\Symantec
2009-09-16 20:36:48 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-09-15 00:13:26 ----D---- C:\Program Files\Java
2009-09-15 00:03:16 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-14 23:45:41 ----SHD---- C:\Boot
2009-09-14 23:37:56 ----D---- C:\Program Files\Windows Calendar
2009-09-14 23:37:56 ----D---- C:\Program Files\Movie Maker
2009-09-14 23:37:55 ----D---- C:\Program Files\Windows Sidebar
2009-09-14 23:37:55 ----D---- C:\Program Files\Windows Collaboration
2009-09-14 23:37:54 ----D---- C:\Program Files\Windows Journal
2009-09-14 23:37:53 ----D---- C:\Program Files\Windows Photo Gallery
2009-09-14 23:37:53 ----D---- C:\Program Files\Common Files\System
2009-09-14 23:37:49 ----D---- C:\Windows\servicing
2009-09-14 23:37:49 ----D---- C:\Program Files\Windows Defender
2009-09-14 23:37:39 ----D---- C:\Windows\system32\XPSViewer
2009-09-14 23:37:39 ----D---- C:\Windows\system32\sk-SK
2009-09-14 23:37:39 ----D---- C:\Windows\system32\lv-LV
2009-09-14 23:37:39 ----D---- C:\Windows\system32\hr-HR
2009-09-14 23:37:39 ----D---- C:\Windows\system32\et-EE
2009-09-14 23:37:39 ----D---- C:\Windows\IME
2009-09-14 23:37:32 ----D---- C:\Windows\system32\oobe
2009-09-14 23:37:29 ----D---- C:\Windows\system32\ru-RU
2009-09-14 23:37:29 ----D---- C:\Windows\system32\AdvancedInstallers
2009-09-14 23:37:28 ----D---- C:\Windows\system32\SLUI
2009-09-14 23:37:28 ----D---- C:\Windows\system32\setup
2009-09-14 23:37:28 ----D---- C:\Windows\system32\pt-PT
2009-09-14 23:37:28 ----D---- C:\Windows\system32\hu-HU
2009-09-14 23:37:28 ----D---- C:\Windows\system32\cs-CZ
2009-09-14 23:37:27 ----D---- C:\Windows\system32\zh-CN
2009-09-14 23:37:27 ----D---- C:\Windows\system32\uk-UA
2009-09-14 23:37:27 ----D---- C:\Windows\system32\sr-Latn-CS
2009-09-14 23:37:27 ----D---- C:\Windows\system32\sl-SI
2009-09-14 23:37:27 ----D---- C:\Windows\system32\pl-PL
2009-09-14 23:37:27 ----D---- C:\Windows\system32\manifeststore
2009-09-14 23:37:27 ----D---- C:\Windows\system32\en
2009-09-14 23:37:26 ----D---- C:\Windows\system32\th-TH
2009-09-14 23:37:26 ----D---- C:\Windows\system32\ro-RO
2009-09-14 23:37:26 ----D---- C:\Windows\system32\ja-JP
2009-09-14 23:37:26 ----D---- C:\Windows\system32\bg-BG
2009-09-14 23:37:25 ----D---- C:\Windows\system32\wbem
2009-09-14 23:37:23 ----D---- C:\Windows\system32\migwiz
2009-09-14 23:37:23 ----D---- C:\Windows\system32\lt-LT
2009-09-14 23:36:52 ----RSD---- C:\Windows\Fonts
2009-09-14 23:36:44 ----D---- C:\Windows\system32\Boot
2009-09-14 23:27:07 ----D---- C:\Windows\system32\RTCOM
2009-09-14 19:42:09 ----SD---- C:\ProgramData\Microsoft
2009-09-14 19:17:15 ----D---- C:\Program Files\McAfee
2009-09-14 12:05:24 ----D---- C:\ProgramData\McAfee
2009-09-12 22:25:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-12 20:56:50 ----D---- C:\Windows\system32\spool
2009-09-12 20:56:50 ----D---- C:\Windows\system
2009-09-12 20:56:49 ----D---- C:\Windows\registration
2009-09-07 10:19:10 ----D---- C:\Users\Damien\AppData\Roaming\Any Video Converter
2009-09-05 12:31:10 ----D---- C:\Program Files\Google
2009-09-01 20:25:49 ----AD---- C:\ProgramData\TEMP
2009-09-01 20:25:39 ----D---- C:\Program Files\SpywareBlaster
2009-08-28 14:38:22 ----A---- C:\Windows\system32\mrt.exe
2009-08-26 19:34:01 ----D---- C:\Program Files\Lavasoft
2009-08-26 19:33:47 ----D---- C:\Program Files\Common Files
2009-08-21 08:27:17 ----D---- C:\Program Files\Safari
2009-08-18 19:29:48 ----D---- C:\Windows\SMINST
2009-08-12 21:27:30 ----A---- C:\Windows\ODBC.INI
2009-08-12 21:18:02 ----SHD---- C:\$Recycle.Bin
2009-08-12 21:17:33 ----RD---- C:\Users
2009-08-04 17:19:30 ----A---- C:\Windows\system32\CheckDll.dll
2009-08-03 21:01:04 ----D---- C:\Users\Damien\AppData\Roaming\Apple Computer
2009-08-03 19:57:07 ----D---- C:\ProgramData\WildTangent
2009-08-03 19:45:11 ----D---- C:\Program Files\HP Games
2009-08-03 19:18:20 ----SD---- C:\Windows\Downloaded Program Files
2009-07-31 15:23:10 ----A---- C:\Windows\system32\deploytk.dll
2009-07-23 00:55:05 ----D---- C:\Program Files\Common Files\Research In Motion
2009-07-20 21:54:02 ----D---- C:\Windows\Minidump
2009-07-05 22:17:53 ----D---- C:\Users\Damien\AppData\Roaming\Mozilla

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-09-16 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-09-16 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-09-16 108552]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 SDManager;SDManager; \??\C:\Program Files\SpywareDetector\SDManager.sys [2009-08-04 16816]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture; C:\Windows\system32\drivers\HCW85BDA.sys [2007-06-11 968064]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-03 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 PdiPorts;Portrait Displays low level device driver; C:\Windows\System32\Drivers\PdiPorts.sys [2009-06-23 17136]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
R3 SDActMon;SDActMon; \??\C:\Program Files\SpywareDetector\SDActMon.sys [2009-08-04 26544]
R3 TMPassthruMP;TMPassthruMP; C:\Windows\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ICDUSB2;Sony IC Recorder (P); C:\Windows\System32\Drivers\ICDUSB2.sys [2002-11-28 39048]
S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2007-01-22 7680]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\Windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 TMPassthru;Trend Micro Passthru Ndis Service; C:\Windows\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-16 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2007-04-25 73728]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-07-25 79136]
R2 MaxWatchDogService;MaxWatchDogService; C:\Program Files\SpywareDetector\MaxWatchDogService.exe [2009-08-04 409008]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-08-26 92296]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 PdiService;Portrait Displays SDK Service; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-06-23 109168]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 RUBotted;Trend Micro RUBotted Service; C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe [2008-11-06 582992]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-08-07 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-05 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-03-25 359160]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-03-26 310008]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-03-26 166648]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-11-29 72704]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-03-25 88824]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-03-26 1010424]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-05-03 74656]

-----------------EOF-----------------
demarq2001
Active Member
 
Posts: 13
Joined: September 15th, 2009, 9:42 pm

Re: Please Help

Unread postby deltalima » October 5th, 2009, 5:44 am

Hi demarq2001,

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore. - If you are using Windows XP or Vista then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows Vista System Restore Guide

Re-enable system restore with instructions from tutorial above

Update your AntiVirus Software and keep your other programs up-to-date
It is vital that you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Please Help

Unread postby NonSuch » October 8th, 2009, 2:56 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 60 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware