Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Vista Security 2011

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Vista Security 2011

Unread postby Zaphod » April 3rd, 2011, 11:27 am

Hello. You were a great help last year with my laptop. Now a friend's computer needs your assistance.

Yesterday something called Vista Security 2011 hijacked this desktop. I was able to use the Restore to reset to a date last week. When I look at the processes, program files and registry after the restore it appeared everything was ok. This morning the computer is once again acting up.

Thanks in advance for your assistance.

DDS Contents

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Home at 11:09:58.75 on 03/04/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2940.1202 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\wpcumi.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG10\avgscanx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\HP\HP Software Update\hpwucli.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Users\Home\AppData\Local\Temp\HpUpdate\15234\sp44626.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Home\Downloads\dds.scr
C:\Windows\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 0.0.0.0:80
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DATAMNGR] c:\progra~1\bearsh~1\mediabar\datamngr\DATAMN~1.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
StartupFolder: c:\users\home\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft

office\office12\ONENOTEM.EXE
StartupFolder: c:\users\home\appdata\roaming\micros~1\windows\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture

utility\pmbcore\SPUVolumeWatcher.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/ms ... b56986.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/So ... b56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/Messenger ... E_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/Mi ... b56986.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\home\appdata\roaming\mozilla\firefox\profiles\r7yqn4pn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\bearshare applications\mediabar\datamngr\firefoxextension\components\DataMngrHlp.dll
FF - component: c:\users\home\appdata\roaming\mozilla\firefox\profiles\r7yqn4pn.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

\components\FFExternalAlert.dll
FF - component: c:\users\home\appdata\roaming\mozilla\firefox\profiles\r7yqn4pn.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

\components\RadioWMPCore.dll
FF - component:

c:\users\home\appdata\roaming\mozilla\firefox\profiles\r7yqn4pn.default\extensions\toolbar@ask.com\chrome\content\AudioService.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\home\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\home\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\home\appdata\roaming\mozilla\plugins\np-mswmp.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-20 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
R3 HSXHWBS3;HSXHWBS3;c:\windows\system32\drivers\HSXHWBS3.sys [2008-2-12 207360]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-1-29 38224]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-13 136176]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-9-3 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-2-26 36608]
.
=============== Created Last 30 ================
.
2011-04-03 14:54:53 -------- d-----w- c:\users\home\appdata\roaming\HpUpdate
2011-04-03 14:54:48 -------- d-----w- c:\windows\Hewlett-Packard
2011-03-23 19:56:37 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-23 19:56:36 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-23 19:56:36 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-23 19:56:36 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-23 19:56:36 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-23 19:56:36 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-23 19:56:36 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-23 19:56:36 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-14 00:52:30 -------- d-----w- c:\users\home\appdata\local\Google
2011-03-10 23:59:25 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-03-10 23:55:04 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-03-10 23:55:03 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-03-10 23:55:03 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-03-10 23:51:35 -------- d-----w- c:\program files\CONEXANT
2011-03-10 23:46:58 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-03-10 23:46:58 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-03-10 23:46:58 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-03-10 23:46:58 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-03-10 23:46:58 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-03-10 23:46:58 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-03-10 23:44:48 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-03-10 23:44:47 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-10 23:44:47 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-10 23:44:44 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-03-10 23:44:42 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-03-10 23:44:41 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-03-10 23:43:06 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2011-03-10 23:43:05 471552 ----a-w- c:\windows\system32\secproc.dll
2011-03-10 23:43:00 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-03-10 23:42:59 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-03-10 23:42:59 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-03-10 23:42:58 518144 ----a-w- c:\windows\system32\RMActivate.exe
2011-03-10 23:42:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2011-03-10 23:42:58 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-03-10 23:42:58 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-03-09 20:03:33 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 20:03:33 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 20:03:33 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 20:03:33 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 20:03:30 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 20:03:30 2067968 ----a-w- c:\windows\system32\mstscax.dll
.
==================== Find3M ====================
.
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 11:14:43.19 ===============


Attach contents

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 15/07/2009 10:08:43 PM
System Uptime: 03/04/2011 10:35:35 AM (1 hours ago)
.
Motherboard: FOXCONN | | Napa
Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz |

Socket 775 | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 34.107 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.519 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (FAT32) - 466 GiB total, 365.345 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP412: 28/03/2011 9:54:28 PM - Scheduled Checkpoint
RP413: 30/03/2011 8:23:47 PM - Scheduled Checkpoint
RP414: 02/04/2011 1:37:39 PM - Scheduled Checkpoint
RP416: 03/04/2011 11:00:23 AM - Installed MediaSmart DVD
RP417: 03/04/2011 11:08:45 AM - Windows Update
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.0
Adobe Shockwave Player 11.5
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Ask Toolbar
AVG 2011
Bonjour
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
Download Updater (AOL LLC)
DVD Flick 1.3.0.7
Facebook Plug-In
Google Earth
Google Update Helper
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Demo
HP Easy Setup - Frontend
HP MediaSmart DVD
HP Recovery Manager RSS
HP Total Care Advisor
HP Update
HPAsset component for HP Active Support Library
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
Malwarebytes' Anti-Malware
MediaBar
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86

8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86

9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox 4.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer
My HP Games
NVIDIA Drivers
PCIe Soft Data Fax Modem with SmartCP
PhotoFiltre
Power2Go
Primo
Python 2.5.2
QuickTime
Realtek High Definition Audio Driver
Runtime
Safari
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer

(KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype web features
Skype™ 4.1
Sony Picture Utility
Sony Vegas Pro 8.0
sp44626
SpywareBlaster 4.4
The Sims™ 2 Double Deluxe
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features

(KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Viewpoint Media Player
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007

2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007

2.5.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinFF 1.1
YouTube Downloader 2.6.5
Zoo Tycoon 2 - Extinct Animals Demo
.
==== Event Viewer Messages From Past Week ========
.
30/03/2011 7:59:22 PM, Error: bowser [8003] - The master browser

has received a server announcement from the computer MINE that

believes that it is the master browser for the domain on

transport NetBT_Tcpip_{70503B68-1189-4DE4-BDE9-F358223849BE}. The

master browser is stopping or an election is being forced.
27/03/2011 12:27:11 AM, Error: EventLog [6008] - The previous

system shutdown at 6:03:13 PM on 26/03/2011 was unexpected.
03/04/2011 10:42:54 AM, Error: Service Control Manager [7022] -

The Windows Update service hung on starting.
03/04/2011 10:40:06 AM, Error: Service Control Manager [7009] -

A timeout was reached (30000 milliseconds) while waiting for the

HP Health Check Service service to connect.
03/04/2011 10:40:06 AM, Error: Service Control Manager [7000] -

The HP Health Check Service service failed to start due to the

following error: The service did not respond to the start or

control request in a timely fashion.
03/04/2011 10:37:57 AM, Error: Microsoft-Windows-

LanguagePackSetup [1001] - Application initialization failed.

Last error: 0x80070032
03/04/2011 10:36:11 AM, Error: Microsoft-Windows-HttpEvent

[15021] - An error occured while using SSL configuration for

socket address 99.239.111.33:63331. The error status code is

contained within the returned data.
03/04/2011 10:36:11 AM, Error: Microsoft-Windows-HttpEvent

[15021] - An error occured while using SSL configuration for

socket address 192.168.1.102:63331. The error status code is

contained within the returned data.
03/04/2011 10:36:11 AM, Error: Microsoft-Windows-HttpEvent

[15021] - An error occured while using SSL configuration for

socket address 192.168.0.198:63331. The error status code is

contained within the returned data.
03/04/2011 10:36:11 AM, Error: Microsoft-Windows-HttpEvent

[15021] - An error occured while using SSL configuration for

socket address 192.168.0.197:63331. The error status code is

contained within the returned data.
03/04/2011 10:36:11 AM, Error: Microsoft-Windows-HttpEvent

[15021] - An error occured while using SSL configuration for

socket address 192.168.0.192:63331. The error status code is

contained within the returned data.
03/04/2011 10:36:11 AM, Error: Microsoft-Windows-HttpEvent

[15021] - An error occured while using SSL configuration for

socket address 192.168.0.189:63331. The error status code is

contained within the returned data.
03/04/2011 10:36:11 AM, Error: Microsoft-Windows-HttpEvent

[15021] - An error occured while using SSL configuration for

socket address 169.254.1.152:63331. The error status code is

contained within the returned data.
02/04/2011 9:34:32 PM, Error: Service Control Manager [7026] -

The following boot-start or system-start driver(s) failed to

load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC NetBIOS netbt nsiproxy

PSched RasAcd rdbss Smb spldr tdx Wanarpv6 ws2ifsl
02/04/2011 9:34:32 PM, Error: Service Control Manager [7001] -

The Workstation service depends on the Network Store Interface

Service service which failed to start because of the following

error: The dependency service or group failed to start.
02/04/2011 9:34:32 PM, Error: Service Control Manager [7001] -

The WebDav Client Redirector Driver service depends on the

Redirected Buffering Sub Sysytem service which failed to start

because of the following error: A device attached to the system

is not functioning.
02/04/2011 9:34:32 PM, Error: Service Control Manager [7001] -

The WebClient service depends on the WebDav Client Redirector

Driver service which failed to start because of the following

error: The dependency service or group failed to start.
02/04/2011 9:34:32 PM, Error: Service Control Manager [7001] -

The TCP/IP NetBIOS Helper service depends on the Ancilliary

Function Driver for Winsock service which failed to start because

of the following error: A device attached to the system is not

functioning.
02/04/2011 9:34:32 PM, Error: Service Control Manager [7001] -

The SMB MiniRedirector Wrapper and Engine service depends on the

Redirected Buffering Sub Sysytem service which failed to start

because of the following error: A device attached to the system

is not functioning.
02/04/2011 9:34:32 PM, Error: Service Control Manager [7001] -

The SMB 2.0 MiniRedirector service depends on the SMB

MiniRedirector Wrapper and Engine service which failed to start

because of the following error: The dependency service or group

failed to start.
02/04/2011 9:34:32 PM, Error: Service Control Manager [7001] -

The SMB 1.x MiniRedirector service depends on the SMB

MiniRedirector Wrapper and Engine service which failed to start

because of the following error: The dependency service or group

failed to start.
02/04/2011 9:34:32 PM, Error: Service Control Manager [7001] -

The Network Store Interface Service service depends on the NSI

proxy service service which failed to start because of the

following error: A device attached to the system is not

functioning.
02/04/2011 9:34:32 PM, Error: Service Control Manager [7001] -

The Network Location Awareness service depends on the Network

Store Interface Service service which failed to start because of

the following error: The dependency service or group failed to

start.
02/04/2011 9:34:32 PM, Error: Service Control Manager [7001] -

The Network List Service service depends on the Network Location

Awareness service which failed to start because of the following

error: The dependency service or group failed to start.
02/04/2011 9:34:32 PM, Error: Service Control Manager [7001] -

The IP Helper service depends on the Network Store Interface

Service service which failed to start because of the following

error: The dependency service or group failed to start.
02/04/2011 9:34:32 PM, Error: Service Control Manager [7001] -

The DNS Client service depends on the NetIO Legacy TDI Support

Driver service which failed to start because of the following

error: A device attached to the system is not functioning.
02/04/2011 9:34:32 PM, Error: Service Control Manager [7001] -

The DHCP Client service depends on the Ancilliary Function Driver

for Winsock service which failed to start because of the

following error: A device attached to the system is not

functioning.
02/04/2011 9:34:32 PM, Error: Service Control Manager [7001] -

The Computer Browser service depends on the Server service which

failed to start because of the following error: The dependency

service or group failed to start.
02/04/2011 9:07:08 PM, Error: Microsoft-Windows-PrintSpooler [19]

- The print spooler failed to share printer hp psc 1300 series

with shared resource name hp psc 1300 series. Error 2114. The

printer cannot be used by others on the network.
.
==== End Of File ===========================
Zaphod
Regular Member
 
Posts: 29
Joined: November 1st, 2010, 3:13 pm
Advertisement
Register to Remove

Re: Vista Security 2011

Unread postby Cypher » April 6th, 2011, 11:08 am

Hi.
Checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Vista Security 2011

Unread postby Cypher » April 6th, 2011, 11:21 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backup your data - XP
Backup your data - Vista
Backup your data - windows 7


Vista Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • Your Operating System in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.


Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following
Ask Toolbar
Java(TM) SE Runtime Environment 6 Update 1


Next.

AVG 2011 advice

We need to run a tool called ComboFix, ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus.
This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results".
Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
In the meantime after running ComboFix i would like you to install Avira Personal FREE Antivirus, see instructions at the bottom of this post.

AppRemover

  • Please download AppRemover from Here and save it to your Desktop.
  • Right-click AppRemover and select " Run as administrator " to run it.
  • Now follow the prompts to remove
    AVG 2011
    .
  • Reboot your computer.

Next.

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Next.

Download and install Avira Personal FREE Antivirus from Here.


Logs/Information to Post in your Next Reply

  • ComboFix.txt.
  • Please give me an update on how your computer is performing.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Vista Security 2011

Unread postby Zaphod » April 6th, 2011, 8:35 pm

Hello Cypher

I completed the above steps, anti-virus currently running its initial scan. Fingers crossed, there have been no issues over the past couple of days. Here's hoping keep up that record. :)

Text of the Combofix report below:

ComboFix 11-04-06.01 - Home 06/04/2011 19:53:27.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2940.1923 [GMT -4:00]
Running from: c:\users\Home\Desktop\Malware\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Home\AppData\Local\lwv.exe
J:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 )))))))))))))))))))))))))))))))
.
.
2011-04-07 00:02 . 2011-04-07 00:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-06 23:15 . 2011-04-06 23:15 0 ----a-w- c:\windows\system32\REN53F0.tmp
2011-04-06 23:15 . 2011-04-06 23:15 0 ----a-w- c:\windows\system32\REN53DF.tmp
2011-04-06 23:15 . 2011-04-06 23:15 0 ----a-w- c:\windows\system32\REN53CE.tmp
2011-04-03 14:54 . 2011-04-03 15:11 -------- d-----w- c:\users\Home\AppData\Roaming\HpUpdate
2011-04-03 14:54 . 2011-04-03 14:54 -------- d-----w- c:\windows\Hewlett-Packard
2011-03-23 19:56 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-23 19:56 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-23 19:56 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-23 19:56 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-23 19:56 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-23 19:56 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-23 19:56 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-23 19:56 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-14 00:52 . 2011-03-14 00:53 -------- d-----w- c:\program files\Google
2011-03-14 00:52 . 2011-03-14 00:54 -------- d-----w- c:\users\Home\AppData\Local\Google
2011-03-10 23:59 . 2008-07-08 13:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-03-10 23:55 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-03-10 23:55 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-03-10 23:55 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-03-10 23:51 . 2011-03-10 23:51 -------- d-----w- c:\program files\CONEXANT
2011-03-10 23:46 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-03-10 23:46 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-03-10 23:46 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-03-10 23:46 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-03-10 23:46 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-03-10 23:46 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-03-10 23:44 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-03-10 23:44 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-10 23:44 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-10 23:44 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-03-10 23:44 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-03-10 23:44 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-03-10 23:43 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2011-03-10 23:43 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2011-03-10 23:43 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-03-10 23:42 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-03-10 23:42 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-03-10 23:42 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-03-10 23:42 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-03-10 23:42 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2011-03-10 23:42 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2011-03-09 20:03 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 20:03 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 20:03 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 20:03 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 20:03 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 20:03 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 08:47 . 2011-02-10 07:33 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-10 07:33 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-03-18 17:53 . 2011-03-23 19:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2010-10-19 12:53 585136 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480]
.
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-1-2 333088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-14 136176]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-01-02 36608]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 HSXHWBS3;HSXHWBS3;c:\windows\system32\DRIVERS\HSXHWBS3.sys [2008-02-12 207360]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-14 00:52]
.
2011-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-14 00:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 0.0.0.0:80
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\r7yqn4pn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-06 20:02
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-04-06 20:05:33
ComboFix-quarantined-files.txt 2011-04-07 00:05
.
Pre-Run: 43,929,350,144 bytes free
Post-Run: 44,593,963,008 bytes free
.
- - End Of File - - ABC7F6F025DFB87E407DA7CCA610D31D
Zaphod
Regular Member
 
Posts: 29
Joined: November 1st, 2010, 3:13 pm

Re: Vista Security 2011

Unread postby Cypher » April 7th, 2011, 5:50 am

Hi Zaphod.
there have been no issues over the past couple of days. Here's hoping keep up that record.

Good to hear there have been no issues but we have some work to do.

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    File::
    c:\windows\system32\REN53F0.tmp
    c:\windows\system32\REN53DF.tmp
    c:\windows\system32\REN53CE.tmp
    
    Folder::
    c:\progra~1\BEARSH~1
    c:\program files\ask.com
    
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{0974BA1E-64EC-11DE-B2A5-E43756D89593}"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLS"=""
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000000
    
    DDS::  
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
    BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
    mRun: [DATAMNGR] c:\progra~1\bearsh~1\mediabar\datamngr\DATAMN~1.EXE
    mRun: [<NO NAME>]
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
     
    Firefox::
    FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\r7yqn4pn.default\
    FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
    FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.


Logs/Information to Post in your Next Reply

  • ComboFix.txt.
  • Please give me an update on how your computer is performing.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Vista Security 2011

Unread postby Zaphod » April 7th, 2011, 9:16 am

Hi Cypher. The computer is still running nominally.

The Avira program ran last night and initially found no viruses/unwanted programs. When it ran this morning 3 viruses/unwanted programs were found. I will copy/paste the end of the Avira report after pasting the Combofix report.

COMBOFIX report

ComboFix 11-04-06.03 - Home 07/04/2011 8:43.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2940.1551 [GMT -4:00]
Running from: c:\users\Home\Desktop\Malware\ComboFix.exe
Command switches used :: c:\users\Home\Desktop\Malware\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\REN53CE.tmp"
"c:\windows\system32\REN53DF.tmp"
"c:\windows\system32\REN53F0.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\BEARSH~1
c:\progra~1\bearsh~1\mediabar\datamngr\DATAMN~1.EXE
c:\progra~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll
c:\progra~1\BEARSH~1\MediaBar\Datamngr\datamngrUI.exe
c:\progra~1\BEARSH~1\MediaBar\Datamngr\FirefoxExtension\chrome.manifest
c:\progra~1\BEARSH~1\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
c:\progra~1\BEARSH~1\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\progra~1\BEARSH~1\MediaBar\Datamngr\FirefoxExtension\content\overlay.js
c:\progra~1\BEARSH~1\MediaBar\Datamngr\FirefoxExtension\content\overlay.xul
c:\progra~1\BEARSH~1\MediaBar\Datamngr\FirefoxExtension\install.rdf
c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarTb.dll
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\bearshare.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\data\search\engines.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\data\search\search.xsl
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\about.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\dtxwin.xul
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\external.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\neterror.xhtml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\wmpstreamer.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\modules\datastore.jsm
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\preferences.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\toolbar.htm
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\toolbar.xul
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-mdl.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tl.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tr.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-dragresize.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-down.PNG
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-over.PNG
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-down.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-down.PNG
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-over.PNG
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize.PNG
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next-off.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous-off.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\navico-home.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\panel.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\powered-mystart.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\tb_icon.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-mdl.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tl.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tr.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-dragresize.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-down.PNG
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-over.PNG
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-down.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-down.PNG
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-over.PNG
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next-off.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\navico-home.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\panel.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\powered-mystart.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\bearshare.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\bluelite.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\bluesky.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\btn-search-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\btn-search.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\btn-settings-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\btn-settings.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\btn-widgets-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\btn-widgets.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\btn_settings.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-down-back-ff.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-down-back.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-down-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-down-right.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-down-splitter.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-drop-back.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-drop-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-drop-right.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-drop-splitter.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-hover-back-ff.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-hover-back.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-hover-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-hover-right.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-hover-splitter.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\ca.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\dictionary.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\divider.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\downloadcom.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\dtxlogo.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\email.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\email_on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\games.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\graphred0.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\graphred0_5.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\grey.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\headsup.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\ico-shield.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\images.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\add.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\aol.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\arrow-right.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\arrow-up.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\blank.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\btnback-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\btnright-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\checkmark.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\chevron.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\collapse.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\comcast.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\dtx.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\edit-back.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\expand.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\found.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\gmail.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\highlight.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\highlight_blue.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\highlight_lime.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\hotmail.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\imap.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\loadingMid.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\lock.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\mailcom.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\modify.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\move.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\movetarget.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\footer.htm
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\pop.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\track.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\reload.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\remove.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\rename.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\resize-box.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\rss.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\rsschannelback.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\RSSLogo.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\scroll-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\scroll-right.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\search-go.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\search.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\template.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\template.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\yahoo.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lichen.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\logo-about.jpg
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\logo-about.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\logo-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\logo.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\logo_old.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\maps.bmp
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\menuseparatorback.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\modify-save.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\modify.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\modifyhot.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\music.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\news.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\options\options-main.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\options\options-search.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\options\options-weather.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\options\options-widgets.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\orange.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\pixsy.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\relatedlinks.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-collapse.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-delete.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-expand.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-feed.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-folder-remove.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-folder-rename.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-folder.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-found.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-reload.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-subscribe.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rssback.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rsstopback.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\search-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\search.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\settings.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\shopping.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\siteinfo.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\skin-bluelite.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\skin-bluesky.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\skin-grey.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\skin-lichen.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\skin-orange.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\skin-yellow.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\technorati.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\throbber.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\toolbarsplitter.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\video.bmp
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\weather.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\web.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widget_allocine.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widget_bliptv.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widget_calcal.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widget_calculator.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widget_gservices.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widget_sudoku.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widget_todo.jpg
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widget_todo.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widget_trio.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widget_uconverter.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widgets-square-16px.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widgets.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\wikipedia.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\yahoosearch.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\yellow.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\youtube.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\zoom.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\components\windowmediator.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\manifest.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\uninstall.exe
c:\progra~1\BEARSH~1\MediaBar\uninstall.exe
c:\windows\system32\REN53CE.tmp
c:\windows\system32\REN53DF.tmp
c:\windows\system32\REN53F0.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 )))))))))))))))))))))))))))))))
.
.
2011-04-07 12:52 . 2011-04-07 12:52 -------- d-----w- c:\users\Guestt\AppData\Local\temp
2011-04-07 12:52 . 2011-04-07 12:52 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-04-07 12:52 . 2011-04-07 12:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-07 12:52 . 2011-04-07 12:52 -------- d-----w- c:\users\crk\AppData\Local\temp
2011-04-07 00:20 . 2011-04-07 00:20 -------- d-----w- c:\users\Home\AppData\Roaming\Avira
2011-04-07 00:11 . 2011-03-04 20:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-07 00:11 . 2011-03-04 18:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-07 00:11 . 2011-04-07 00:11 -------- d-----w- c:\programdata\Avira
2011-04-07 00:11 . 2011-04-07 00:11 -------- d-----w- c:\program files\Avira
2011-04-03 14:54 . 2011-04-03 15:11 -------- d-----w- c:\users\Home\AppData\Roaming\HpUpdate
2011-04-03 14:54 . 2011-04-03 14:54 -------- d-----w- c:\windows\Hewlett-Packard
2011-03-23 19:56 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-23 19:56 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-23 19:56 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-23 19:56 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-23 19:56 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-23 19:56 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-23 19:56 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-23 19:56 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-14 00:52 . 2011-03-14 00:53 -------- d-----w- c:\program files\Google
2011-03-14 00:52 . 2011-03-14 00:54 -------- d-----w- c:\users\Home\AppData\Local\Google
2011-03-10 23:59 . 2008-07-08 13:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-03-10 23:55 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-03-10 23:55 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-03-10 23:55 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-03-10 23:51 . 2011-03-10 23:51 -------- d-----w- c:\program files\CONEXANT
2011-03-10 23:46 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-03-10 23:46 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-03-10 23:46 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-03-10 23:46 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-03-10 23:46 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-03-10 23:46 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-03-10 23:44 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-03-10 23:44 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-10 23:44 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-10 23:44 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-03-10 23:44 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-03-10 23:44 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-03-10 23:43 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2011-03-10 23:43 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2011-03-10 23:43 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-03-10 23:42 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-03-10 23:42 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-03-10 23:42 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-03-10 23:42 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-03-10 23:42 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2011-03-10 23:42 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2011-03-09 20:03 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 20:03 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 20:03 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 20:03 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 20:03 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 20:03 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 08:47 . 2011-02-10 07:33 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-10 07:33 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-03-18 17:53 . 2011-03-23 19:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-1-2 333088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-14 136176]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-01-02 36608]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 HSXHWBS3;HSXHWBS3;c:\windows\system32\DRIVERS\HSXHWBS3.sys [2008-02-12 207360]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-14 00:52]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-14 00:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 0.0.0.0:80
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\r7yqn4pn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-BearShare MediaBar - c:\program files\BearShare Applications\MediaBar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-07 08:52
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-04-07 08:55:26
ComboFix-quarantined-files.txt 2011-04-07 12:55
.
Pre-Run: 35,851,984,896 bytes free
Post-Run: 35,851,923,456 bytes free
.
- - End Of File - - 517A28C2A639257863C191A8608DEF96



Excerpt from AVSCAN report:

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1782' files ).


Starting the file scan:

Begin scan in 'C:\' <COMPAQ>
C:\Qoobox\Quarantine\C\Users\Home\AppData\Local\lwv.exe.vir
[DETECTION] Is the TR/Fake.Rean.547 Trojan
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\a985b43-3eca3574
[DETECTION] Is the TR/Fake.Rean.506 Trojan
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\672ccd64-58366d16
[DETECTION] Is the TR/Fake.Rean.547 Trojan
Begin scan in 'D:\' <FACTORY_IMAGE>

Beginning disinfection:
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\672ccd64-58366d16
[DETECTION] Is the TR/Fake.Rean.547 Trojan
[NOTE] The file could not be copied to quarantine!
[NOTE] The file does not exist!
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\a985b43-3eca3574
[DETECTION] Is the TR/Fake.Rean.506 Trojan
[NOTE] The file could not be copied to quarantine!
[NOTE] The file does not exist!
C:\Qoobox\Quarantine\C\Users\Home\AppData\Local\lwv.exe.vir
[DETECTION] Is the TR/Fake.Rean.547 Trojan
[NOTE] The file could not be copied to quarantine!
[NOTE] The file does not exist!


End of the scan: April-07-11 08:34
Used time: 2:09:43 Hour(s)

The scan has been done completely.

32612 Scanned directories
598526 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
598523 Files not concerned
3957 Archives were scanned
0 Warnings
0 Notes
645963 Objects were scanned with rootkit scan
0 Hidden objects were found
Zaphod
Regular Member
 
Posts: 29
Joined: November 1st, 2010, 3:13 pm

Re: Vista Security 2011

Unread postby Cypher » April 7th, 2011, 10:48 am

Hi Zaphod.
Are you aware of this ProxyServer did you set it? let me know in your next reply.
ProxyServer = 0.0.0.0:80

We have a couple of updates to do then i would like you to run another scan for me.

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 24.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.
  • Note: remember to Uncheck Free McAfee® Security Scan Plus (optional)

Next.

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (10.0.1).
  • Note: remember to Uncheck Free McAfee® Security Scan Plus (optional)

Next.

Please download ATF Cleaner to your desktop.

  • Right-click ATF-Cleaner.exe And select " Run as administrator " to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • Did you set the ProxyServer?
  • ESET log.
  • Please give me an update on how your computer is performing.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Vista Security 2011

Unread postby Zaphod » April 7th, 2011, 2:08 pm

Hi Cypher
Did you set the ProxyServer? No I didn't

ESET log. Below

Please give me an update on how your computer is performing. No change

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=46f36529ca945343a23d3fe1add72ae3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-07 05:47:08
# local_time=2011-04-07 01:47:08 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 0 37787407 0 0
# compatibility_mode=5892 16776574 100 100 35146773 138797986 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=183366
# found=1
# cleaned=0
# scan_time=7969
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\113de670-6127d5c6 Java/Exploit.Agent.NAA trojan (unable to clean) 00000000000000000000000000000000 I
Zaphod
Regular Member
 
Posts: 29
Joined: November 1st, 2010, 3:13 pm

Re: Vista Security 2011

Unread postby Cypher » April 7th, 2011, 2:14 pm

Hi.
Still a couple of things to do.

Clear Java cache

  • Click on Start > Control Panel > Classic view then double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button.
  • There are two options in the window to clear the cache - Leave BOTH Checked.
    • Applications and Applets
    • Trace and Log Files
  • Click OK on Delete Temporary Files Window
  • Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Vista Security 2011

Unread postby Zaphod » April 7th, 2011, 2:54 pm

Hi Cypher

RSIT Log

Logfile of random's system information tool 1.08 (written by random/random)
Run by Home at 2011-04-07 14:42:50
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 35 GB (12%) free of 294 GB
Total RAM: 2940 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:43:07 PM, on 07/04/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\wpcumi.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Home\Desktop\Malware\RSIT.exe
C:\Program Files\trend micro\Home.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8372 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-07 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02 75008]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2011-02-18 49208]
"DVDAgent"=c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-09-09 1148200]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-03-04 281768]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PMB Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-04-07 14:42:51 ----D---- C:\Program Files\trend micro
2011-04-07 14:42:50 ----D---- C:\rsit
2011-04-07 11:28:54 ----D---- C:\Program Files\ESET
2011-04-07 11:22:28 ----D---- C:\Program Files\Adobe
2011-04-07 11:21:45 ----SHD---- C:\Config.Msi
2011-04-07 11:19:18 ----D---- C:\Program Files\Common Files\Java
2011-04-07 11:18:50 ----A---- C:\Windows\system32\javaws.exe
2011-04-07 11:18:50 ----A---- C:\Windows\system32\javaw.exe
2011-04-07 11:18:50 ----A---- C:\Windows\system32\java.exe
2011-04-07 08:55:32 ----SHD---- C:\$RECYCLE.BIN
2011-04-07 08:55:28 ----D---- C:\Windows\temp
2011-04-07 08:55:26 ----A---- C:\ComboFix.txt
2011-04-07 08:41:18 ----D---- C:\ComboFix
2011-04-07 08:40:51 ----A---- C:\Windows\SWXCACLS.exe
2011-04-06 20:20:57 ----D---- C:\Users\Home\AppData\Roaming\Avira
2011-04-06 20:11:10 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2011-04-06 20:11:08 ----A---- C:\Windows\system32\drivers\avipbb.sys
2011-04-06 20:11:08 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2011-04-06 20:11:07 ----D---- C:\ProgramData\Avira
2011-04-06 20:11:07 ----D---- C:\Program Files\Avira
2011-04-06 19:50:44 ----A---- C:\Windows\zip.exe
2011-04-06 19:50:44 ----A---- C:\Windows\SWSC.exe
2011-04-06 19:50:44 ----A---- C:\Windows\SWREG.exe
2011-04-06 19:50:44 ----A---- C:\Windows\sed.exe
2011-04-06 19:50:44 ----A---- C:\Windows\PEV.exe
2011-04-06 19:50:44 ----A---- C:\Windows\NIRCMD.exe
2011-04-06 19:50:44 ----A---- C:\Windows\MBR.exe
2011-04-06 19:50:44 ----A---- C:\Windows\grep.exe
2011-04-06 19:50:37 ----D---- C:\Windows\ERDNT
2011-04-06 19:45:49 ----D---- C:\Qoobox
2011-04-03 11:05:05 ----A---- C:\FINIS_IT.TXT
2011-04-03 10:54:53 ----D---- C:\Users\Home\AppData\Roaming\HpUpdate
2011-04-03 10:54:48 ----D---- C:\Windows\Hewlett-Packard
2011-03-15 19:48:09 ----A---- C:\Windows\system32\shsvcs.dll
2011-03-13 20:52:35 ----D---- C:\Program Files\Google
2011-03-10 20:13:29 ----D---- C:\Windows\system32\WindowsPowerShell
2011-03-10 19:55:04 ----A---- C:\Windows\system32\oleaccrc.dll
2011-03-10 19:55:03 ----A---- C:\Windows\system32\UIAutomationCore.dll
2011-03-10 19:55:03 ----A---- C:\Windows\system32\oleacc.dll
2011-03-10 19:51:35 ----D---- C:\Program Files\CONEXANT
2011-03-10 19:47:37 ----A---- C:\Windows\system32\winrsmgr.dll
2011-03-10 19:47:17 ----A---- C:\Windows\system32\wsmprovhost.exe
2011-03-10 19:47:17 ----A---- C:\Windows\system32\winrshost.exe
2011-03-10 19:47:17 ----A---- C:\Windows\system32\winrs.exe
2011-03-10 19:47:10 ----A---- C:\Windows\system32\wsmplpxy.dll
2011-03-10 19:47:10 ----A---- C:\Windows\system32\winrssrv.dll
2011-03-10 19:47:08 ----A---- C:\Windows\system32\WsmRes.dll
2011-03-10 19:47:08 ----A---- C:\Windows\system32\wevtfwd.dll
2011-03-10 19:47:08 ----A---- C:\Windows\system32\wecutil.exe
2011-03-10 19:47:08 ----A---- C:\Windows\system32\wecsvc.dll
2011-03-10 19:47:08 ----A---- C:\Windows\system32\wecapi.dll
2011-03-10 19:47:08 ----A---- C:\Windows\system32\pwrshplugin.dll
2011-03-10 19:47:00 ----A---- C:\Windows\system32\winrm.vbs
2011-03-10 19:46:58 ----A---- C:\Windows\system32\WsmWmiPl.dll
2011-03-10 19:46:58 ----A---- C:\Windows\system32\WsmSvc.dll
2011-03-10 19:46:58 ----A---- C:\Windows\system32\WsmAuto.dll
2011-03-10 19:46:58 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2011-03-10 19:46:58 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2011-03-10 19:46:58 ----A---- C:\Windows\system32\winrscmd.dll
2011-03-10 19:45:08 ----A---- C:\Windows\system32\FntCache.dll
2011-03-10 19:45:08 ----A---- C:\Windows\system32\d3d10warp.dll
2011-03-10 19:45:07 ----A---- C:\Windows\system32\DWrite.dll
2011-03-10 19:45:07 ----A---- C:\Windows\system32\d3d10_1.dll
2011-03-10 19:45:07 ----A---- C:\Windows\system32\d3d10.dll
2011-03-10 19:45:07 ----A---- C:\Windows\system32\d2d1.dll
2011-03-10 19:45:06 ----A---- C:\Windows\system32\MFH264Dec.dll
2011-03-10 19:45:06 ----A---- C:\Windows\system32\dxgi.dll
2011-03-10 19:45:06 ----A---- C:\Windows\system32\d3d10level9.dll
2011-03-10 19:45:06 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-03-10 19:45:05 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-03-10 19:45:05 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-03-10 19:45:05 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-03-10 19:45:05 ----A---- C:\Windows\system32\d3d10core.dll
2011-03-10 19:45:04 ----A---- C:\Windows\system32\MFHEAACdec.dll
2011-03-10 19:45:03 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-03-10 19:45:03 ----A---- C:\Windows\system32\mfmp4src.dll
2011-03-10 19:45:02 ----A---- C:\Windows\system32\shdocvw.dll
2011-03-10 19:45:02 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2011-03-10 19:45:02 ----A---- C:\Windows\system32\mfplat.dll
2011-03-10 19:45:02 ----A---- C:\Windows\system32\mf.dll
2011-03-10 19:45:02 ----A---- C:\Windows\system32\cdd.dll
2011-03-10 19:45:01 ----A---- C:\Windows\system32\stobject.dll
2011-03-10 19:45:00 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2011-03-10 19:45:00 ----A---- C:\Windows\system32\mfps.dll
2011-03-10 19:44:48 ----A---- C:\Windows\system32\gameux.dll
2011-03-10 19:44:47 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2011-03-10 19:44:47 ----A---- C:\Windows\system32\Apphlpdm.dll
2011-03-10 19:43:06 ----A---- C:\Windows\system32\secproc_isv.dll
2011-03-10 19:43:05 ----A---- C:\Windows\system32\secproc.dll
2011-03-10 19:43:00 ----A---- C:\Windows\system32\RMActivate_isv.exe
2011-03-10 19:42:59 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2011-03-10 19:42:59 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2011-03-10 19:42:58 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2011-03-10 19:42:58 ----A---- C:\Windows\system32\secproc_ssp.dll
2011-03-10 19:42:58 ----A---- C:\Windows\system32\RMActivate.exe
2011-03-10 19:42:58 ----A---- C:\Windows\system32\msdrm.dll
2011-03-09 16:03:33 ----A---- C:\Windows\system32\sbeio.dll
2011-03-09 16:03:33 ----A---- C:\Windows\system32\sbe.dll
2011-03-09 16:03:33 ----A---- C:\Windows\system32\EncDec.dll
2011-03-09 16:03:30 ----A---- C:\Windows\system32\mstscax.dll
2011-03-09 16:03:30 ----A---- C:\Windows\system32\mstsc.exe

======List of files/folders modified in the last 1 months======

2011-04-07 14:42:51 ----RD---- C:\Program Files
2011-04-07 13:46:16 ----D---- C:\Users\Home\AppData\Roaming\Skype
2011-04-07 12:03:48 ----D---- C:\Windows\Prefetch
2011-04-07 11:27:04 ----SHD---- C:\System Volume Information
2011-04-07 11:24:02 ----SHD---- C:\Windows\Installer
2011-04-07 11:22:45 ----D---- C:\Program Files\Common Files\Adobe
2011-04-07 11:22:34 ----D---- C:\ProgramData\Adobe
2011-04-07 11:21:02 ----D---- C:\Windows\System32
2011-04-07 11:19:18 ----D---- C:\Program Files\Common Files
2011-04-07 11:18:34 ----A---- C:\Windows\system32\deployJava1.dll
2011-04-07 08:55:28 ----D---- C:\WINDOWS
2011-04-07 08:52:49 ----A---- C:\Windows\system.ini
2011-04-07 08:52:41 ----D---- C:\Windows\system32\drivers\etc
2011-04-07 08:48:10 ----D---- C:\Windows\system32\drivers
2011-04-07 08:48:10 ----D---- C:\Windows\AppPatch
2011-04-07 08:06:28 ----D---- C:\Users\Home\AppData\Roaming\skypePM
2011-04-06 22:14:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-04-06 22:14:04 ----D---- C:\Windows\inf
2011-04-06 20:11:07 ----D---- C:\ProgramData
2011-04-06 19:40:16 ----D---- C:\Windows\system32\drivers\AVG
2011-04-06 19:15:51 ----D---- C:\Program Files\Java
2011-04-05 00:00:20 ----D---- C:\Windows\system32\catroot2
2011-04-04 07:17:40 ----D---- C:\Users\Home\AppData\Roaming\WinFF
2011-04-03 19:06:51 ----D---- C:\Windows\Help
2011-04-03 14:35:06 ----D---- C:\Windows\system32\config
2011-04-03 14:34:53 ----D---- C:\Windows\Tasks
2011-04-03 14:34:53 ----D---- C:\Windows\system32\wbem
2011-04-03 14:34:53 ----D---- C:\Windows\system32\spool
2011-04-03 14:34:53 ----D---- C:\Windows\system32\Msdtc
2011-04-03 14:34:46 ----D---- C:\Windows\registration
2011-04-03 11:09:32 ----D---- C:\Windows\winsxs
2011-04-03 11:09:26 ----D---- C:\Windows\system32\catroot
2011-04-03 11:07:49 ----D---- C:\Windows\SoftwareDistribution
2011-04-03 11:06:14 ----D---- C:\Windows\system32\Tasks
2011-04-03 11:05:46 ----D---- C:\ProgramData\Hewlett-Packard
2011-04-03 11:05:25 ----D---- C:\hp
2011-04-03 11:04:11 ----HD---- C:\Program Files\InstallShield Installation Information
2011-04-03 11:01:51 ----D---- C:\Program Files\Hewlett-Packard
2011-04-03 11:01:12 ----AD---- C:\ProgramData\TEMP
2011-04-03 10:55:11 ----D---- C:\Program Files\HP
2011-04-03 09:34:58 ----D---- C:\Windows\Web
2011-04-02 22:18:09 ----D---- C:\Program Files\SpywareBlaster
2011-04-02 21:27:20 ----D---- C:\Windows\SMINST
2011-03-23 15:56:36 ----D---- C:\Program Files\Mozilla Firefox
2011-03-22 15:25:18 ----SD---- C:\Users\Home\AppData\Roaming\Microsoft
2011-03-10 20:33:29 ----D---- C:\Windows\rescache
2011-03-10 20:30:07 ----D---- C:\Windows\Microsoft.NET
2011-03-10 20:29:28 ----RSD---- C:\Windows\assembly
2011-03-10 20:19:44 ----D---- C:\ProgramData\NVIDIA
2011-03-10 20:13:54 ----D---- C:\Windows\system32\en-US
2011-03-10 20:13:50 ----D---- C:\Windows\system32\uk-UA
2011-03-10 20:13:50 ----D---- C:\Windows\system32\sl-SI
2011-03-10 20:13:50 ----D---- C:\Windows\system32\pt-PT
2011-03-10 20:13:50 ----D---- C:\Windows\system32\pt-BR
2011-03-10 20:13:50 ----D---- C:\Windows\system32\pl-PL
2011-03-10 20:13:50 ----D---- C:\Windows\system32\ko-KR
2011-03-10 20:13:50 ----D---- C:\Windows\system32\it-IT
2011-03-10 20:13:50 ----D---- C:\Windows\system32\hu-HU
2011-03-10 20:13:50 ----D---- C:\Windows\system32\hr-HR
2011-03-10 20:13:50 ----D---- C:\Windows\system32\he-IL
2011-03-10 20:13:50 ----D---- C:\Windows\system32\bg-BG
2011-03-10 20:13:49 ----D---- C:\Windows\system32\zh-TW
2011-03-10 20:13:49 ----D---- C:\Windows\system32\zh-HK
2011-03-10 20:13:49 ----D---- C:\Windows\system32\zh-CN
2011-03-10 20:13:49 ----D---- C:\Windows\system32\tr-TR
2011-03-10 20:13:49 ----D---- C:\Windows\system32\th-TH
2011-03-10 20:13:49 ----D---- C:\Windows\system32\sv-SE
2011-03-10 20:13:49 ----D---- C:\Windows\system32\sr-Latn-CS
2011-03-10 20:13:49 ----D---- C:\Windows\system32\sk-SK
2011-03-10 20:13:49 ----D---- C:\Windows\system32\ru-RU
2011-03-10 20:13:49 ----D---- C:\Windows\system32\ro-RO
2011-03-10 20:13:49 ----D---- C:\Windows\system32\nl-NL
2011-03-10 20:13:49 ----D---- C:\Windows\system32\nb-NO
2011-03-10 20:13:49 ----D---- C:\Windows\system32\lv-LV
2011-03-10 20:13:49 ----D---- C:\Windows\system32\lt-LT
2011-03-10 20:13:49 ----D---- C:\Windows\system32\ja-JP
2011-03-10 20:13:49 ----D---- C:\Windows\system32\fr-FR
2011-03-10 20:13:49 ----D---- C:\Windows\system32\fi-FI
2011-03-10 20:13:49 ----D---- C:\Windows\system32\et-EE
2011-03-10 20:13:49 ----D---- C:\Windows\system32\es-ES
2011-03-10 20:13:49 ----D---- C:\Windows\system32\el-GR
2011-03-10 20:13:49 ----D---- C:\Windows\system32\de-DE
2011-03-10 20:13:49 ----D---- C:\Windows\system32\da-DK
2011-03-10 20:13:49 ----D---- C:\Windows\system32\cs-CZ
2011-03-10 20:13:49 ----D---- C:\Windows\system32\ar-SA
2011-03-10 20:13:48 ----D---- C:\Program Files\Internet Explorer
2011-03-10 20:13:47 ----D---- C:\Windows\ehome
2011-03-10 20:13:47 ----D---- C:\Program Files\Windows Mail
2011-03-10 20:13:40 ----RSD---- C:\Windows\Fonts
2011-03-10 20:13:35 ----D---- C:\Windows\PolicyDefinitions
2011-03-10 19:52:37 ----D---- C:\Windows\system32\RTCOM
2011-03-10 04:22:47 ----D---- C:\Program Files\Microsoft Silverlight
2011-03-10 04:01:54 ----D---- C:\Windows\Debug
2011-03-10 04:01:52 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-07-04 44944]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-03-04 137656]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-03-04 61960]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-02-12 985600]
R3 HSXHWBS3;HSXHWBS3; C:\Windows\system32\DRIVERS\HSXHWBS3.sys [2008-02-12 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-11 2324512]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-20 9216]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-02-12 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\Windows\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360]
S3 catchme;catchme; \??\C:\Users\Home\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-04-28 54632]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-01-02 36608]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2008-02-22 87936]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2008-02-22 14976]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2008-02-22 114304]
S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\sscdserd.sys [2008-02-22 94336]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2008-05-22 15360]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-03-04 269480]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-02 94208]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-13 136176]
S2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-03-28 165416]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
Zaphod
Regular Member
 
Posts: 29
Joined: November 1st, 2010, 3:13 pm

Re: Vista Security 2011

Unread postby Zaphod » April 7th, 2011, 2:55 pm

RSIT Info

Logfile of random's system information tool 1.08 (written by random/random)
Run by Home at 2011-04-07 14:42:50
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 35 GB (12%) free of 294 GB
Total RAM: 2940 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:43:07 PM, on 07/04/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\wpcumi.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Home\Desktop\Malware\RSIT.exe
C:\Program Files\trend micro\Home.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8372 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-07 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02 75008]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2011-02-18 49208]
"DVDAgent"=c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-09-09 1148200]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-03-04 281768]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PMB Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-04-07 14:42:51 ----D---- C:\Program Files\trend micro
2011-04-07 14:42:50 ----D---- C:\rsit
2011-04-07 11:28:54 ----D---- C:\Program Files\ESET
2011-04-07 11:22:28 ----D---- C:\Program Files\Adobe
2011-04-07 11:21:45 ----SHD---- C:\Config.Msi
2011-04-07 11:19:18 ----D---- C:\Program Files\Common Files\Java
2011-04-07 11:18:50 ----A---- C:\Windows\system32\javaws.exe
2011-04-07 11:18:50 ----A---- C:\Windows\system32\javaw.exe
2011-04-07 11:18:50 ----A---- C:\Windows\system32\java.exe
2011-04-07 08:55:32 ----SHD---- C:\$RECYCLE.BIN
2011-04-07 08:55:28 ----D---- C:\Windows\temp
2011-04-07 08:55:26 ----A---- C:\ComboFix.txt
2011-04-07 08:41:18 ----D---- C:\ComboFix
2011-04-07 08:40:51 ----A---- C:\Windows\SWXCACLS.exe
2011-04-06 20:20:57 ----D---- C:\Users\Home\AppData\Roaming\Avira
2011-04-06 20:11:10 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2011-04-06 20:11:08 ----A---- C:\Windows\system32\drivers\avipbb.sys
2011-04-06 20:11:08 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2011-04-06 20:11:07 ----D---- C:\ProgramData\Avira
2011-04-06 20:11:07 ----D---- C:\Program Files\Avira
2011-04-06 19:50:44 ----A---- C:\Windows\zip.exe
2011-04-06 19:50:44 ----A---- C:\Windows\SWSC.exe
2011-04-06 19:50:44 ----A---- C:\Windows\SWREG.exe
2011-04-06 19:50:44 ----A---- C:\Windows\sed.exe
2011-04-06 19:50:44 ----A---- C:\Windows\PEV.exe
2011-04-06 19:50:44 ----A---- C:\Windows\NIRCMD.exe
2011-04-06 19:50:44 ----A---- C:\Windows\MBR.exe
2011-04-06 19:50:44 ----A---- C:\Windows\grep.exe
2011-04-06 19:50:37 ----D---- C:\Windows\ERDNT
2011-04-06 19:45:49 ----D---- C:\Qoobox
2011-04-03 11:05:05 ----A---- C:\FINIS_IT.TXT
2011-04-03 10:54:53 ----D---- C:\Users\Home\AppData\Roaming\HpUpdate
2011-04-03 10:54:48 ----D---- C:\Windows\Hewlett-Packard
2011-03-15 19:48:09 ----A---- C:\Windows\system32\shsvcs.dll
2011-03-13 20:52:35 ----D---- C:\Program Files\Google
2011-03-10 20:13:29 ----D---- C:\Windows\system32\WindowsPowerShell
2011-03-10 19:55:04 ----A---- C:\Windows\system32\oleaccrc.dll
2011-03-10 19:55:03 ----A---- C:\Windows\system32\UIAutomationCore.dll
2011-03-10 19:55:03 ----A---- C:\Windows\system32\oleacc.dll
2011-03-10 19:51:35 ----D---- C:\Program Files\CONEXANT
2011-03-10 19:47:37 ----A---- C:\Windows\system32\winrsmgr.dll
2011-03-10 19:47:17 ----A---- C:\Windows\system32\wsmprovhost.exe
2011-03-10 19:47:17 ----A---- C:\Windows\system32\winrshost.exe
2011-03-10 19:47:17 ----A---- C:\Windows\system32\winrs.exe
2011-03-10 19:47:10 ----A---- C:\Windows\system32\wsmplpxy.dll
2011-03-10 19:47:10 ----A---- C:\Windows\system32\winrssrv.dll
2011-03-10 19:47:08 ----A---- C:\Windows\system32\WsmRes.dll
2011-03-10 19:47:08 ----A---- C:\Windows\system32\wevtfwd.dll
2011-03-10 19:47:08 ----A---- C:\Windows\system32\wecutil.exe
2011-03-10 19:47:08 ----A---- C:\Windows\system32\wecsvc.dll
2011-03-10 19:47:08 ----A---- C:\Windows\system32\wecapi.dll
2011-03-10 19:47:08 ----A---- C:\Windows\system32\pwrshplugin.dll
2011-03-10 19:47:00 ----A---- C:\Windows\system32\winrm.vbs
2011-03-10 19:46:58 ----A---- C:\Windows\system32\WsmWmiPl.dll
2011-03-10 19:46:58 ----A---- C:\Windows\system32\WsmSvc.dll
2011-03-10 19:46:58 ----A---- C:\Windows\system32\WsmAuto.dll
2011-03-10 19:46:58 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2011-03-10 19:46:58 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2011-03-10 19:46:58 ----A---- C:\Windows\system32\winrscmd.dll
2011-03-10 19:45:08 ----A---- C:\Windows\system32\FntCache.dll
2011-03-10 19:45:08 ----A---- C:\Windows\system32\d3d10warp.dll
2011-03-10 19:45:07 ----A---- C:\Windows\system32\DWrite.dll
2011-03-10 19:45:07 ----A---- C:\Windows\system32\d3d10_1.dll
2011-03-10 19:45:07 ----A---- C:\Windows\system32\d3d10.dll
2011-03-10 19:45:07 ----A---- C:\Windows\system32\d2d1.dll
2011-03-10 19:45:06 ----A---- C:\Windows\system32\MFH264Dec.dll
2011-03-10 19:45:06 ----A---- C:\Windows\system32\dxgi.dll
2011-03-10 19:45:06 ----A---- C:\Windows\system32\d3d10level9.dll
2011-03-10 19:45:06 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-03-10 19:45:05 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-03-10 19:45:05 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-03-10 19:45:05 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-03-10 19:45:05 ----A---- C:\Windows\system32\d3d10core.dll
2011-03-10 19:45:04 ----A---- C:\Windows\system32\MFHEAACdec.dll
2011-03-10 19:45:03 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-03-10 19:45:03 ----A---- C:\Windows\system32\mfmp4src.dll
2011-03-10 19:45:02 ----A---- C:\Windows\system32\shdocvw.dll
2011-03-10 19:45:02 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2011-03-10 19:45:02 ----A---- C:\Windows\system32\mfplat.dll
2011-03-10 19:45:02 ----A---- C:\Windows\system32\mf.dll
2011-03-10 19:45:02 ----A---- C:\Windows\system32\cdd.dll
2011-03-10 19:45:01 ----A---- C:\Windows\system32\stobject.dll
2011-03-10 19:45:00 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2011-03-10 19:45:00 ----A---- C:\Windows\system32\mfps.dll
2011-03-10 19:44:48 ----A---- C:\Windows\system32\gameux.dll
2011-03-10 19:44:47 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2011-03-10 19:44:47 ----A---- C:\Windows\system32\Apphlpdm.dll
2011-03-10 19:43:06 ----A---- C:\Windows\system32\secproc_isv.dll
2011-03-10 19:43:05 ----A---- C:\Windows\system32\secproc.dll
2011-03-10 19:43:00 ----A---- C:\Windows\system32\RMActivate_isv.exe
2011-03-10 19:42:59 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2011-03-10 19:42:59 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2011-03-10 19:42:58 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2011-03-10 19:42:58 ----A---- C:\Windows\system32\secproc_ssp.dll
2011-03-10 19:42:58 ----A---- C:\Windows\system32\RMActivate.exe
2011-03-10 19:42:58 ----A---- C:\Windows\system32\msdrm.dll
2011-03-09 16:03:33 ----A---- C:\Windows\system32\sbeio.dll
2011-03-09 16:03:33 ----A---- C:\Windows\system32\sbe.dll
2011-03-09 16:03:33 ----A---- C:\Windows\system32\EncDec.dll
2011-03-09 16:03:30 ----A---- C:\Windows\system32\mstscax.dll
2011-03-09 16:03:30 ----A---- C:\Windows\system32\mstsc.exe

======List of files/folders modified in the last 1 months======

2011-04-07 14:42:51 ----RD---- C:\Program Files
2011-04-07 13:46:16 ----D---- C:\Users\Home\AppData\Roaming\Skype
2011-04-07 12:03:48 ----D---- C:\Windows\Prefetch
2011-04-07 11:27:04 ----SHD---- C:\System Volume Information
2011-04-07 11:24:02 ----SHD---- C:\Windows\Installer
2011-04-07 11:22:45 ----D---- C:\Program Files\Common Files\Adobe
2011-04-07 11:22:34 ----D---- C:\ProgramData\Adobe
2011-04-07 11:21:02 ----D---- C:\Windows\System32
2011-04-07 11:19:18 ----D---- C:\Program Files\Common Files
2011-04-07 11:18:34 ----A---- C:\Windows\system32\deployJava1.dll
2011-04-07 08:55:28 ----D---- C:\WINDOWS
2011-04-07 08:52:49 ----A---- C:\Windows\system.ini
2011-04-07 08:52:41 ----D---- C:\Windows\system32\drivers\etc
2011-04-07 08:48:10 ----D---- C:\Windows\system32\drivers
2011-04-07 08:48:10 ----D---- C:\Windows\AppPatch
2011-04-07 08:06:28 ----D---- C:\Users\Home\AppData\Roaming\skypePM
2011-04-06 22:14:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-04-06 22:14:04 ----D---- C:\Windows\inf
2011-04-06 20:11:07 ----D---- C:\ProgramData
2011-04-06 19:40:16 ----D---- C:\Windows\system32\drivers\AVG
2011-04-06 19:15:51 ----D---- C:\Program Files\Java
2011-04-05 00:00:20 ----D---- C:\Windows\system32\catroot2
2011-04-04 07:17:40 ----D---- C:\Users\Home\AppData\Roaming\WinFF
2011-04-03 19:06:51 ----D---- C:\Windows\Help
2011-04-03 14:35:06 ----D---- C:\Windows\system32\config
2011-04-03 14:34:53 ----D---- C:\Windows\Tasks
2011-04-03 14:34:53 ----D---- C:\Windows\system32\wbem
2011-04-03 14:34:53 ----D---- C:\Windows\system32\spool
2011-04-03 14:34:53 ----D---- C:\Windows\system32\Msdtc
2011-04-03 14:34:46 ----D---- C:\Windows\registration
2011-04-03 11:09:32 ----D---- C:\Windows\winsxs
2011-04-03 11:09:26 ----D---- C:\Windows\system32\catroot
2011-04-03 11:07:49 ----D---- C:\Windows\SoftwareDistribution
2011-04-03 11:06:14 ----D---- C:\Windows\system32\Tasks
2011-04-03 11:05:46 ----D---- C:\ProgramData\Hewlett-Packard
2011-04-03 11:05:25 ----D---- C:\hp
2011-04-03 11:04:11 ----HD---- C:\Program Files\InstallShield Installation Information
2011-04-03 11:01:51 ----D---- C:\Program Files\Hewlett-Packard
2011-04-03 11:01:12 ----AD---- C:\ProgramData\TEMP
2011-04-03 10:55:11 ----D---- C:\Program Files\HP
2011-04-03 09:34:58 ----D---- C:\Windows\Web
2011-04-02 22:18:09 ----D---- C:\Program Files\SpywareBlaster
2011-04-02 21:27:20 ----D---- C:\Windows\SMINST
2011-03-23 15:56:36 ----D---- C:\Program Files\Mozilla Firefox
2011-03-22 15:25:18 ----SD---- C:\Users\Home\AppData\Roaming\Microsoft
2011-03-10 20:33:29 ----D---- C:\Windows\rescache
2011-03-10 20:30:07 ----D---- C:\Windows\Microsoft.NET
2011-03-10 20:29:28 ----RSD---- C:\Windows\assembly
2011-03-10 20:19:44 ----D---- C:\ProgramData\NVIDIA
2011-03-10 20:13:54 ----D---- C:\Windows\system32\en-US
2011-03-10 20:13:50 ----D---- C:\Windows\system32\uk-UA
2011-03-10 20:13:50 ----D---- C:\Windows\system32\sl-SI
2011-03-10 20:13:50 ----D---- C:\Windows\system32\pt-PT
2011-03-10 20:13:50 ----D---- C:\Windows\system32\pt-BR
2011-03-10 20:13:50 ----D---- C:\Windows\system32\pl-PL
2011-03-10 20:13:50 ----D---- C:\Windows\system32\ko-KR
2011-03-10 20:13:50 ----D---- C:\Windows\system32\it-IT
2011-03-10 20:13:50 ----D---- C:\Windows\system32\hu-HU
2011-03-10 20:13:50 ----D---- C:\Windows\system32\hr-HR
2011-03-10 20:13:50 ----D---- C:\Windows\system32\he-IL
2011-03-10 20:13:50 ----D---- C:\Windows\system32\bg-BG
2011-03-10 20:13:49 ----D---- C:\Windows\system32\zh-TW
2011-03-10 20:13:49 ----D---- C:\Windows\system32\zh-HK
2011-03-10 20:13:49 ----D---- C:\Windows\system32\zh-CN
2011-03-10 20:13:49 ----D---- C:\Windows\system32\tr-TR
2011-03-10 20:13:49 ----D---- C:\Windows\system32\th-TH
2011-03-10 20:13:49 ----D---- C:\Windows\system32\sv-SE
2011-03-10 20:13:49 ----D---- C:\Windows\system32\sr-Latn-CS
2011-03-10 20:13:49 ----D---- C:\Windows\system32\sk-SK
2011-03-10 20:13:49 ----D---- C:\Windows\system32\ru-RU
2011-03-10 20:13:49 ----D---- C:\Windows\system32\ro-RO
2011-03-10 20:13:49 ----D---- C:\Windows\system32\nl-NL
2011-03-10 20:13:49 ----D---- C:\Windows\system32\nb-NO
2011-03-10 20:13:49 ----D---- C:\Windows\system32\lv-LV
2011-03-10 20:13:49 ----D---- C:\Windows\system32\lt-LT
2011-03-10 20:13:49 ----D---- C:\Windows\system32\ja-JP
2011-03-10 20:13:49 ----D---- C:\Windows\system32\fr-FR
2011-03-10 20:13:49 ----D---- C:\Windows\system32\fi-FI
2011-03-10 20:13:49 ----D---- C:\Windows\system32\et-EE
2011-03-10 20:13:49 ----D---- C:\Windows\system32\es-ES
2011-03-10 20:13:49 ----D---- C:\Windows\system32\el-GR
2011-03-10 20:13:49 ----D---- C:\Windows\system32\de-DE
2011-03-10 20:13:49 ----D---- C:\Windows\system32\da-DK
2011-03-10 20:13:49 ----D---- C:\Windows\system32\cs-CZ
2011-03-10 20:13:49 ----D---- C:\Windows\system32\ar-SA
2011-03-10 20:13:48 ----D---- C:\Program Files\Internet Explorer
2011-03-10 20:13:47 ----D---- C:\Windows\ehome
2011-03-10 20:13:47 ----D---- C:\Program Files\Windows Mail
2011-03-10 20:13:40 ----RSD---- C:\Windows\Fonts
2011-03-10 20:13:35 ----D---- C:\Windows\PolicyDefinitions
2011-03-10 19:52:37 ----D---- C:\Windows\system32\RTCOM
2011-03-10 04:22:47 ----D---- C:\Program Files\Microsoft Silverlight
2011-03-10 04:01:54 ----D---- C:\Windows\Debug
2011-03-10 04:01:52 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-07-04 44944]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-03-04 137656]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-03-04 61960]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-02-12 985600]
R3 HSXHWBS3;HSXHWBS3; C:\Windows\system32\DRIVERS\HSXHWBS3.sys [2008-02-12 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-11 2324512]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-20 9216]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-02-12 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\Windows\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360]
S3 catchme;catchme; \??\C:\Users\Home\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-04-28 54632]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-01-02 36608]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2008-02-22 87936]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2008-02-22 14976]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2008-02-22 114304]
S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\sscdserd.sys [2008-02-22 94336]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2008-05-22 15360]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-03-04 269480]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-02 94208]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-13 136176]
S2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-03-28 165416]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
Zaphod
Regular Member
 
Posts: 29
Joined: November 1st, 2010, 3:13 pm

Re: Vista Security 2011

Unread postby Cypher » April 7th, 2011, 3:06 pm

Hi Zaphod.
You posted the RSIT.log.txt twice i need to see the "info.txt", post it in your next reply please.
It can be found by going to Start > Computer > C: > RSIT > info.txt.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Vista Security 2011

Unread postby Zaphod » April 7th, 2011, 3:27 pm

oops. my apologies

info.txt logfile of random's system information tool 1.08 2011-04-07 14:43:10

======Uninstall list======

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Boggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Build-a-lot\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Hidden Relics\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest II\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest Solitaire\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\JoJo's Fashion Show\Uninstall.exe"
-->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Mystery P.I. - The Lottery Ticket\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny 4\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x0009 -removeonly
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe -maintain plugin
Adobe Reader X (10.0.1)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA0000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
AIM 7-->C:\Program Files\AIM\uninst.exe
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Print Creations - Album Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1AlbumPage
ArcSoft Print Creations - Funhouse-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Funhouse
ArcSoft Print Creations - Greeting Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1GreetingCard
ArcSoft Print Creations - Photo Book-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1PhotoBook
ArcSoft Print Creations - Photo Calendar-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Calendar
ArcSoft Print Creations - Scrapbook-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1ScrapBook
ArcSoft Print Creations - Slimline Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Slimline
ArcSoft Print Creations-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
DVD Flick 1.3.0.7-->"C:\Program Files\DVD Flick\unins000.exe"
Google Earth-->MsiExec.exe /X{C768790F-04FB-11E0-9B2C-001AA037B01E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor for Windows\uninst.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Demo-->MsiExec.exe /X{48BF4489-0C58-4E80-BB17-94A673CE310A}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}\setup.exe" -l0x9 -removeonly
HP MediaSmart DVD-->"C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP MediaSmart DVD-->"C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP Recovery Manager RSS-->MsiExec.exe /X{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}
HP Total Care Advisor-->MsiExec.exe /X{f32502b5-5b64-4882-bf61-77f23edcac4f}
HP Update-->MsiExec.exe /X{612F4E20-3661-4D44-AD79-823F1B613FB3}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216024FF}
Junk Mail filter update-->MsiExec.exe /I{8E5233E1-7495-44FB-8DEB-4BE906D59619}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox 4.0 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Music Transfer-->C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe -runfromtemp -l0x0009 -removeonly
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
PCIe Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_HSF\UIU32m.exe -U -IHPKIWIz.INF
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
Python 2.5.2-->MsiExec.exe /I{6B976ADF-8AE8-434E-B282-A06C7F624D2F}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Safari-->MsiExec.exe /I{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Sony Vegas Pro 8.0-->MsiExec.exe /X{1246FF64-3035-4A92-8FE6-A968275495EB}
SpywareBlaster 4.4-->"C:\Program Files\SpywareBlaster\unins000.exe"
The Sims™ 2 Double Deluxe-->C:\Program Files\EA GAMES\The Sims 2 Double Deluxe\EAUninstall.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\Windows\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\Windows\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf
Windows Live Call-->MsiExec.exe /I{E6158D07-2637-4ECF-B576-37C489669174}
Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}
Windows Live Family Safety-->MsiExec.exe /X{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}
Windows Live Movie Maker-->MsiExec.exe /X{9F479685-180E-4C05-9400-D59292A1B29C}
Windows Live Photo Gallery-->MsiExec.exe /X{EE39FFBD-544E-49E4-A999-6819828EAE91}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{B10914FD-8812-47A4-85A1-50FCDE7F1F33}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinFF 1.1-->"C:\Program Files\WinFF\unins000.exe"
YouTube Downloader 2.6.5-->"C:\Program Files\YouTube Downloader\uninstall.exe"

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Home-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB976098(Update) into Install Requested(Install Requested) state
Record Number: 66963
Source Name: Microsoft-Windows-Servicing
Time Written: 20100214015103.000000-000
Event Type: Warning
User: CAITLYNDESKTOP\Home

Computer Name: Home-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB976098(Update) into Install Requested(Install Requested) state
Record Number: 66926
Source Name: Microsoft-Windows-Servicing
Time Written: 20100214015103.000000-000
Event Type: Warning
User: CAITLYNDESKTOP\Home

Computer Name: Home-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB976098(Update) into Installed(Installed) state
Record Number: 66925
Source Name: Microsoft-Windows-Servicing
Time Written: 20100214015103.000000-000
Event Type: Warning
User: CAITLYNDESKTOP\Home

Computer Name: Home-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB976098(Update) into Installed(Installed) state
Record Number: 66924
Source Name: Microsoft-Windows-Servicing
Time Written: 20100214015103.000000-000
Event Type: Warning
User: CAITLYNDESKTOP\Home

Computer Name: Home-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB976098(Update) into Installed(Installed) state
Record Number: 66923
Source Name: Microsoft-Windows-Servicing
Time Written: 20100214015103.000000-000
Event Type: Warning
User: CAITLYNDESKTOP\Home

=====Application event log=====

Computer Name: Home-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 535
Source Name: Microsoft-Windows-WMI
Time Written: 20090716012333.000000-000
Event Type: Error
User:

Computer Name: Home-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 527
Source Name: Microsoft-Windows-Search
Time Written: 20090716012312.000000-000
Event Type: Warning
User:

Computer Name: Home-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {ee9df105-c24b-4ed5-adba-c4cf1d6b4668}
Record Number: 463
Source Name: VSS
Time Written: 20090716001343.000000-000
Event Type: Error
User:

Computer Name: Home-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 363
Source Name: Microsoft-Windows-Search
Time Written: 20090716021128.000000-000
Event Type: Warning
User:

Computer Name: WIN-ZRR6AAO2DK4
Event Code: 1036
Message: InitializePrintProvider failed for provider inetpp.dll. This can occur because of system instability or a lack of system resources.
Record Number: 333
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20090716020834.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: Home-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x14ce422

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 307632
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100512093126.523203-000
Event Type: Audit Success
User:

Computer Name: Home-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x14ce422
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: YOUR-U3EF4OUUIR
Source Network Address: 192.168.0.199
Source Port: 1451

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 307631
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100512093126.523203-000
Event Type: Audit Success
User:

Computer Name: Home-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x14ce414
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: YOUR-U3EF4OUUIR
Source Network Address: 192.168.0.199
Source Port: 1451

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 307630
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100512093126.507603-000
Event Type: Audit Success
User:

Computer Name: Home-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x14ce414

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 307629
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100512093126.507603-000
Event Type: Audit Success
User:

Computer Name: Home-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x133aa5a
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: YOUR-U3EF4OUUIR
Source Network Address: 192.168.0.199
Source Port: 1184

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 307628
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100512091926.536403-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\hp\bin\Python;C:\Program Files\QuickTime\QTSystem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=HPD
"PCBRAND"=Presario
"MSWorksProductCode"={15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------
Zaphod
Regular Member
 
Posts: 29
Joined: November 1st, 2010, 3:13 pm

Re: Vista Security 2011

Unread postby Cypher » April 7th, 2011, 3:42 pm

Hi Zaphod.
oops. my apologies

Not a problem don't worry about it :)
Just a couple of things to tidy up then if no other problems i can give you final instructions.

Download and run OTM

Download OTM.exe by Old Timer and save it to your Desktop.
  • Right-click OTM.exe "Run As Administrator" to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.msn.com"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=-
    "ProxyOverride"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [-HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    
    :Files
    C:\Program Files\BearShare 
    ipconfig /flushdns /c
    
    :Commands
    [EmptyFlash]
    [emptytemp]
    [ClearAllRestorePoints]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. ( it will be maximized )
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)


Logs/Information to Post in your Next Reply

  • OTM log.
  • RSIT log.txt.
  • Please give me an update on how your computer is performing.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Vista Security 2011

Unread postby Zaphod » April 7th, 2011, 4:21 pm

Hi Cypher

OTM log in this post. RSIT in the next

FYI - When the OTM program was done, the entire computer froze...had to reboot machine (as opposed to it asking to do so). The log file DID pop up after rebooting though.

Computer still running fine. :)

OTM log:

All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"http://www.msn.com" /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
========== FILES ==========
File/Folder C:\Program Files\BearShare not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Home\Desktop\Malware\cmd.bat deleted successfully.
C:\Users\Home\Desktop\Malware\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: crk

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 23767110 bytes
->Java cache emptied: 12118713 bytes
->FireFox cache emptied: 83243762 bytes
->Flash cache emptied: 2137 bytes

User: Guestt
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 14672911 bytes
->Java cache emptied: 12118713 bytes
->FireFox cache emptied: 86410817 bytes
->Flash cache emptied: 3152 bytes

User: Home
->Temp folder emptied: 275422 bytes
->Temporary Internet Files folder emptied: 605392375 bytes
->Java cache emptied: 3683209 bytes
->FireFox cache emptied: 224754266 bytes
->Flash cache emptied: 282603 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 541666 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 13690551 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,031.00 mb


Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.17.2 log created on 04072011_155551

Files moved on Reboot...

Registry entries deleted on Reboot...
Zaphod
Regular Member
 
Posts: 29
Joined: November 1st, 2010, 3:13 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 93 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware