Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijackthis Logfile

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijackthis Logfile

Unread postby takey » October 25th, 2009, 12:11 am

Can anyone help me?Thank you.
___________________________________________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:46 AM, on 10/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\WINDOWS\sttray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.enigmasoftware.com/congratul ... spyhunter/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [58076329] C:\DOCUME~1\ALLUSE~1\APPLIC~1\58076329\58076329.exe
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [12CFG214-K641-24SF-N84P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1858\port88.exe
O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 8326 bytes
takey
Active Member
 
Posts: 3
Joined: October 25th, 2009, 12:08 am
Advertisement
Register to Remove

Re: Hijackthis Logfile

Unread postby hottroc » October 28th, 2009, 5:55 am

-----------------------------------------------------------
Malware Removal forum

Hi, Thank you for posting your HijackThis log and welcome to the forum. My name is hottroc and I am going to be helping you to remove any malicious infections from your system.

I shall examine your log and get back to you as soon as possible with further instructions.

I am currently still in training here so all my instructions to you will be double-checked by an expert before posting. This means there will be a small extra delay which I apologise for but please bear with us.
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: Hijackthis Logfile

Unread postby hottroc » October 30th, 2009, 6:38 am

random's system information tool (RSIT)

  • Download random's system information tool (RSIT) by random/random from HERE and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt (<<will be maximized)
    • info.txt (<<will be minimized)
  • Post both of these logs in your next reply (Sometimes you have to make several posts to get the logs posted.)
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: Hijackthis Logfile

Unread postby takey » October 31st, 2009, 2:25 am

Thank You fr the reply.Here are the log files:

log.txt:-

Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2009-10-31 14:20:48
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 111 GB (93%) free of 120 GB
Total RAM: 766 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:57 PM, on 10/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DiGi Internet\DiGi Internet.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Documents and Settings\user\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.enigmasoftware.com/congratul ... spyhunter/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [58076329] C:\DOCUME~1\ALLUSE~1\APPLIC~1\58076329\58076329.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [64072827] C:\DOCUME~1\ALLUSE~1\APPLIC~1\64072827\64072827.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-08.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [12CFG214-K641-24SF-N84P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1858\port88.exe
O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AC6A810-6E2C-4F68-AD91-80AA6DB8CD34}: NameServer = 203.92.128.151 203.92.128.189
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 9112 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-26 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-26 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-19 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"IDTSysTrayApp"=C:\WINDOWS\sttray.exe [2008-08-11 442460]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-08-11 442460]
"AESTFltr"=C:\WINDOWS\system32\AESTFltr.exe /NoDlg []
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-08-20 322104]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"58076329"=C:\DOCUME~1\ALLUSE~1\APPLIC~1\58076329\58076329.exe []
"Flashget"=C:\Program Files\FlashGet\FlashGet.exe [2007-09-25 2007088]
"QuickTime Task"=C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"64072827"=C:\DOCUME~1\ALLUSE~1\APPLIC~1\64072827\64072827.exe []
"PromoReg"=C:\WINDOWS\Temp\_ex-08.exe [2009-10-25 410112]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-26 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"12CFG214-K641-24SF-N84P"=C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1858\port88.exe []
"12CFG214-K641-12SF-N85P"=C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe []
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-05-15 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFind"=0
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFolderOptions"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\user\Desktop\game wkf on Adrian Alang (it01) on it07\Warcraft III.exe"="C:\Documents and Settings\user\Desktop\game wkf on Adrian Alang (it01) on it07\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56a3586e-c294-11de-bf56-00235ac8412c}]
shell\AutoRun\command - RECYCLER\autorun.exe
shell\open\command - RECYCLER\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77ad9845-bd7a-11de-bf34-00235ac8412c}]
shell\AutoRun\command - F:\RECYCLER\autorun.exe
shell\open\command - F:\RECYCLER\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bc71486-bd8e-11de-bf35-00235ac8412c}]
shell\AutoRun\command - F:\RECYCLER\autorun.exe
shell\open\command - F:\RECYCLER\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f34cee0-c501-11de-bf66-00235ac8412c}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f34cee4-c501-11de-bf66-00235ac8412c}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{978f106e-c42e-11de-bf60-00235ac8412c}]
shell\AutoRun\command - F:\RECYCLER\autorun.exe
shell\open\command - F:\RECYCLER\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{978f106f-c42e-11de-bf60-00235ac8412c}]
shell\AutoRun\command - G:\RECYCLER\autorun.exe
shell\open\command - G:\RECYCLER\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd316108-bd59-11de-bf2a-00235ac8412c}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
shell\Explore\command - F:\Flash.10.Setup.exe
shell\Open\command - F:\Flash.10.Setup.exe
shell\Scan for Viruses\command - F:\Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd316109-bd59-11de-bf2a-00235ac8412c}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
shell\Explore\command - F:\Flash.10.Setup.exe
shell\Open\command - F:\Flash.10.Setup.exe
shell\Scan for Viruses\command - F:\Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1374884-c539-11de-bf6a-00235ac8412c}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1374888-c539-11de-bf6a-00235ac8412c}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d137488a-c539-11de-bf6a-00235ac8412c}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d137488e-c539-11de-bf6a-00235ac8412c}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1374890-c539-11de-bf6a-00235ac8412c}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1374892-c539-11de-bf6a-00235ac8412c}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1374896-c539-11de-bf6a-00235ac8412c}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1374899-c539-11de-bf6a-00235ac8412c}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d34f80d2-c52f-11de-bf67-00235ac8412c}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dee435f4-c54e-11de-bf6b-00235ac8412c}]
shell\AutoRun\command - F:\AutoRun.exe


======File associations======

.vbs - edit -
.vbs - open - %SystemRoot%\system32\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2009-10-31 14:20:48 ----D---- C:\rsit
2009-10-30 20:22:22 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #3.txt
2009-10-30 19:08:18 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2009-10-30 18:33:29 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2009-10-30 11:08:57 ----D---- C:\Program Files\DiGi Internet
2009-10-27 15:23:22 ----D---- C:\Program Files\Garena
2009-10-27 12:58:13 ----D---- C:\WINDOWS\Sun
2009-10-26 12:18:09 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-26 12:18:09 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-26 12:18:09 ----A---- C:\WINDOWS\system32\java.exe
2009-10-26 12:18:09 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-26 12:17:51 ----D---- C:\Program Files\Java
2009-10-26 12:11:28 ----D---- C:\Documents and Settings\user\Application Data\Sun
2009-10-25 16:40:00 ----D---- C:\Documents and Settings\All Users\Application Data\64072827
2009-10-25 11:57:14 ----D---- C:\Program Files\Trend Micro
2009-10-25 11:10:44 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-10-25 11:10:44 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-25 11:07:05 ----D---- C:\Documents and Settings\user\Application Data\Apple Computer
2009-10-25 11:06:53 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-10-25 11:06:16 ----D---- C:\Program Files\iPod
2009-10-25 11:06:12 ----D---- C:\Program Files\iTunes
2009-10-25 11:06:12 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-25 11:05:53 ----D---- C:\Program Files\Bonjour
2009-10-25 11:04:39 ----D---- C:\Program Files\Apple Software Update
2009-10-25 11:04:01 ----D---- C:\Program Files\Common Files\Apple
2009-10-25 11:04:01 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-10-25 10:33:07 ----D---- C:\Program Files\FlashGet
2009-10-25 10:31:38 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-10-24 23:59:34 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-24 23:58:49 ----D---- C:\Program Files\Lavasoft
2009-10-24 23:58:49 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-24 22:55:28 ----D---- C:\Program Files\WinPcap
2009-10-24 18:08:50 ----D---- C:\Program Files\a-squared Free
2009-10-24 17:41:20 ----D---- C:\Documents and Settings\user\Application Data\Macromedia
2009-10-24 17:39:16 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-10-24 17:39:11 ----D---- C:\Program Files\Yahoo!
2009-10-23 18:45:19 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-22 20:39:44 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-21 20:50:00 ----D---- C:\Documents and Settings\user\Application Data\Media Player Classic
2009-10-21 19:56:24 ----D---- C:\WINDOWS\pss
2009-10-21 00:51:23 ----A---- C:\WINDOWS\system32\h323log.txt
2009-10-21 00:50:24 ----A---- C:\WINDOWS\system32\uniime.dll
2009-10-21 00:50:16 ----A---- C:\WINDOWS\system32\c_g18030.dll
2009-10-21 00:50:15 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2009-10-21 00:50:15 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2009-10-21 00:50:15 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2009-10-21 00:50:15 ----A---- C:\WINDOWS\system32\kbdax2.dll
2009-10-21 00:50:15 ----A---- C:\WINDOWS\system32\kbd106n.dll
2009-10-21 00:50:15 ----A---- C:\WINDOWS\system32\kbd101.dll
2009-10-21 00:50:15 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2009-10-21 00:50:14 ----A---- C:\WINDOWS\system32\imjp81k.dll
2009-10-21 00:50:09 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2009-10-21 00:50:09 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2009-10-21 00:50:08 ----A---- C:\WINDOWS\system32\msir3jp.dll
2009-10-21 00:50:08 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2009-10-21 00:49:54 ----A---- C:\WINDOWS\system32\kbd101a.dll
2009-10-21 00:49:47 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2009-10-21 00:49:47 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2009-10-21 00:49:47 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2009-10-21 00:49:33 ----A---- C:\WINDOWS\system32\c_is2022.dll
2009-10-21 00:49:32 ----A---- C:\WINDOWS\system32\kbdkor.dll
2009-10-21 00:49:32 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2009-10-21 00:49:32 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-10-21 00:49:32 ----A---- C:\WINDOWS\system32\kbd103.dll
2009-10-21 00:49:32 ----A---- C:\WINDOWS\system32\kbd101c.dll
2009-10-21 00:49:30 ----A---- C:\WINDOWS\system32\kbd101b.dll
2009-10-21 00:49:27 ----RA---- C:\WINDOWS\system32\kbdgeo.dll
2009-10-21 00:49:27 ----RA---- C:\WINDOWS\system32\kbdarmw.dll
2009-10-21 00:49:27 ----RA---- C:\WINDOWS\system32\kbdarme.dll
2009-10-21 00:49:27 ----A---- C:\WINDOWS\system32\Thawbrkr.dll
2009-10-21 00:49:26 ----RA---- C:\WINDOWS\system32\kbdintel.dll
2009-10-21 00:49:26 ----RA---- C:\WINDOWS\system32\kbdinpun.dll
2009-10-21 00:49:26 ----RA---- C:\WINDOWS\system32\kbdinkan.dll
2009-10-21 00:49:26 ----RA---- C:\WINDOWS\system32\kbdinhin.dll
2009-10-21 00:49:26 ----RA---- C:\WINDOWS\system32\kbdinguj.dll
2009-10-21 00:49:25 ----RA---- C:\WINDOWS\system32\kbdvntc.dll
2009-10-21 00:49:25 ----RA---- C:\WINDOWS\system32\kbdintam.dll
2009-10-21 00:49:25 ----RA---- C:\WINDOWS\system32\kbdinmar.dll
2009-10-21 00:49:25 ----RA---- C:\WINDOWS\system32\kbdindev.dll
2009-10-21 00:49:25 ----A---- C:\WINDOWS\system32\c_iscii.dll
2009-10-21 00:49:22 ----RA---- C:\WINDOWS\system32\kbdsyr2.dll
2009-10-21 00:49:22 ----RA---- C:\WINDOWS\system32\kbdsyr1.dll
2009-10-21 00:49:22 ----RA---- C:\WINDOWS\system32\kbddiv2.dll
2009-10-21 00:49:22 ----RA---- C:\WINDOWS\system32\kbddiv1.dll
2009-10-21 00:49:21 ----RA---- C:\WINDOWS\system32\kbdurdu.dll
2009-10-21 00:49:21 ----RA---- C:\WINDOWS\system32\kbdfa.dll
2009-10-21 00:49:21 ----RA---- C:\WINDOWS\system32\kbda3.dll
2009-10-21 00:49:21 ----RA---- C:\WINDOWS\system32\kbda2.dll
2009-10-21 00:49:21 ----RA---- C:\WINDOWS\system32\kbda1.dll
2009-10-21 00:49:21 ----A---- C:\WINDOWS\system32\kbdusa.dll
2009-10-21 00:49:17 ----RA---- C:\WINDOWS\system32\kbdheb.dll
2009-10-21 00:49:10 ----RA---- C:\WINDOWS\system32\kbdth3.dll
2009-10-21 00:49:10 ----RA---- C:\WINDOWS\system32\kbdth2.dll
2009-10-21 00:49:10 ----RA---- C:\WINDOWS\system32\kbdth1.dll
2009-10-21 00:49:10 ----RA---- C:\WINDOWS\system32\kbdth0.dll
2009-10-21 00:49:09 ----A---- C:\WINDOWS\system32\ftlx041e.dll
2009-10-21 00:43:34 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-10-21 00:43:34 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-10-21 00:42:39 ----A---- C:\WINDOWS\system32\usbui.dll
2009-10-21 00:41:23 ----A---- C:\WINDOWS\imsins.BAK
2009-10-21 00:41:21 ----SHD---- C:\WINDOWS\Installer
2009-10-21 00:41:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-21 00:41:20 ----D---- C:\Program Files\Common Files\ODBC
2009-10-21 00:41:20 ----A---- C:\WINDOWS\ODBCINST.INI
2009-10-21 00:41:17 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-10-21 00:41:17 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-21 00:41:17 ----D---- C:\Program Files\Common Files
2009-10-21 00:41:17 ----D---- C:\Program Files
2009-10-21 00:41:06 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-10-21 00:41:06 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-10-21 00:41:06 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-10-21 00:41:04 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-10-21 00:41:04 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-10-21 00:41:04 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-10-21 00:41:04 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-10-21 00:41:04 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-10-21 00:41:04 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-10-21 00:41:04 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-10-21 00:41:04 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-10-21 00:41:04 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-10-21 00:41:04 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-10-21 00:41:04 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-10-21 00:41:04 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-10-21 00:41:02 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-10-21 00:41:02 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-10-21 00:41:02 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-10-21 00:41:02 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-10-21 00:41:02 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-10-21 00:41:02 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-10-21 00:41:02 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-10-21 00:41:01 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-10-21 00:41:01 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-10-21 00:41:00 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-10-21 00:41:00 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-10-21 00:41:00 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-10-21 00:40:59 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-10-21 00:40:59 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-10-21 00:40:59 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-10-21 00:40:59 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-10-21 00:40:59 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-10-21 00:40:59 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-10-21 00:40:59 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-10-21 00:40:59 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-10-21 00:40:59 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-10-21 00:40:59 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-10-21 00:40:59 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-10-21 00:40:59 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-10-21 00:40:58 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-10-21 00:40:53 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-10-21 00:40:53 ----A---- C:\WINDOWS\system32\irclass.dll
2009-10-21 00:40:53 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-10-21 00:40:53 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-10-21 00:40:53 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-10-21 00:40:51 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-10-21 00:40:50 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-10-21 00:40:50 ----A---- C:\WINDOWS\system32\batt.dll
2009-10-21 00:40:50 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-10-21 00:40:49 ----A---- C:\WINDOWS\system32\storprop.dll
2009-10-21 00:40:42 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-10-21 00:40:39 ----RA---- C:\WINDOWS\SET8.tmp
2009-10-21 00:40:37 ----RA---- C:\WINDOWS\SET4.tmp
2009-10-21 00:40:35 ----RA---- C:\WINDOWS\SET3.tmp
2009-10-21 00:40:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-21 00:40:30 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-21 00:40:25 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-21 00:40:09 ----A---- C:\WINDOWS\setuplog.txt
2009-10-21 00:40:06 ----D---- C:\Documents and Settings
2009-10-21 00:40:05 ----SHD---- C:\System Volume Information
2009-10-21 00:39:20 ----SH---- C:\boot.ini
2009-10-21 00:35:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-21 00:35:08 ----RSD---- C:\WINDOWS\Fonts
2009-10-21 00:35:08 ----RD---- C:\WINDOWS\Web
2009-10-21 00:35:08 ----HD---- C:\WINDOWS\inf
2009-10-21 00:35:08 ----D---- C:\WINDOWS\WinSxS
2009-10-21 00:35:08 ----D---- C:\WINDOWS\twain_32
2009-10-21 00:35:08 ----D---- C:\WINDOWS\Temp
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\wins
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\wbem
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\usmt
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\spool
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\ShellExt
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\Setup
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\scripting
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\ras
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\oobe
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\npp
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\mui
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\inetsrv
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\IME
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\icsxml
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\ias
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\export
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\en
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\drivers
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\dhcp
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\config
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\3com_dmi
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\3076
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\2052
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\1054
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\1042
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\1041
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\1037
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\1033
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\1031
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\1028
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32\1025
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system32
2009-10-21 00:35:08 ----D---- C:\WINDOWS\system
2009-10-21 00:35:08 ----D---- C:\WINDOWS\security
2009-10-21 00:35:08 ----D---- C:\WINDOWS\Resources
2009-10-21 00:35:08 ----D---- C:\WINDOWS\repair
2009-10-21 00:35:08 ----D---- C:\WINDOWS\Provisioning
2009-10-21 00:35:08 ----D---- C:\WINDOWS\PeerNet
2009-10-21 00:35:08 ----D---- C:\WINDOWS\pchealth
2009-10-21 00:35:08 ----D---- C:\WINDOWS\NLDRV
2009-10-21 00:35:08 ----D---- C:\WINDOWS\Network Diagnostic
2009-10-21 00:35:08 ----D---- C:\WINDOWS\mui
2009-10-21 00:35:08 ----D---- C:\WINDOWS\msapps
2009-10-21 00:35:08 ----D---- C:\WINDOWS\msagent
2009-10-21 00:35:08 ----D---- C:\WINDOWS\Media
2009-10-21 00:35:08 ----D---- C:\WINDOWS\L2Schemas
2009-10-21 00:35:08 ----D---- C:\WINDOWS\java
2009-10-21 00:35:08 ----D---- C:\WINDOWS\ime
2009-10-21 00:35:08 ----D---- C:\WINDOWS\Help
2009-10-21 00:35:08 ----D---- C:\WINDOWS\Driver Cache
2009-10-21 00:35:08 ----D---- C:\WINDOWS\Debug
2009-10-21 00:35:08 ----D---- C:\WINDOWS\Cursors
2009-10-21 00:35:08 ----D---- C:\WINDOWS\Connection Wizard
2009-10-21 00:35:08 ----D---- C:\WINDOWS\Config
2009-10-21 00:35:08 ----D---- C:\WINDOWS\AppPatch
2009-10-21 00:35:08 ----D---- C:\WINDOWS\addins
2009-10-21 00:35:08 ----D---- C:\WINDOWS
2009-10-20 22:21:14 ----D---- C:\Documents and Settings\user\Application Data\Adobe
2009-10-20 21:53:02 ----RSHD---- C:\RECYCLER
2009-10-20 18:05:01 ----A---- C:\WINDOWS\system32\wpa.bak
2009-10-20 17:58:55 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-10-20 17:58:51 ----D---- C:\Program Files\DIFX
2009-10-20 17:58:47 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-20 17:46:15 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-10-20 17:45:08 ----D---- C:\Program Files\Microsoft Works
2009-10-20 17:45:02 ----D---- C:\Program Files\MSBuild
2009-10-20 17:44:45 ----D---- C:\Program Files\Microsoft Visual Studio
2009-10-20 17:44:45 ----D---- C:\Program Files\Common Files\DESIGNER
2009-10-20 17:42:00 ----D---- C:\WINDOWS\SHELLNEW
2009-10-20 17:41:46 ----D---- C:\Documents and Settings\user\Application Data\Mozilla
2009-10-20 17:41:30 ----D---- C:\Program Files\Mozilla Firefox
2009-10-20 17:41:25 ----D---- C:\Program Files\Microsoft Office
2009-10-20 17:41:24 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-10-20 17:41:00 ----RHD---- C:\MSOCache
2009-10-20 17:40:48 ----D---- C:\Program Files\Common Files\LightScribe
2009-10-20 17:40:18 ----D---- C:\Documents and Settings\user\Application Data\Ahead
2009-10-20 17:39:25 ----D---- C:\Program Files\Nero
2009-10-20 17:39:25 ----D---- C:\Program Files\Common Files\Ahead
2009-10-20 17:39:25 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-10-20 17:38:53 ----D---- C:\WINDOWS\RegisteredPackages
2009-10-20 17:38:27 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-10-20 17:38:27 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-10-20 17:37:50 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-20 17:37:42 ----D---- C:\Program Files\Common Files\Adobe
2009-10-20 17:37:42 ----D---- C:\Program Files\Adobe
2009-10-20 17:35:15 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-10-20 17:35:13 ----D---- C:\Program Files\Ringz Studio
2009-10-20 17:35:13 ----D---- C:\Program Files\Common Files\Real
2009-10-20 17:35:03 ----D---- C:\Program Files\Avira
2009-10-20 17:35:03 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-10-20 17:34:38 ----D---- C:\Program Files\WinRAR
2009-10-20 17:17:13 ----D---- C:\Documents and Settings\user\Application Data\hpqLog
2009-10-20 17:16:51 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-10-20 17:16:50 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-10-20 17:16:48 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2009-10-20 17:16:38 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-10-20 17:16:35 ----A---- C:\WINDOWS\system32\WdfCoInstaller01005.dll
2009-10-20 17:16:34 ----RA---- C:\WINDOWS\system32\BttnCmn.dll
2009-10-20 17:16:33 ----D---- C:\Program Files\Hewlett-Packard
2009-10-20 17:16:33 ----A---- C:\WINDOWS\system32\BttnCmns.dll
2009-10-20 17:16:24 ----D---- C:\swsetup
2009-10-20 17:11:32 ----A---- C:\WINDOWS\system32\stlang.dll
2009-10-20 17:11:32 ----A---- C:\WINDOWS\system32\stacsv.exe
2009-10-20 17:11:32 ----A---- C:\WINDOWS\sttray.exe
2009-10-20 17:11:27 ----A---- C:\WINDOWS\system32\staco.dll
2009-10-20 17:11:25 ----A---- C:\WINDOWS\system32\stacapi.dll
2009-10-20 17:11:19 ----D---- C:\Program Files\IDT
2009-10-20 17:11:18 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-20 17:11:14 ----D---- C:\Program Files\Common Files\InstallShield
2009-10-20 17:00:56 ----D---- C:\Documents and Settings\user\Application Data\Identities
2009-10-20 17:00:54 ----HD---- C:\Program Files\Uninstall Information
2009-10-20 17:00:49 ----ASH---- C:\Documents and Settings\user\Application Data\desktop.ini
2009-10-20 17:00:48 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
2009-10-20 17:00:19 ----D---- C:\WINDOWS\SoftwareDistribution
2009-10-20 17:00:17 ----SD---- C:\WINDOWS\system32\Microsoft
2009-10-20 17:00:17 ----D---- C:\WINDOWS\Prefetch
2009-10-20 17:00:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-20 16:56:57 ----D---- C:\WINDOWS\system32\xircom
2009-10-20 16:56:57 ----D---- C:\Program Files\xerox
2009-10-20 16:56:57 ----D---- C:\Program Files\microsoft frontpage
2009-10-20 16:56:48 ----A---- C:\WINDOWS\control.ini
2009-10-20 16:56:48 ----A---- C:\AUTOEXEC.BAT
2009-10-20 16:56:39 ----A---- C:\WINDOWS\OEWABLog.txt
2009-10-20 16:56:35 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-10-20 16:55:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-20 16:55:50 ----RD---- C:\WINDOWS\Offline Web Pages
2009-10-20 16:55:50 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-10-20 16:55:44 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-10-20 16:55:40 ----HD---- C:\Program Files\WindowsUpdate
2009-10-20 16:55:18 ----D---- C:\WINDOWS\system32\DirectX
2009-10-20 16:55:12 ----A---- C:\WINDOWS\system32\atrace.dll
2009-10-20 16:55:10 ----A---- C:\WINDOWS\system32\desktop.ini
2009-10-20 16:55:10 ----A---- C:\WINDOWS\desktop.ini
2009-10-20 16:55:03 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-10-20 16:55:02 ----A---- C:\WINDOWS\system32\acctres.dll
2009-10-20 16:55:01 ----D---- C:\Program Files\Common Files\Services
2009-10-20 16:54:58 ----SD---- C:\WINDOWS\Tasks
2009-10-20 16:54:58 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-10-20 16:54:57 ----D---- C:\Program Files\Common Files\MSSoap
2009-10-20 16:54:54 ----D---- C:\WINDOWS\system32\Macromed
2009-10-20 16:54:54 ----D---- C:\WINDOWS\srchasst
2009-10-20 16:54:51 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-10-20 16:54:51 ----A---- C:\WINDOWS\system32\wups.dll
2009-10-20 16:54:51 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-10-20 16:54:51 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-10-20 16:54:51 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-10-20 16:54:51 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-10-20 16:54:51 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-10-20 16:54:51 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-10-20 16:54:51 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-10-20 16:54:50 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-10-20 16:54:50 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-10-20 16:54:50 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-10-20 16:54:50 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-10-20 16:54:50 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-10-20 16:54:47 ----D---- C:\Program Files\Movie Maker
2009-10-20 16:54:30 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-10-20 16:54:30 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-10-20 16:54:30 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-10-20 16:54:30 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-10-20 16:54:27 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-10-20 16:54:27 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-10-20 16:54:26 ----D---- C:\WINDOWS\system32\Restore
2009-10-20 16:54:26 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-10-20 16:54:26 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-10-20 16:54:26 ----A---- C:\WINDOWS\system32\srclient.dll
2009-10-20 16:54:25 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-10-20 16:54:25 ----A---- C:\WINDOWS\system32\msconf.dll
2009-10-20 16:54:25 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-10-20 16:54:25 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-10-20 16:54:25 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-10-20 16:54:25 ----A---- C:\WINDOWS\system32\ils.dll
2009-10-20 16:54:22 ----D---- C:\Program Files\NetMeeting
2009-10-20 16:54:22 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-10-20 16:54:22 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-10-20 16:54:21 ----A---- C:\WINDOWS\system32\inetres.dll
2009-10-20 16:54:21 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-10-20 16:54:19 ----D---- C:\Program Files\Outlook Express
2009-10-20 16:54:19 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-10-20 16:54:18 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-10-20 16:54:18 ----A---- C:\WINDOWS\system32\mstask.dll
2009-10-20 16:54:18 ----A---- C:\WINDOWS\system32\isign32.dll
2009-10-20 16:54:18 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-10-20 16:54:18 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-10-20 16:54:18 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-10-20 16:54:11 ----D---- C:\Program Files\Common Files\System
2009-10-20 16:54:07 ----D---- C:\Program Files\Internet Explorer
2009-10-20 16:53:55 ----D---- C:\Program Files\ComPlus Applications
2009-10-20 16:53:53 ----A---- C:\WINDOWS\vbaddin.ini
2009-10-20 16:53:53 ----A---- C:\WINDOWS\vb.ini
2009-10-20 16:53:49 ----D---- C:\WINDOWS\Registration
2009-10-20 16:53:20 ----D---- C:\Program Files\Windows Media Player
2009-10-20 16:53:20 ----D---- C:\Program Files\Online Services
2009-10-20 16:53:14 ----D---- C:\Program Files\Messenger
2009-10-20 16:53:11 ----D---- C:\Program Files\MSN Gaming Zone
2009-10-20 16:53:11 ----A---- C:\WINDOWS\system32\write.exe
2009-10-20 16:53:02 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-10-20 16:53:01 ----A---- C:\WINDOWS\system32\winchat.exe
2009-10-20 16:53:01 ----A---- C:\WINDOWS\system32\hticons.dll
2009-10-20 16:53:01 ----A---- C:\WINDOWS\system32\avwav.dll
2009-10-20 16:53:01 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-10-20 16:53:01 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-10-20 16:52:54 ----A---- C:\WINDOWS\system32\getuname.dll
2009-10-20 16:52:53 ----A---- C:\WINDOWS\system32\winmine.exe
2009-10-20 16:52:53 ----A---- C:\WINDOWS\system32\sol.exe
2009-10-20 16:52:53 ----A---- C:\WINDOWS\system32\charmap.exe
2009-10-20 16:52:53 ----A---- C:\WINDOWS\system32\calc.exe
2009-10-20 16:52:52 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-10-20 16:52:52 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-10-20 16:52:52 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-10-20 16:52:52 ----A---- C:\WINDOWS\system32\tskill.exe
2009-10-20 16:52:52 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-10-20 16:52:52 ----A---- C:\WINDOWS\system32\tscon.exe
2009-10-20 16:52:52 ----A---- C:\WINDOWS\system32\shadow.exe
2009-10-20 16:52:52 ----A---- C:\WINDOWS\system32\reset.exe
2009-10-20 16:52:52 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-10-20 16:52:52 ----A---- C:\WINDOWS\system32\freecell.exe
2009-10-20 16:52:51 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-10-20 16:52:51 ----A---- C:\WINDOWS\system32\regini.exe
2009-10-20 16:52:51 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-10-20 16:52:51 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-10-20 16:52:51 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-10-20 16:52:51 ----A---- C:\WINDOWS\system32\msg.exe
2009-10-20 16:52:51 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-10-20 16:52:51 ----A---- C:\WINDOWS\system32\logoff.exe
2009-10-20 16:52:51 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-10-20 16:52:45 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-10-20 16:52:39 ----D---- C:\Program Files\MSN
2009-10-20 16:52:39 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-10-20 16:52:39 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-10-20 16:52:38 ----D---- C:\Program Files\Windows NT
2009-10-20 16:52:38 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-10-20 16:52:38 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-10-20 16:52:38 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-10-20 16:52:38 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-10-20 16:52:37 ----D---- C:\WINDOWS\system32\en-US
2009-10-20 16:52:37 ----A---- C:\WINDOWS\system32\spider.exe
2009-10-20 16:52:36 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-10-20 16:52:36 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-10-20 16:52:36 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-10-20 16:52:36 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-10-20 16:52:35 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-10-20 16:52:35 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-10-20 16:52:35 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-10-20 16:52:35 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-10-20 16:52:35 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-10-20 16:52:35 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-10-20 16:52:35 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-10-20 16:52:35 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-10-20 16:52:35 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-10-20 16:52:34 ----D---- C:\WINDOWS\system32\MsDtc
2009-10-20 16:52:34 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-10-20 16:52:34 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-10-20 16:52:34 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-10-20 16:52:34 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-10-20 16:52:34 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-10-20 16:52:34 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-10-20 16:52:34 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-10-20 16:52:34 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-10-20 16:52:33 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-10-20 16:52:33 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-10-20 16:52:33 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-10-20 16:52:33 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-10-20 16:52:32 ----D---- C:\WINDOWS\system32\Com
2009-10-20 16:52:32 ----A---- C:\WINDOWS\system32\stclient.dll
2009-10-20 16:52:32 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-10-20 16:52:32 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-10-20 16:52:32 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-10-20 16:52:32 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-10-20 16:52:32 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-10-20 16:52:32 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-10-20 16:52:32 ----A---- C:\WINDOWS\system32\colbact.dll
2009-10-20 16:52:32 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-10-20 16:52:31 ----A---- C:\WINDOWS\system32\comuid.dll
2009-10-20 16:52:31 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-10-20 16:52:31 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-10-20 16:52:31 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-10-20 16:52:31 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-10-20 16:52:31 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-10-20 16:52:30 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-10-20 16:52:26 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-10-20 16:52:26 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-10-20 16:52:26 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-10-20 16:52:26 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2009-10-21 12:07:24 ----A---- C:\WINDOWS\system32\svchost.exe
2009-10-21 00:41:16 ----A---- C:\WINDOWS\system.ini
2009-10-20 17:42:13 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-10-21 55656]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-16 34064]
R3 AESTAud;AE Audio Service; C:\WINDOWS\system32\drivers\AESTAud.sys [2008-08-01 112128]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-05-16 2881536]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-10-09 1294200]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 enecir;ENE CIR Receiver; C:\WINDOWS\system32\DRIVERS\enecir.sys [2008-04-29 54784]
R3 enecirhid;ENE CIR HID Receiver; C:\WINDOWS\system32\DRIVERS\enecirhid.sys [2008-04-29 11264]
R3 enecirhidma;ENE CIR HIDmini Filter; C:\WINDOWS\system32\DRIVERS\enecirhidma.sys [2008-04-25 5632]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-29 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-06-22 102528]
R3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-06-22 100480]
R3 JMCR;JMCR; C:\WINDOWS\system32\DRIVERS\jmcr.sys [2008-07-08 96856]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-08-07 111360]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-08-11 1386627]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 ab89b03c;ab89b03c; C:\WINDOWS\System32\drivers\ab89b03c.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\user\LOCALS~1\Temp\JLY39.tmp []
S3 hidshim;Service for HID-KMDF Shim layer; C:\WINDOWS\system32\DRIVERS\hidshim.sys [2007-07-20 5632]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 winbondhidcir;Winbond HID CIR Receiver; C:\WINDOWS\system32\DRIVERS\winbondhidcir.sys [2007-07-20 21504]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-10-01 1858144]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-10-21 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-05-15 540672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-26 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-10-25 1170768]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 STacSV;Audio Service; C:\Program Files\IDT\WDM\STacSV.exe [2008-08-11 225362]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-12-05 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
takey
Active Member
 
Posts: 3
Joined: October 25th, 2009, 12:08 am

Re: Hijackthis Logfile

Unread postby takey » October 31st, 2009, 2:26 am

info.txt:


info.txt logfile of random's system information tool 1.06 2009-10-31 14:21:01

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
a-squared Free 4.5-->"C:\Program Files\a-squared Free\unins000.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
DiGi Internet-->C:\Program Files\DiGi Internet\uninst.exe
FlashGet 1.9.6.1073-->C:\Program Files\FlashGet\uninst.exe
Garena-->C:\Program Files\Garena\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Quick Launch Buttons-->"C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -runfromtemp -l0x0009 -removeonly uninst
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x9 -remove -removeonly
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Essentials-->MsiExec.exe /X{8A8C4EAC-9AB7-45FA-9480-5716FD261033}
QLBCASL-->MsiExec.exe /I{F1D7AC58-554A-4A58-B784-B61558B1449A}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Storm Codec-->C:\Program Files\Ringz Studio\Storm Codec\uninst7.01.19.exe
Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\enecir_7C97E04E09C9402F3EBA775A5CCC7401A6C1456A\enecir.inf
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AntiVir Desktop (outdated)

======System event log======

Computer Name: USER-C2BE4B59A3
Event Code: 20
Message: Printer Driver Send To Microsoft OneNote Driver for Windows NT x86 Version-3 was added or updated. Files:- msonpdrv.dll, msonpui.dll, msonpui.dll.

Record Number: 154
Source Name: Print
Time Written: 20091020174615.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: USER-C2BE4B59A3
Event Code: 57
Message: The system failed to flush data to the transaction log. Corruption may occur.

Record Number: 123
Source Name: Ftdisk
Time Written: 20091020173227.000000+480
Event Type: warning
User:

Computer Name: USER-C2BE4B59A3
Event Code: 57
Message: The system failed to flush data to the transaction log. Corruption may occur.

Record Number: 122
Source Name: Ftdisk
Time Written: 20091020173227.000000+480
Event Type: warning
User:

Computer Name: USER-C2BE4B59A3
Event Code: 57
Message: The system failed to flush data to the transaction log. Corruption may occur.

Record Number: 121
Source Name: Ftdisk
Time Written: 20091020173227.000000+480
Event Type: warning
User:

Computer Name: USER-C2BE4B59A3
Event Code: 57
Message: The system failed to flush data to the transaction log. Corruption may occur.

Record Number: 120
Source Name: Ftdisk
Time Written: 20091020173227.000000+480
Event Type: warning
User:

=====Application event log=====

Computer Name: USER-C2BE4B59A3
Event Code: 4113
Message: AntiVir has detected 'TR/VB.ayo.1.A'
in the file
C:\WINDOWS\system32\Flash.10.exe

Record Number: 63
Source Name: Avira AntiVir
Time Written: 20091020173547.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: USER-C2BE4B59A3
Event Code: 10005
Message: Product: Winbond CIR Device Drivers -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2229. The arguments are: , LockPermissions, SELECT `Domain`,`User`,`Permission` FROM `LockPermissions` WHERE `Table`=? AND `LockObject`=? ORDER BY `Permission`

Record Number: 43
Source Name: MsiInstaller
Time Written: 20091020172449.000000+480
Event Type: error
User: USER-C2BE4B59A3\user

Computer Name: USER-C2BE4B59A3
Event Code: 10005
Message: Product: Winbond CIR Device Drivers -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2229. The arguments are: , LockPermissions, SELECT `Domain`,`User`,`Permission` FROM `LockPermissions` WHERE `Table`=? AND `LockObject`=? ORDER BY `Permission`

Record Number: 41
Source Name: MsiInstaller
Time Written: 20091020172352.000000+480
Event Type: error
User: USER-C2BE4B59A3\user

Computer Name: USER-C2BE4B59A3
Event Code: 1005
Message: Your Windows product has not been activated with Microsoft yet. Please use the Product Activation Wizard within 30 days.


Record Number: 22
Source Name: Windows Product Activation
Time Written: 20091020170050.000000+480
Event Type: warning
User:

Computer Name: USER-C2BE4B59A3
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 11
Source Name: WinMgmt
Time Written: 20091020165335.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Ringz Studio\Storm Codec\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=17
"PROCESSOR_IDENTIFIER"=x86 Family 17 Model 3 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0301
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Ringz Studio\Storm Codec\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\Ringz Studio\Storm Codec\QTSystem\QTJava.zip

-----------------EOF-----------------
takey
Active Member
 
Posts: 3
Joined: October 25th, 2009, 12:08 am

Re: Hijackthis Logfile

Unread postby hottroc » November 1st, 2009, 10:11 am

Sorry for the delay.

Unfortunately I have identified from your logs some nasty infections including a backdoor trojan.

This allows hackers to Download and Execute files, remotely control your computer, steal critical system information and log passwords.

I would advise you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards, but the choice is yours if you wish to try.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.


Now I also need to point out that your removable drives have been infected. Your computer in fact was probably infected by a removable USB device (a flash drive or other removable drive - this may include your mobile phone, mp3 player, and so on). We need to clean those devices too so that they do not reinfect your computer or spread the infection to other computers.


******* USBNoRisk *******

- download USBNoRisk to your Desktop and run it by double-clicking the program's icon
- wait a couple of seconds for initial scan to be done
- connect all of the USB storage devices to the PC, one at a time, and keep each one connected at least for 10 seconds
- if there are more USB storage devices to scan, please take a note about the order in which these were connected
- after all the devices are scanned, choose "Save log" option from right-click menu on Monitor tab. That will open the log in Notepad. Please copy/paste the log in your response here.

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: Hijackthis Logfile

Unread postby NonSuch » November 5th, 2009, 12:06 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27304
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware