Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Uh oh ! my HJthis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Uh oh ! my HJthis log

Unread postby irridion » July 28th, 2009, 1:15 am

Well, even though I thought I was fairly well protected something has snuck through. I cannot run any spy ware or anti virus programs and I had to rename Hijack this to get it to run or I would reboot into a blue screen. Also I cannot load the vista service packs for some reason...Here is my log, please lend me a hand!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:25 AM, on 28/07/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\jack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=en-CA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - c:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VirtualCloneDrive] "c:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] c:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL2 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL2 (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10912 bytes
irridion
Active Member
 
Posts: 9
Joined: July 28th, 2009, 1:01 am
Advertisement
Register to Remove

Re: Uh oh ! my HJthis log

Unread postby Sharagoz » July 30th, 2009, 5:15 pm

Hello irridion, welcome to MWR
Please take note of the following before we begin the cleaning process:
  • The whole process will usually take at least a week complete, sometimes several weeks depending on the severity of the infection and how promptly you and me are able to reply, so please stay patient
  • Hang in there until I give you the 'All clean'. If you leave prematurely because your computer seems to be back to its old self, the risk of re-infection will be very high
  • Perform all actions in the order given
  • The instructions I give expect that you're using an account with administrator privileges and that the language of your operating system is English.
  • Dont be afraid to ask questions if something is unclear or you run into issues during cleaning steps
  • I recommend you read through each set of instructions before you actually perform them

The first thing you should do is to subscribe to this topic.
In the top left corner of your opening post there is a link called Subscribe topic. If you click it you will be subscribed to this thread and will receive instant email notification of new replies. Most find that this works better than periodically checking back here to see if there's any new posts.

The second thing you should do is to take a backup of everything you have on the computer that's important not to lose.
I will do my best to ensure a safe removal procedure, but it does happen on rare occations that computers does not make it through disinfection and must be reinstalled.

1) Temporarily disable UAC
You need to temporarily disable Vistas User Account Control, as it may interfere with some of the tools we use
  • Click the Start button and then Control Panel
  • In the control panels lefthand pane, make sure Control Panel Home is selected
  • In the righthand pane, click User Accounts and Family Safety
  • Click User Accounts
  • Click Turn User Account Control on or off
  • If Use UAC to protect your computer doesn't have a checkmark, skip to the next step
  • If it does, remove the checkmark, press OK and then restart your computer
Note:
We'll re-enable UAC again after we're done cleaning your computer.

2) Download and run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop
  • Double click on RSIT.exe to run RSIT
  • Click Continue at the disclaimer screen to start the scanner
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Post the contents of both log.txt and info.txt in your next reply

3) Download and run GMER
  • Download gmer.zip by GMER from here and extract it to a folder on your desktop
  • Double click on gmer.exe to launch the program
  • If asked, allow the gmer.sys driver to load
  • If it warns you about rootkit activity and asks if you want to run scan, click OK
  • If you don't get a warning, click the Rootkit/Malware tab and then Scan
    (The scan typically takes around 30 minutes to complete)
  • Once the scan has finished, click copy
    (There is no message displayed when the scan is finished, it will simply stop going through files)
  • A log will now be copied to the clip board
  • Paste this log into your next reply

Logs I need:
Both RSIT logs
GMER log
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Uh oh ! my HJthis log

Unread postby irridion » August 4th, 2009, 5:54 pm

Sorry for the delay in responding I was away for a few days. Here is the First RSIT log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Shane at 2009-08-04 17:52:36
Microsoft® Windows Vista™ Ultimate
System drive C: has 19 GB (26%) free of 71 GB
Total RAM: 2046 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:52:49 PM, on 04/08/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Shane\Downloads\RSIT(2).exe
C:\Program Files\Trend Micro\HijackThis\Shane.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=en-CA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - c:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VirtualCloneDrive] "c:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] c:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL2 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL2 (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11002 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{0AE9F92C-1697-487E-B151-819B63184BED}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - c:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-07 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - c:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-07-07 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - c:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-07 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - c:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-07 256112]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-22 107112]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-11-28 134808]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]
"VirtualCloneDrive"=c:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-26 85160]
"Flashget"=C:\Program Files\FlashGet\FlashGet.exe [2007-09-25 2007088]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2009-02-27 38768]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2009-02-27 640376]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"swg"=c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-07 39408]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"SpybotSD TeaTimer"=c:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\Windows\system32\CTHELPER.EXE [2007-03-05 19456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
C:\Windows\system32\CTXFIHLP.EXE [2007-03-05 19968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2006-11-02 125440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
c:\Program Files\Registry Mechanic\RMTray.exe [2008-07-03 812952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\windows sidebar\sidebar.exe [2008-01-09 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2009-07-07 1217784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-11-30 185632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
c:\Program Files\uTorrent\uTorrent.exe [2009-07-11 288048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
c:\Program Files\Windows Defender\MSASCui.exe [2007-04-11 1006264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
oobefldr.dll,ShowWelcomeCenter []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Shane^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Shane^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
C:\PROGRA~1\Xfire\Xfire.exe [2006-06-07 4154504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-10-18 233888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\LSTsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65123fa8-ed4d-11db-a042-001a4d6287c8}]
shell\AutoRun\command - H:\Autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65123fdb-ed4d-11db-a042-001a4d6287c8}]
shell\AutoRun\command - I:\Autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65ccf1ea-70a8-11de-9ea7-806e6f6e6963}]
shell\AutoRun\command - E:\Run.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3403a0f-16e4-11dc-b919-001a4d6287c8}]
shell\AutoRun\command - J:\LaunchU3.exe -a


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2009-08-04 16:18:38 ----RA---- C:\Windows\system32\AdobePDFUI.dll
2009-08-04 16:18:38 ----RA---- C:\Windows\system32\AdobePDF.dll
2009-07-30 17:30:00 ----D---- C:\Program Files\Common Files\ResearchSoft
2009-07-30 17:25:28 ----D---- c:\Program Files\EndNote X3
2009-07-29 05:39:35 ----A---- C:\Windows\system32\mshtml.dll
2009-07-29 05:39:35 ----A---- C:\Windows\system32\ieframe.dll
2009-07-29 05:39:34 ----A---- C:\Windows\system32\wininet.dll
2009-07-29 05:39:34 ----A---- C:\Windows\system32\urlmon.dll
2009-07-29 05:39:34 ----A---- C:\Windows\system32\occache.dll
2009-07-29 05:39:34 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-29 05:39:34 ----A---- C:\Windows\system32\ieui.dll
2009-07-29 05:39:34 ----A---- C:\Windows\system32\iertutil.dll
2009-07-29 05:39:34 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-29 05:39:33 ----A---- C:\Windows\system32\msfeedssync.exe
2009-07-29 05:39:33 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-07-29 05:39:33 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-29 05:39:33 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-29 05:39:33 ----A---- C:\Windows\system32\iesysprep.dll
2009-07-29 05:39:33 ----A---- C:\Windows\system32\iesetup.dll
2009-07-29 05:39:33 ----A---- C:\Windows\system32\iernonce.dll
2009-07-29 05:39:33 ----A---- C:\Windows\system32\iepeers.dll
2009-07-29 05:39:33 ----A---- C:\Windows\system32\ie4uinit.exe
2009-07-28 01:16:47 ----D---- C:\rsit
2009-07-28 00:54:01 ----D---- c:\Program Files\Trend Micro
2009-07-27 14:01:44 ----D---- C:\Users\Shane\AppData\Roaming\Download Manager
2009-07-26 16:34:59 ----D---- C:\Users\Shane\AppData\Roaming\FlashGet
2009-07-26 16:34:53 ----D---- c:\Program Files\FlashGet
2009-07-21 19:55:31 ----D---- C:\Users\Shane\AppData\Roaming\HouseCall 6.6
2009-07-21 19:55:17 ----D---- C:\Windows\Sun
2009-07-21 18:23:59 ----D---- c:\Program Files\GIGABYTE
2009-07-19 19:00:38 ----D---- C:\Program Files\Common Files\DivX Shared
2009-07-19 18:55:05 ----D---- C:\Users\Shane\AppData\Roaming\vlc
2009-07-17 21:20:31 ----D---- C:\Users\Shane\AppData\Roaming\SlySoft
2009-07-17 21:17:53 ----ASH---- C:\Windows\S1AB52DD3.tmp
2009-07-17 21:17:41 ----D---- c:\Program Files\SlySoft
2009-07-17 20:44:10 ----D---- c:\Program Files\WOT Spy
2009-07-17 19:29:17 ----D---- C:\ProgramData\ATI
2009-07-17 19:14:46 ----A---- C:\Windows\system32\unrar.dll
2009-07-17 19:14:45 ----A---- C:\Windows\avisplitter.ini
2009-07-17 19:14:44 ----A---- C:\Windows\system32\yv12vfw.dll
2009-07-17 19:14:44 ----A---- C:\Windows\system32\xvidvfw.dll
2009-07-17 19:14:44 ----A---- C:\Windows\system32\xvidcore.dll
2009-07-17 19:14:44 ----A---- C:\Windows\system32\vp7vfw.dll
2009-07-17 19:14:44 ----A---- C:\Windows\system32\vp6vfw.dll
2009-07-17 19:14:44 ----A---- C:\Windows\system32\qt-dx331.dll
2009-07-17 19:14:44 ----A---- C:\Windows\system32\huffyuv.dll
2009-07-17 19:14:43 ----A---- C:\Windows\system32\dpl100.dll
2009-07-17 19:14:42 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2009-07-17 19:14:42 ----A---- C:\Windows\system32\ff_vfw.dll
2009-07-17 19:14:41 ----D---- c:\Program Files\K-Lite Codec Pack
2009-07-16 17:03:40 ----D---- C:\Users\Shane\AppData\Roaming\EndNote
2009-07-16 17:01:06 ----D---- C:\Program Files\Common Files\Risxtd
2009-07-16 16:56:44 ----D---- C:\ProgramData\Thomson.ResearchSoft.Installers
2009-07-15 13:29:57 ----D---- C:\ProgramData\Malwarebytes
2009-07-15 13:29:57 ----D---- c:\Program Files\Malwarebytes' Anti-Malware
2009-07-15 13:26:01 ----D---- C:\Users\Shane\AppData\Roaming\SUPERAntiSpyware.com
2009-07-14 22:09:07 ----SHD---- C:\Windows\system32\%APPDATA%
2009-07-14 20:22:34 ----A---- C:\Windows\system32\t2embed.dll
2009-07-14 20:22:34 ----A---- C:\Windows\system32\fontsub.dll
2009-07-14 20:22:33 ----A---- C:\Windows\system32\lpk.dll
2009-07-14 20:22:33 ----A---- C:\Windows\system32\dciman32.dll
2009-07-14 20:22:33 ----A---- C:\Windows\system32\atmlib.dll
2009-07-14 20:22:33 ----A---- C:\Windows\system32\atmfd.dll
2009-07-14 18:58:16 ----A---- C:\Windows\system32\winresume.exe
2009-07-14 18:58:15 ----A---- C:\Windows\system32\winload.exe
2009-07-14 16:12:53 ----A---- C:\Windows\system32\msls31.dll
2009-07-14 16:12:53 ----A---- C:\Windows\system32\mshtmler.dll
2009-07-14 16:12:53 ----A---- C:\Windows\system32\mshtmled.dll
2009-07-14 16:12:53 ----A---- C:\Windows\system32\icardie.dll
2009-07-14 16:12:53 ----A---- C:\Windows\system32\corpol.dll
2009-07-14 16:12:53 ----A---- C:\Windows\system32\admparse.dll
2009-07-14 16:12:52 ----A---- C:\Windows\system32\webcheck.dll
2009-07-14 16:12:52 ----A---- C:\Windows\system32\msrating.dll
2009-07-14 16:12:52 ----A---- C:\Windows\system32\licmgr10.dll
2009-07-14 16:12:52 ----A---- C:\Windows\system32\inseng.dll
2009-07-14 16:12:52 ----A---- C:\Windows\system32\imgutil.dll
2009-07-14 16:12:52 ----A---- C:\Windows\system32\ieaksie.dll
2009-07-14 16:12:52 ----A---- C:\Windows\system32\ieakeng.dll
2009-07-14 16:12:52 ----A---- C:\Windows\system32\dxtrans.dll
2009-07-14 16:12:52 ----A---- C:\Windows\system32\dxtmsft.dll
2009-07-14 16:12:51 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-07-14 16:12:51 ----A---- C:\Windows\system32\wextract.exe
2009-07-14 16:12:51 ----A---- C:\Windows\system32\vbscript.dll
2009-07-14 16:12:51 ----A---- C:\Windows\system32\pngfilt.dll
2009-07-14 16:12:51 ----A---- C:\Windows\system32\mstime.dll
2009-07-14 16:12:51 ----A---- C:\Windows\system32\jscript.dll
2009-07-14 16:12:51 ----A---- C:\Windows\system32\ieapfltr.dll
2009-07-14 16:12:51 ----A---- C:\Windows\system32\ieakui.dll
2009-07-14 16:12:51 ----A---- C:\Windows\system32\advpack.dll
2009-07-14 16:12:50 ----A---- C:\Windows\system32\url.dll
2009-07-14 16:12:50 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-07-14 16:12:50 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-07-14 16:12:50 ----A---- C:\Windows\system32\PDMSetup.exe
2009-07-14 16:12:50 ----A---- C:\Windows\system32\mshta.exe
2009-07-14 16:12:50 ----A---- C:\Windows\system32\iexpress.exe
2009-07-11 20:51:07 ----D---- c:\Program Files\MSN
2009-07-11 20:17:11 ----D---- c:\Program Files\OpenAL
2009-07-11 20:17:11 ----A---- C:\Windows\system32\wrap_oal.dll
2009-07-11 20:17:11 ----A---- C:\Windows\system32\OpenAL32.dll
2009-07-11 20:02:02 ----A---- C:\Windows\system32\SPWizUI.dll
2009-07-11 20:02:02 ----A---- C:\Windows\system32\SPReview.exe
2009-07-11 19:49:16 ----A---- C:\Windows\system32\cbsra.exe
2009-07-11 19:19:05 ----D---- c:\Program Files\Eusing Free Registry Cleaner
2009-07-11 17:24:19 ----A---- C:\Windows\system32\msxml.dll
2009-07-11 17:24:18 ----A---- C:\Windows\system32\STKIT432.DLL
2009-07-11 17:24:16 ----D---- c:\Program Files\Registry Mechanic
2009-07-11 17:21:51 ----D---- c:\Program Files\Mediaview
2009-07-11 16:52:21 ----D---- C:\Users\Shane\AppData\Roaming\Uniblue
2009-07-11 16:52:21 ----D---- C:\ProgramData\DriverScanner
2009-07-11 16:52:21 ----D---- c:\Program Files\Uniblue
2009-07-11 16:51:44 ----HDC---- C:\ProgramData\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-07-11 16:37:07 ----A---- C:\Windows\system32\es.dll
2009-07-11 16:36:43 ----A---- C:\Windows\system32\D3DX9_39.dll
2009-07-11 16:34:15 ----A---- C:\Windows\system32\gpprefcl.dll
2009-07-11 16:00:42 ----D---- C:\Windows\system32\WindowsPowerShell
2009-07-11 15:59:14 ----D---- c:\Program Files\Microsoft ATS
2009-07-11 15:46:17 ----D---- C:\ProgramData\PC Drivers HeadQuarters
2009-07-11 13:59:30 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-07-11 13:58:42 ----D---- C:\ProgramData\NOS
2009-07-11 13:58:42 ----D---- c:\Program Files\NOS
2009-07-11 13:33:20 ----D---- c:\Program Files\Port Detective
2009-07-11 13:33:20 ----A---- C:\Windows\iun6002.exe
2009-07-11 13:11:10 ----D---- c:\Program Files\uTorrent
2009-07-11 13:10:46 ----D---- C:\Users\Shane\AppData\Roaming\uTorrent
2009-07-08 17:57:26 ----D---- c:\Program Files\Microsoft Silverlight
2009-07-08 17:57:05 ----DC---- C:\Windows\system32\DRVSTORE
2009-07-08 17:56:14 ----D---- c:\Program Files\Microsoft Sync Framework
2009-07-08 17:54:59 ----D---- c:\Program Files\Microsoft SQL Server Compact Edition
2009-07-08 17:52:54 ----D---- c:\Program Files\Microsoft
2009-07-08 17:52:36 ----D---- c:\Program Files\Windows Live SkyDrive
2009-07-08 17:52:20 ----D---- c:\Program Files\Windows Live
2009-07-08 17:48:42 ----D---- C:\Program Files\Common Files\Windows Live
2009-07-08 10:54:25 ----D---- c:\Program Files\Windows Installer Clean Up
2009-07-08 09:26:28 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-07-08 09:26:28 ----D---- c:\Program Files\Spybot - Search & Destroy
2009-07-07 17:46:32 ----D---- c:\Program Files\Monitor Calibration Wizard
2009-07-07 16:18:50 ----A---- C:\Windows\system32\winipsec.dll
2009-07-07 16:18:50 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-07-07 16:18:49 ----A---- C:\Windows\system32\polstore.dll
2009-07-07 16:18:49 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-07-07 16:17:49 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-07-07 16:17:48 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-07-07 16:17:48 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-07-07 16:16:43 ----A---- C:\Windows\system32\mcmde.dll
2009-07-07 16:16:42 ----A---- C:\Windows\system32\psisdecd.dll
2009-07-07 16:16:42 ----A---- C:\Windows\system32\EncDec.dll
2009-07-07 16:15:03 ----A---- C:\Windows\system32\WebClnt.dll
2009-07-07 16:12:52 ----A---- C:\Windows\system32\winhttp.dll
2009-07-07 16:11:59 ----A---- C:\Windows\system32\gdi32.dll
2009-07-07 16:09:11 ----A---- C:\Windows\system32\xolehlp.dll
2009-07-07 16:09:11 ----A---- C:\Windows\system32\msdtcprx.dll
2009-07-07 16:08:22 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-07-07 16:08:20 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-07-07 16:08:20 ----A---- C:\Windows\system32\gameux.dll
2009-07-07 16:07:13 ----A---- C:\Windows\system32\wmpeffects.dll
2009-07-07 16:06:23 ----A---- C:\Windows\system32\msxml3r.dll
2009-07-07 16:06:23 ----A---- C:\Windows\system32\msxml3.dll
2009-07-07 16:05:22 ----A---- C:\Windows\system32\netapi32.dll
2009-07-07 16:03:35 ----A---- C:\Windows\system32\tzres.dll
2009-07-07 16:02:20 ----A---- C:\Windows\system32\wmploc.DLL
2009-07-07 16:02:20 ----A---- C:\Windows\system32\wmp.dll
2009-07-07 16:02:19 ----A---- C:\Windows\system32\spwmp.dll
2009-07-07 16:02:19 ----A---- C:\Windows\system32\dxmasf.dll
2009-07-07 16:00:57 ----A---- C:\Windows\system32\shell32.dll
2009-07-07 15:59:58 ----A---- C:\Windows\system32\localspl.dll
2009-07-07 15:57:04 ----A---- C:\Windows\explorer.exe
2009-07-07 15:55:17 ----A---- C:\Windows\system32\netcfg.exe
2009-07-07 15:55:16 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-07-07 15:55:16 ----A---- C:\Windows\system32\netiougc.exe
2009-07-07 15:54:09 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2009-07-07 15:54:09 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2009-07-07 15:54:09 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2009-07-07 15:54:09 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2009-07-07 15:54:09 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2009-07-07 15:54:08 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2009-07-07 15:54:08 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2009-07-07 15:54:08 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2009-07-07 15:54:07 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2009-07-07 15:54:07 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2009-07-07 15:54:07 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2009-07-07 15:54:07 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2009-07-07 15:54:06 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2009-07-07 15:54:06 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2009-07-07 15:54:06 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2009-07-07 15:54:05 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2009-07-07 15:54:05 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2009-07-07 15:54:05 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2009-07-07 15:54:05 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2009-07-07 15:54:04 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2009-07-07 15:54:04 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2009-07-07 15:54:04 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-07-07 15:54:04 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-07-07 15:54:03 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2009-07-07 15:54:03 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2009-07-07 15:54:03 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2009-07-07 15:54:03 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2009-07-07 15:54:03 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2009-07-07 15:54:02 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2009-07-07 15:54:02 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2009-07-07 15:54:02 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2009-07-07 15:54:01 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2009-07-07 15:54:01 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2009-07-07 15:54:01 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2009-07-07 15:54:01 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2009-07-07 15:54:00 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2009-07-07 15:54:00 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2009-07-07 15:54:00 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2009-07-07 15:53:59 ----A---- C:\Windows\system32\NlsModels0011.dll
2009-07-07 15:53:59 ----A---- C:\Windows\system32\NlsData0047.dll
2009-07-07 15:53:59 ----A---- C:\Windows\system32\NlsData0046.dll
2009-07-07 15:53:59 ----A---- C:\Windows\system32\NlsData0045.dll
2009-07-07 15:53:58 ----A---- C:\Windows\system32\NlsData0049.dll
2009-07-07 15:53:58 ----A---- C:\Windows\system32\NlsData0039.dll
2009-07-07 15:53:58 ----A---- C:\Windows\system32\NlsData0022.dll
2009-07-07 15:53:58 ----A---- C:\Windows\system32\NlsData0021.dll
2009-07-07 15:53:58 ----A---- C:\Windows\system32\NlsData0020.dll
2009-07-07 15:53:57 ----A---- C:\Windows\system32\NlsData0027.dll
2009-07-07 15:53:57 ----A---- C:\Windows\system32\NlsData0026.dll
2009-07-07 15:53:57 ----A---- C:\Windows\system32\NlsData0024.dll
2009-07-07 15:53:57 ----A---- C:\Windows\system32\NlsData0010.dll
2009-07-07 15:53:56 ----A---- C:\Windows\system32\NlsData0018.dll
2009-07-07 15:53:56 ----A---- C:\Windows\system32\NlsData0013.dll
2009-07-07 15:53:56 ----A---- C:\Windows\system32\NlsData0011.dll
2009-07-07 15:53:56 ----A---- C:\Windows\system32\NlsData0000.dll
2009-07-07 15:53:55 ----A---- C:\Windows\system32\NlsData0019.dll
2009-07-07 15:53:55 ----A---- C:\Windows\system32\NlsData0003.dll
2009-07-07 15:53:55 ----A---- C:\Windows\system32\NlsData0002.dll
2009-07-07 15:53:55 ----A---- C:\Windows\system32\NlsData0001.dll
2009-07-07 15:53:54 ----A---- C:\Windows\system32\NlsData004b.dll
2009-07-07 15:53:54 ----A---- C:\Windows\system32\NlsData004a.dll
2009-07-07 15:53:54 ----A---- C:\Windows\system32\NlsData0009.dll
2009-07-07 15:53:54 ----A---- C:\Windows\system32\NlsData0007.dll
2009-07-07 15:53:53 ----A---- C:\Windows\system32\NlsData004e.dll
2009-07-07 15:53:53 ----A---- C:\Windows\system32\NlsData004c.dll
2009-07-07 15:53:53 ----A---- C:\Windows\system32\NlsData003e.dll
2009-07-07 15:53:53 ----A---- C:\Windows\system32\NlsData002a.dll
2009-07-07 15:53:53 ----A---- C:\Windows\system32\NlsData001a.dll
2009-07-07 15:53:52 ----A---- C:\Windows\system32\NlsData001d.dll
2009-07-07 15:53:52 ----A---- C:\Windows\system32\NlsData001b.dll
2009-07-07 15:53:52 ----A---- C:\Windows\system32\NlsData000a.dll
2009-07-07 15:53:51 ----A---- C:\Windows\system32\NlsData000f.dll
2009-07-07 15:53:51 ----A---- C:\Windows\system32\NlsData000d.dll
2009-07-07 15:53:51 ----A---- C:\Windows\system32\NlsData000c.dll
2009-07-07 15:53:50 ----A---- C:\Windows\system32\NlsData081a.dll
2009-07-07 15:53:50 ----A---- C:\Windows\system32\NlsData0816.dll
2009-07-07 15:53:50 ----A---- C:\Windows\system32\NlsData0416.dll
2009-07-07 15:53:50 ----A---- C:\Windows\system32\NlsData0414.dll
2009-07-07 15:53:50 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-07-07 15:53:49 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2009-07-07 15:53:49 ----A---- C:\Windows\system32\NlsData0c1a.dll
2009-07-07 15:46:38 ----A---- C:\Windows\system32\rpcss.dll
2009-07-07 15:46:37 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-07-07 15:46:37 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-07-07 15:46:36 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-07-07 15:46:36 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-07-07 15:46:35 ----A---- C:\Windows\system32\sdohlp.dll
2009-07-07 15:46:35 ----A---- C:\Windows\system32\iasdatastore.dll
2009-07-07 15:46:35 ----A---- C:\Windows\system32\iasads.dll
2009-07-07 15:46:34 ----A---- C:\Windows\system32\iasrecst.dll
2009-07-07 15:44:23 ----A---- C:\Windows\system32\secur32.dll
2009-07-07 15:44:23 ----A---- C:\Windows\system32\lsass.exe
2009-07-07 15:44:23 ----A---- C:\Windows\system32\lsasrv.dll
2009-07-07 15:44:23 ----A---- C:\Windows\system32\kernel32.dll
2009-07-07 15:44:22 ----A---- C:\Windows\system32\apilogen.dll
2009-07-07 15:44:22 ----A---- C:\Windows\system32\amxread.dll
2009-07-07 15:42:30 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-07-07 15:42:29 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-07-07 15:42:29 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-07-07 15:29:50 ----A---- C:\Windows\system32\win32spl.dll
2009-07-07 15:29:50 ----A---- C:\Windows\system32\printcom.dll
2009-07-07 15:28:57 ----A---- C:\Windows\system32\wshrm.dll
2009-07-07 15:27:50 ----A---- C:\Windows\system32\oleaut32.dll
2009-07-07 15:26:34 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-07-07 15:26:34 ----A---- C:\Windows\system32\dnscacheugc.exe
2009-07-07 15:26:34 ----A---- C:\Windows\system32\dnsapi.dll
2009-07-07 15:25:59 ----A---- C:\Windows\system32\schannel.dll
2009-07-07 15:22:43 ----A---- C:\Windows\system32\infocardapi.dll
2009-07-07 15:22:43 ----A---- C:\Windows\system32\icardres.dll
2009-07-07 15:22:43 ----A---- C:\Windows\system32\icardagt.exe
2009-07-07 15:22:39 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-07 15:22:38 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-07-07 15:22:38 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-07-07 15:22:38 ----A---- C:\Windows\system32\PresentationHost.exe
2009-07-07 15:08:23 ----A---- C:\Windows\system32\netfxperf.dll
2009-07-07 15:08:23 ----A---- C:\Windows\system32\dfshim.dll
2009-07-07 15:08:21 ----A---- C:\Windows\system32\mscories.dll
2009-07-07 15:08:21 ----A---- C:\Windows\system32\mscorier.dll
2009-07-07 15:08:21 ----A---- C:\Windows\system32\mscoree.dll
2009-07-07 14:58:39 ----A---- C:\Windows\system32\rrinstaller.exe
2009-07-07 14:58:39 ----A---- C:\Windows\system32\mfps.dll
2009-07-07 14:58:39 ----A---- C:\Windows\system32\mfpmp.exe
2009-07-07 14:58:39 ----A---- C:\Windows\system32\mferror.dll
2009-07-07 14:58:39 ----A---- C:\Windows\system32\mf.dll
2009-07-07 14:58:38 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-07-07 14:58:38 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-07-07 14:58:38 ----A---- C:\Windows\system32\logagent.exe
2009-07-07 14:57:05 ----A---- C:\Windows\system32\INETRES.dll
2009-07-07 14:57:05 ----A---- C:\Windows\system32\inetcomm.dll
2009-07-07 14:56:48 ----A---- C:\Windows\system32\connect.dll
2009-07-07 14:56:21 ----A---- C:\Windows\system32\rpcrt4.dll
2009-07-07 14:56:02 ----A---- C:\Windows\system32\quartz.dll
2009-07-07 14:52:45 ----A---- C:\Windows\system32\msxml6.dll
2009-07-07 14:52:44 ----A---- C:\Windows\system32\msxml6r.dll
2009-07-07 14:15:16 ----A---- C:\Windows\system32\wups2.dll
2009-07-07 14:15:16 ----A---- C:\Windows\system32\wucltux.dll
2009-07-07 14:15:16 ----A---- C:\Windows\system32\wuaueng.dll
2009-07-07 14:15:16 ----A---- C:\Windows\system32\wuauclt.exe
2009-07-07 14:14:48 ----A---- C:\Windows\system32\wups.dll
2009-07-07 14:14:48 ----A---- C:\Windows\system32\wudriver.dll
2009-07-07 14:14:48 ----A---- C:\Windows\system32\wuapi.dll
2009-07-07 14:14:28 ----A---- C:\Windows\system32\wuwebv.dll
2009-07-07 14:14:28 ----A---- C:\Windows\system32\wuapp.exe
2009-05-25 08:16:28 ----A---- C:\Windows\system32\ElbyVCD.dll
2009-05-25 08:01:38 ----A---- C:\Windows\system32\ElbyCDIO.dll
2009-05-13 17:54:52 ----A---- C:\Windows\system32\divx_xx16.dll
2009-05-13 17:54:52 ----A---- C:\Windows\system32\divx_xx11.dll
2009-05-13 17:54:52 ----A---- C:\Windows\system32\divx_xx0c.dll
2009-05-13 17:54:52 ----A---- C:\Windows\system32\divx_xx0a.dll
2009-05-13 17:54:52 ----A---- C:\Windows\system32\divx_xx07.dll
2009-05-13 17:54:52 ----A---- C:\Windows\system32\DivX.dll

======List of files/folders modified in the last 3 months======

2009-08-04 17:52:39 ----D---- C:\Windows\Temp
2009-08-04 17:51:02 ----D---- c:\Program Files\Mozilla Firefox
2009-08-04 17:50:37 ----D---- C:\Windows\Prefetch
2009-08-04 17:38:03 ----D---- C:\Windows\System32
2009-08-04 17:38:03 ----D---- C:\Windows\inf
2009-08-04 17:38:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-08-04 17:33:20 ----HD---- C:\ProgramData
2009-08-04 16:19:10 ----SHD---- C:\Windows\Installer
2009-08-04 16:12:24 ----D---- C:\ProgramData\Adobe
2009-08-01 05:18:00 ----D---- C:\Windows\Minidump
2009-08-01 05:17:34 ----AD---- C:\Windows
2009-07-31 05:14:44 ----D---- C:\Windows\system32\migration
2009-07-31 05:14:42 ----D---- c:\Program Files\Internet Explorer
2009-07-30 17:30:00 ----D---- c:\Program Files\Common Files
2009-07-30 17:25:28 ----RD---- C:\Program Files
2009-07-30 17:23:00 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-29 10:24:16 ----D---- C:\Windows\winsxs
2009-07-29 05:38:43 ----D---- C:\Windows\system32\catroot2
2009-07-29 05:38:43 ----D---- C:\Windows\system32\catroot
2009-07-28 00:53:50 ----D---- C:\Windows\system32\Tasks
2009-07-28 00:38:29 ----D---- C:\Windows\system32\drivers
2009-07-27 14:33:41 ----D---- C:\Program Files\Common Files\Adobe
2009-07-27 14:29:29 ----RSD---- C:\Windows\Fonts
2009-07-27 14:27:31 ----D---- c:\Program Files\Adobe
2009-07-26 13:51:38 ----D---- C:\WheelOfTime
2009-07-21 19:15:54 ----SD---- C:\Windows\Downloaded Program Files
2009-07-21 18:23:59 ----HD---- c:\Program Files\InstallShield Installation Information
2009-07-20 18:38:06 ----D---- c:\Program Files\DivX
2009-07-19 18:40:06 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-07-17 21:36:07 ----D---- c:\Program Files\Elaborate Bytes
2009-07-17 21:11:45 ----D---- c:\Program Files\Steam
2009-07-17 19:29:14 ----RSD---- C:\Windows\assembly
2009-07-17 19:29:03 ----D---- c:\Program Files\ATI Technologies
2009-07-17 19:14:42 ----D---- c:\Program Files\DScaler5
2009-07-17 19:11:10 ----D---- C:\Windows\system32\quicktime
2009-07-17 19:11:04 ----D---- c:\Program Files\DirectVobSub
2009-07-14 22:09:56 ----D---- c:\Program Files\Windows Mail
2009-07-14 22:09:46 ----D---- C:\ProgramData\Microsoft Help
2009-07-14 18:58:16 ----SHD---- C:\Boot
2009-07-14 16:52:20 ----D---- C:\Windows\rescache
2009-07-14 16:50:22 ----A---- C:\Windows\win.ini
2009-07-14 16:35:02 ----D---- C:\Windows\system32\en-US
2009-07-14 16:35:02 ----D---- C:\Windows\PolicyDefinitions
2009-07-14 15:29:29 ----D---- C:\Windows\pss
2009-07-12 06:21:40 ----D---- C:\Windows\servicing
2009-07-11 21:03:18 ----D---- C:\Windows\Microsoft.NET
2009-07-11 20:57:23 ----ASH---- c:\Program Files\desktop.ini
2009-07-11 20:52:26 ----D---- c:\Program Files\Windows Sidebar
2009-07-11 20:52:26 ----D---- c:\Program Files\Windows Calendar
2009-07-11 20:52:26 ----D---- c:\Program Files\Movie Maker
2009-07-11 20:52:24 ----D---- c:\Program Files\Windows Media Player
2009-07-11 20:52:24 ----D---- c:\Program Files\Windows Collaboration
2009-07-11 20:52:23 ----D---- c:\Program Files\Windows Photo Gallery
2009-07-11 20:52:23 ----D---- c:\Program Files\Windows Journal
2009-07-11 20:52:20 ----D---- c:\Program Files\Windows Defender
2009-07-11 20:52:20 ----D---- C:\Program Files\Common Files\System
2009-07-11 20:52:19 ----D---- C:\Windows\ehome
2009-07-11 20:52:18 ----D---- C:\Windows\MSAgent
2009-07-11 20:52:16 ----D---- C:\Windows\L2Schemas
2009-07-11 20:52:16 ----D---- C:\Windows\IME
2009-07-11 20:52:16 ----D---- C:\Windows\DigitalLocker
2009-07-11 20:52:15 ----D---- C:\Windows\system32\ko-KR
2009-07-11 20:52:15 ----D---- C:\Windows\system32\da-DK
2009-07-11 20:52:15 ----D---- C:\Windows\system32\com
2009-07-11 20:52:15 ----D---- C:\Windows\system32\0409
2009-07-11 20:52:10 ----D---- C:\Windows\system32\oobe
2009-07-11 20:52:10 ----D---- C:\Windows\system32\it-IT
2009-07-11 20:52:10 ----D---- C:\Windows\system32\el-GR
2009-07-11 20:52:10 ----D---- C:\Windows\system32\de-DE
2009-07-11 20:52:09 ----D---- C:\Windows\system32\sysprep
2009-07-11 20:52:07 ----D---- C:\Windows\system32\AdvancedInstallers
2009-07-11 20:52:06 ----D---- C:\Windows\system32\sv-SE
2009-07-11 20:52:06 ----D---- C:\Windows\system32\SLUI
2009-07-11 20:52:06 ----D---- C:\Windows\system32\setup
2009-07-11 20:52:06 ----D---- C:\Windows\system32\ru-RU
2009-07-11 20:52:06 ----D---- C:\Windows\system32\pt-PT
2009-07-11 20:52:06 ----D---- C:\Windows\system32\ias
2009-07-11 20:52:06 ----D---- C:\Windows\system32\hu-HU
2009-07-11 20:52:06 ----D---- C:\Windows\system32\he-IL
2009-07-11 20:52:06 ----D---- C:\Windows\system32\fr-FR
2009-07-11 20:52:06 ----D---- C:\Windows\system32\fi-FI
2009-07-11 20:52:06 ----D---- C:\Windows\system32\cs-CZ
2009-07-11 20:52:04 ----D---- C:\Windows\system32\zh-TW
2009-07-11 20:52:04 ----D---- C:\Windows\system32\zh-CN
2009-07-11 20:52:04 ----D---- C:\Windows\system32\ro-RO
2009-07-11 20:52:04 ----D---- C:\Windows\system32\pl-PL
2009-07-11 20:52:04 ----D---- C:\Windows\system32\manifeststore
2009-07-11 20:52:04 ----D---- C:\Windows\system32\ja-JP
2009-07-11 20:52:04 ----D---- C:\Windows\system32\es-ES
2009-07-11 20:52:04 ----D---- C:\Windows\system32\en
2009-07-11 20:52:01 ----D---- C:\Windows\system32\wbem
2009-07-11 20:52:01 ----D---- C:\Windows\system32\tr-TR
2009-07-11 20:51:59 ----D---- C:\Windows\system32\nl-NL
2009-07-11 20:51:59 ----D---- C:\Windows\system32\nb-NO
2009-07-11 20:51:59 ----D---- C:\Windows\system32\ar-SA
2009-07-11 20:51:57 ----D---- C:\Windows\system32\pt-BR
2009-07-11 20:51:57 ----D---- C:\Windows\system32\migwiz
2009-07-11 20:51:12 ----D---- C:\Windows\AppPatch
2009-07-11 20:51:05 ----D---- C:\Windows\system32\Boot
2009-07-11 20:38:55 ----A---- C:\Windows\system32\ifxcardm.dll
2009-07-11 20:38:47 ----A---- C:\Windows\system32\axaltocm.dll
2009-07-11 20:28:10 ----D---- C:\Windows\Boot
2009-07-11 20:28:05 ----D---- C:\perflogs
2009-07-11 17:23:09 ----SHD---- C:\System Volume Information
2009-07-11 17:15:21 ----D---- C:\Windows\Tasks
2009-07-11 16:36:42 ----D---- C:\Windows\Logs
2009-07-11 16:36:32 ----D---- c:\Program Files\Microsoft Games
2009-07-11 16:34:52 ----D---- C:\Windows\system32\uk-UA
2009-07-11 16:34:52 ----D---- C:\Windows\system32\th-TH
2009-07-11 16:34:52 ----D---- C:\Windows\system32\sr-Latn-CS
2009-07-11 16:34:52 ----D---- C:\Windows\system32\sl-SI
2009-07-11 16:34:52 ----D---- C:\Windows\system32\sk-SK
2009-07-11 16:34:51 ----D---- C:\Windows\system32\lv-LV
2009-07-11 16:34:51 ----D---- C:\Windows\system32\lt-LT
2009-07-11 16:34:51 ----D---- C:\Windows\system32\hr-HR
2009-07-11 16:34:51 ----D---- C:\Windows\system32\et-EE
2009-07-11 16:34:51 ----D---- C:\Windows\system32\bg-BG
2009-07-11 16:33:54 ----RSD---- C:\Windows\Media
2009-07-11 16:33:20 ----D---- C:\Program Files\Common Files\microsoft shared
2009-07-11 16:10:36 ----D---- c:\Program Files\CD Audio Reader Filter
2009-07-11 13:59:31 ----D---- C:\Users\Shane\AppData\Roaming\Adobe
2009-07-11 13:38:05 ----D---- C:\Users\Shane\AppData\Roaming\Azureus
2009-07-10 11:51:09 ----SD---- C:\Users\Shane\AppData\Roaming\Microsoft
2009-07-08 19:02:57 ----D---- c:\Program Files\VistaCodecPack
2009-07-08 19:00:49 ----D---- c:\Program Files\QuickTime
2009-07-08 18:59:17 ----D---- c:\Program Files\OpenSource Flash Video Splitter
2009-07-08 18:57:00 ----D---- c:\Program Files\Bonjour
2009-07-08 17:56:43 ----D---- c:\Program Files\Windows Live Toolbar
2009-07-08 17:56:05 ----SD---- C:\ProgramData\Microsoft
2009-07-08 10:54:04 ----D---- c:\Program Files\MSECache
2009-07-08 10:46:46 ----D---- c:\Program Files\Apple Software Update
2009-07-08 10:44:11 ----D---- c:\Program Files\iPod
2009-07-07 19:11:51 ----D---- C:\Users\Shane\AppData\Roaming\Mozilla
2009-07-07 16:33:23 ----D---- C:\Program Files\Common Files\Steam
2009-07-07 16:23:12 ----D---- C:\Windows\system32\XPSViewer
2009-07-07 15:38:30 ----D---- c:\Program Files\Microsoft Works
2009-07-07 15:31:37 ----D---- c:\Program Files\Microsoft SQL Server
2009-07-07 15:31:20 ----D---- C:\Windows\Registration
2009-07-07 14:27:35 ----D---- c:\Program Files\Google
2009-07-07 14:14:03 ----D---- C:\ProgramData\Google
2009-07-07 11:10:56 ----A---- C:\Windows\system32\mrt.exe
2009-07-06 20:45:28 ----HD---- C:\Windows\system32\GroupPolicyUsers

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2007-08-30 320000]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-06-16 371248]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2006-10-06 406672]
R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2006-11-22 247144]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2006-11-22 25448]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2006-10-26 185744]
R2 tmcomm;tmcomm; \??\C:\Windows\system32\drivers\tmcomm.sys [2007-12-24 138384]
R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\Windows\system32\DRIVERS\atinavt2.sys [2007-11-06 173696]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-27 2770432]
R3 CT20XUT.DLL;CT20XUT.DLL; C:\Windows\system32\CT20XUT.DLL [2007-03-05 170808]
R3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2007-03-05 520504]
R3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\Windows\system32\CTEXFIFX.DLL [2007-03-05 1323832]
R3 CTHWIUT.DLL;CTHWIUT.DLL; C:\Windows\system32\CTHWIUT.DLL [2007-03-05 73016]
R3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2007-03-05 14648]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2007-03-05 157496]
R3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2007-03-05 92984]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-06-16 101936]
R3 ha20x2k;Creative 20X HAL Driver; C:\Windows\system32\drivers\ha20x2k.sys [2007-03-05 1163576]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090803.005\NAVENG.SYS [2009-07-14 87888]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090803.005\NAVEX15.SYS [2009-07-14 875728]
R3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2007-03-05 126776]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2007-03-30 109744]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2006-10-26 26384]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-05-22 29696]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S3 COMMONFX.DLL;COMMONFX.DLL; C:\Windows\system32\COMMONFX.DLL [2007-03-05 98616]
S3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2007-03-05 511288]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\Windows\system32\CTAUDFX.DLL [2007-03-05 552248]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\Windows\system32\drivers\ctdvda2k.sys [2007-03-05 347144]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\Windows\system32\CTEAPSFX.DLL [2007-03-05 174392]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\Windows\system32\CTEDSPFX.DLL [2007-03-05 286520]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\Windows\system32\CTEDSPIO.DLL [2007-03-05 134968]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\Windows\system32\CTEDSPSY.DLL [2007-03-05 329528]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\Windows\system32\CTERFXFX.DLL [2007-03-05 101176]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\Windows\system32\CTSBLFX.DLL [2007-03-05 566584]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2009-07-21 17488]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-27 2770432]
S3 RimUsb;BlackBerry Device; C:\Windows\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2006-11-02 8192]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2006-11-22 274328]
S3 TVICHW32;TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [2009-07-21 23600]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-06-27 606208]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2009-02-20 30312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-22 107624]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-22 107624]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-11-28 30872]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2007-12-31 66872]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-11-28 1962136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2006-11-02 521216]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-27 651720]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-07 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-10-31 2541248]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-07 316664]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2006-11-02 562176]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------
irridion
Active Member
 
Posts: 9
Joined: July 28th, 2009, 1:01 am

Re: Uh oh ! my HJthis log

Unread postby irridion » August 4th, 2009, 5:55 pm

There was no other file minimised...? While running GMER the system crashed and went into a blue screen...this also happens at night when spybot runs its' usual scan...I cannot access spybot though to run a manual scan...
irridion
Active Member
 
Posts: 9
Joined: July 28th, 2009, 1:01 am

Re: Uh oh ! my HJthis log

Unread postby irridion » August 4th, 2009, 6:45 pm

GMER finds a problem with winsystem32/drivers MSIVX when it starts up, after that it requests to do a full scan and vista crashes
irridion
Active Member
 
Posts: 9
Joined: July 28th, 2009, 1:01 am

Re: Uh oh ! my HJthis log

Unread postby irridion » August 4th, 2009, 7:36 pm

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 6.0.6000

04/08/2009 7:31:21 PM
mbam-log-2009-08-04 (19-31-21).txt

Scan type: Quick Scan
Objects scanned: 88911
Time elapsed: 3 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mediaview (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mediaview (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Folders Infected:
c:\Program Files\mediaview (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mediaview (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
c:\Program Files\mediaview\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mediaview\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\MSIVXcount (Trojan.Agent) -> Delete on reboot.
irridion
Active Member
 
Posts: 9
Joined: July 28th, 2009, 1:01 am

Re: Uh oh ! my HJthis log

Unread postby Sharagoz » August 5th, 2009, 2:14 pm

Hi.
I see you posted a log from Malwarebytes' Anti-Malware even though I didnt ask you to run that tool.
I realize that this is your computer and you can do what you want with it, but if you want me to help you with your malware problems I need you to only run the tools I ask you to, otherwise it gets confusing.

Since you had trouble running both RSIT and GMER, lets try them again, one at a time.
RSIT first.

Start by deleting this folder: C:\rist
Then download a new copy from here and this time make sure you put it on your desktop before you run it.
Two logs should open, one maximized and one minimized.
Post both of them.
If two logs does not open, have a look into C:\rist and see if you can find both of them there (one is called log.txt, and one is called info.txt)

Your system has gone into bluescreen when running HiJackThis, GMER and Spybot?
Has this happened at other times?

Lets wait with GMER until we got RSIT sorted out.
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Uh oh ! my HJthis log

Unread postby irridion » August 9th, 2009, 12:57 pm

info.txt logfile of random's system information tool 1.06 2009-08-09 12:52:00

======Uninstall list======

@BIOS Ver.2.06-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\setup.exe" -l0x9 -removeonly
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
-->MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
-->MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
-->MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
-->MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9 /remove
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe Acrobat 9 Pro - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000004}
Adobe Acrobat 9 Pro - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000004}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI AVIVO Codecs-->MsiExec.exe /X{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
Brother MFL-Pro Suite-->"C:\Program Files\InstallShield Installation Information\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}\Setup.exe" -runfromtemp -l0x0009 Brunin03.dll -removeonly
Business Contact Manager for Outlook 2007 SP2-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 SP2-->MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CDisplayEx 1.4-->"d:\Program Files\CDisplayEx\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
DivX Codec-->c:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Plus DirectShow Filters-->c:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->c:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DriverAgent by eSupport.com-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
DScaler 5 Mpeg Decoders-->"C:\Program Files\DScaler5\unins000.exe"
EndNote X3-->MsiExec.exe /I{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}
Eusing Free Registry Cleaner-->C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
FlashGet 1.9.6.1073-->C:\Program Files\FlashGet\uninst.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Free Games Offer, Desktop Shortcut-->MsiExec.exe /X{31DABA20-10A1-4746-9D9F-57955B8DFF66}
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Toolbar for Internet Explorer-->"c:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Half-Life 2: Deathmatch-->"C:\Program Files\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Episode One-->"C:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life Deathmatch: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/360
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HouseCall 6.6-->"C:\Users\Shane\AppData\Roaming\HouseCall 6.6\uninstaller.exe"
HP Product Detection-->MsiExec.exe /I{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
Inspiration 8 IE-->C:\Windows\unvise32.exe c:\Program Files\Inspiration 8 IE\uninstal.log
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
K-Lite Codec Pack 4.9.5 (Full)-->"c:\Program Files\K-Lite Codec Pack\unins000.exe"
Lexis Rex 1.3-->"C:\Program Files\Lexis Rex\unins000.exe"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"c:\Program Files\zztoy\unins000.exe"
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{B578C85A-A84C-4230-A177-C5B2AF565B8C}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{B45FABE7-D101-4D99-A671-E16DA40AF7F0}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Converter Pack-->MsiExec.exe /X{6EECB283-E65F-40EF-86D3-D51BF02A8D43}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-011B-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Reader Text-to-Speech for English-->MsiExec.exe /X{E0E400F5-422B-4540-A14F-B0739D71FEE7}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\msTTSa22.inf, Uninstall
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Monitor Calibration Wizard 1.0-->"c:\Program Files\Monitor Calibration Wizard\uninstall.exe"
MonitorTest V3.0-->"C:\Program Files\MonitorTest\unins000.exe"
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
OpenAL-->"c:\Program Files\OpenAL\OALInst.exe" /U
PaperPort Image Printer-->MsiExec.exe /X{2BC2781A-F7F6-452E-95EB-018A522F1B2C}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Port Detective-->C:\Windows\iun6002.exe "c:\Program Files\Port Detective\irunin.ini"
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
ReaderWorks Standard-->MsiExec.exe /I{6891401F-695B-447F-B3E3-3FDEDA952DC6}
RealMedia (remove only)-->"C:\Program Files\RealMedia\uninstall.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 8.0-->"c:\Program Files\Registry Mechanic\unins000.exe" /Log
ResearchSoft Direct Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
Revo Uninstaller 1.83-->c:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
ScanSoft PaperPort 11-->MsiExec.exe /I{7A8FF745-BBC5-482B-88E4-18D3178249A9}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sony Electronics Inc. PJCalc! 3.21-->C:\PROGRA~1\PJCalc!\UNWISE.EXE C:\PROGRA~1\PJCalc!\INSTALL.LOG
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec AntiVirus-->MsiExec.exe /I{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}
TBS WMP Plug-in-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BFC7D0F-FA4A-4FDC-AA03-440655EA656A}\setup.exe" -l0x9 -removeonly
Ultimate Extras sounds from Microsoft® Tinker™-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound2.inf,Uninstall
Uniblue DriverScanner 2009-->"C:\ProgramData\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue DriverScanner 2009-->C:\ProgramData\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb971933)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {53C200F4-3B4B-49A5-8539-2C61F1A88CA2}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VirtualCloneDrive-->"c:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="c:\Program Files\Elaborate Bytes\VirtualCloneDrive"
VLC media player 1.0.0-->c:\Program Files\VideoLAN\VLC\uninstall.exe
Wheel of Time-->C:\WheelOfTime\System\Setup.exe uninstall "Wheel of Time"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Sound Schemes-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WOT Spy-->"C:\Windows\lsb_un20.exe" /C=UC /N=WOT Spy
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
YouTube Downloader 2.11-->"C:\Program Files\FDRLab\YouTube Downloader\unins000.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Symantec AntiVirus
AS: Symantec AntiVirus
AS: Windows Defender

======System event log======

Computer Name: Hotbox
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 76872
Source Name: Tcpip
Time Written: 20090809023934.003323-000
Event Type: Warning
User:

Computer Name: Hotbox
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 76873
Source Name: Tcpip
Time Written: 20090809044225.300323-000
Event Type: Warning
User:

Computer Name: Hotbox
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 76884
Source Name: Tcpip
Time Written: 20090809123925.935323-000
Event Type: Warning
User:

Computer Name: Hotbox
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 76890
Source Name: Tcpip
Time Written: 20090809143251.469323-000
Event Type: Warning
User:

Computer Name: Hotbox
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 76891
Source Name: Tcpip
Time Written: 20090809153856.844323-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: Hotbox
Event Code: 5
Message:

Risk Found!Risk: Trojan Horse in File: C:\Users\Shane\AppData\Local\Temp\DWH1646.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.


Record Number: 51026
Source Name: Symantec AntiVirus
Time Written: 20090809165305.000000-000
Event Type: Error
User:

Computer Name: Hotbox
Event Code: 51
Message:

Security Risk Found!Risk: Trojan Horse in File: C:\Users\Shane\AppData\Local\Temp\DWH1646.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.


Record Number: 51027
Source Name: Symantec AntiVirus
Time Written: 20090809165307.000000-000
Event Type: Error
User:

Computer Name: Hotbox
Event Code: 46
Message:

Security Risk Found!Risk: Trojan Horse in File: C:\Users\Shane\AppData\Local\Temp\DWH2257.tmp by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.


Record Number: 51028
Source Name: Symantec AntiVirus
Time Written: 20090809165330.000000-000
Event Type: Error
User:

Computer Name: Hotbox
Event Code: 5
Message:

Risk Found!Risk: Trojan Horse in File: C:\Users\Shane\AppData\Local\Temp\DWH2257.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.


Record Number: 51029
Source Name: Symantec AntiVirus
Time Written: 20090809165330.000000-000
Event Type: Error
User:

Computer Name: Hotbox
Event Code: 51
Message:

Security Risk Found!Risk: Trojan Horse in File: C:\Users\Shane\AppData\Local\Temp\DWH2257.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.


Record Number: 51030
Source Name: Symantec AntiVirus
Time Written: 20090809165331.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Hotbox
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: HOTBOX$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x28c
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 21765
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090809113640.974323-000
Event Type: Audit Success
User:

Computer Name: Hotbox
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: HOTBOX$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x28c
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 21766
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090809113640.974323-000
Event Type: Audit Success
User:

Computer Name: Hotbox
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 21767
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090809113640.974323-000
Event Type: Audit Success
User:

Computer Name: Hotbox
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090808.003\NAVEX15.SYS
Record Number: 21768
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090809124716.270323-000
Event Type: Audit Failure
User:

Computer Name: Hotbox
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090808.003\NAVENG.SYS
Record Number: 21769
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090809124716.355323-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
irridion
Active Member
 
Posts: 9
Joined: July 28th, 2009, 1:01 am

Re: Uh oh ! my HJthis log

Unread postby irridion » August 9th, 2009, 12:58 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by Shane at 2009-08-09 12:51:28
Microsoft® Windows Vista™ Ultimate
System drive C: has 13 GB (18%) free of 71 GB
Total RAM: 2046 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:53 PM, on 09/08/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\System32\mobsync.exe
c:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Symantec AntiVirus\DWHWIZRD.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Symantec AntiVirus\SavUI.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\Shane\Downloads\RSIT(2).exe
C:\Program Files\Trend Micro\HijackThis\Shane.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=en-CA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VirtualCloneDrive] "c:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11043 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{0AE9F92C-1697-487E-B151-819B63184BED}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-07 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - c:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-07-07 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - c:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-07 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-06 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - c:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-07 256112]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-06 149280]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-22 107112]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-11-28 134808]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]
"VirtualCloneDrive"=c:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-26 85160]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2009-02-27 38768]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2009-02-27 640376]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-10-11 29984]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-10-11 46368]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-08-31 328992]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-11-05 741376]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-10-30 77824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"swg"=c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-07 39408]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\Windows\system32\CTHELPER.EXE [2007-03-05 19456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
C:\Windows\system32\CTXFIHLP.EXE [2007-03-05 19968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2006-11-02 125440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
c:\Program Files\Registry Mechanic\RMTray.exe [2008-07-03 812952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\windows sidebar\sidebar.exe [2008-01-09 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2009-07-07 1217784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-11-30 185632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
c:\Program Files\uTorrent\uTorrent.exe [2009-07-11 288048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
c:\Program Files\Windows Defender\MSASCui.exe [2007-04-11 1006264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
oobefldr.dll,ShowWelcomeCenter []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Shane^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Shane^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
C:\PROGRA~1\Xfire\Xfire.exe [2006-06-07 4154504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-10-18 233888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\LSTsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65123fa8-ed4d-11db-a042-001a4d6287c8}]
shell\AutoRun\command - H:\Autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65123fdb-ed4d-11db-a042-001a4d6287c8}]
shell\AutoRun\command - I:\Autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3403a0f-16e4-11dc-b919-001a4d6287c8}]
shell\AutoRun\command - J:\LaunchU3.exe -a


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2009-08-09 12:51:28 ----D---- C:\rsit
2009-08-08 13:22:08 ----A---- C:\Windows\BRWMARK.INI
2009-08-08 13:17:16 ----A---- C:\Windows\system32\BrWia07b.dll
2009-08-08 13:17:16 ----A---- C:\Windows\system32\BrUsi07b.dll
2009-08-08 13:17:15 ----N---- C:\Windows\system32\brinsstr.dll
2009-08-08 13:17:15 ----A---- C:\Windows\system32\BRRBTOOL.EXE
2009-08-08 13:17:15 ----A---- C:\Windows\system32\BRLMW03A.INI
2009-08-08 13:17:15 ----A---- C:\Windows\system32\BRLMW03A.DLL
2009-08-08 13:17:15 ----A---- C:\Windows\system32\BRLM03A.DLL
2009-08-08 13:16:40 ----N---- C:\Windows\system32\BrDctF2S.dll
2009-08-08 13:16:40 ----N---- C:\Windows\system32\BrDctF2L.dll
2009-08-08 13:16:40 ----N---- C:\Windows\system32\BrDctF2.dll
2009-08-08 13:16:36 ----N---- C:\Windows\system32\BroSNMP.dll
2009-08-08 13:16:31 ----N---- C:\Windows\system32\NSSearch.dll
2009-08-08 13:16:31 ----N---- C:\Windows\system32\BrWiaNCp.dll
2009-08-08 13:16:31 ----N---- C:\Windows\system32\BrSti07b.dll
2009-08-08 13:16:31 ----N---- C:\Windows\system32\Brnsplg.dll
2009-08-08 13:16:31 ----N---- C:\Windows\system32\BrNetSti.dll
2009-08-08 13:16:31 ----N---- C:\Windows\system32\BrMuSNMP.dll
2009-08-08 13:16:29 ----D---- C:\Brother
2009-08-08 13:16:28 ----A---- C:\Windows\brunin03.dll
2009-08-08 13:16:16 ----D---- c:\Program Files\Brother
2009-08-08 13:15:49 ----D---- C:\Users\Shane\AppData\Roaming\InstallShield
2009-08-08 13:15:23 ----D---- c:\Program Files\Nuance
2009-08-08 13:14:46 ----A---- C:\Windows\maxlink.ini
2009-08-08 13:13:37 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2009-08-08 13:13:22 ----D---- C:\ProgramData\ScanSoft
2009-08-08 13:13:22 ----D---- c:\Program Files\ScanSoft
2009-08-08 13:13:18 ----SHD---- C:\Config.Msi
2009-08-08 13:11:27 ----D---- C:\ProgramData\Brother
2009-08-07 12:20:19 ----A---- C:\Windows\system32\d3dx10_37.dll
2009-08-07 12:20:19 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2009-08-07 12:20:18 ----A---- C:\Windows\system32\D3DX9_37.dll
2009-08-07 12:20:14 ----D---- C:\Windows\system32\xlive
2009-08-07 12:20:06 ----D---- c:\Program Files\Microsoft Games for Windows - LIVE
2009-08-06 21:21:26 ----D---- C:\Users\Shane\AppData\Roaming\Inspiration Software
2009-08-06 20:55:25 ----A---- C:\Windows\unvise32.exe
2009-08-06 20:50:38 ----D---- c:\Program Files\Inspiration 8 IE
2009-08-06 10:39:43 ----A---- C:\Windows\system32\deploytk.dll
2009-08-04 19:38:34 ----D---- C:\Avenger
2009-08-04 19:00:52 ----D---- C:\Users\Shane\AppData\Roaming\Malwarebytes
2009-08-04 18:59:12 ----D---- c:\Program Files\zztoy
2009-08-04 16:18:38 ----RA---- C:\Windows\system32\AdobePDFUI.dll
2009-08-04 16:18:38 ----RA---- C:\Windows\system32\AdobePDF.dll
2009-07-30 17:30:00 ----D---- C:\Program Files\Common Files\ResearchSoft
2009-07-30 17:25:28 ----D---- c:\Program Files\EndNote X3
2009-07-29 05:39:35 ----A---- C:\Windows\system32\mshtml.dll
2009-07-29 05:39:35 ----A---- C:\Windows\system32\ieframe.dll
2009-07-29 05:39:34 ----A---- C:\Windows\system32\wininet.dll
2009-07-29 05:39:34 ----A---- C:\Windows\system32\urlmon.dll
2009-07-29 05:39:34 ----A---- C:\Windows\system32\occache.dll
2009-07-29 05:39:34 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-29 05:39:34 ----A---- C:\Windows\system32\ieui.dll
2009-07-29 05:39:34 ----A---- C:\Windows\system32\iertutil.dll
2009-07-29 05:39:34 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-29 05:39:33 ----A---- C:\Windows\system32\msfeedssync.exe
2009-07-29 05:39:33 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-07-29 05:39:33 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-29 05:39:33 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-29 05:39:33 ----A---- C:\Windows\system32\iesysprep.dll
2009-07-29 05:39:33 ----A---- C:\Windows\system32\iesetup.dll
2009-07-29 05:39:33 ----A---- C:\Windows\system32\iernonce.dll
2009-07-29 05:39:33 ----A---- C:\Windows\system32\iepeers.dll
2009-07-29 05:39:33 ----A---- C:\Windows\system32\ie4uinit.exe
2009-07-28 00:54:01 ----D---- c:\Program Files\Trend Micro
2009-07-27 14:01:44 ----D---- C:\Users\Shane\AppData\Roaming\Download Manager
2009-07-26 16:34:59 ----D---- C:\Users\Shane\AppData\Roaming\FlashGet
2009-07-26 16:34:53 ----D---- c:\Program Files\FlashGet
2009-07-21 19:55:31 ----D---- C:\Users\Shane\AppData\Roaming\HouseCall 6.6
2009-07-21 19:55:17 ----D---- C:\Windows\Sun
2009-07-21 18:23:59 ----D---- c:\Program Files\GIGABYTE
2009-07-19 19:00:38 ----D---- C:\Program Files\Common Files\DivX Shared
2009-07-19 18:55:05 ----D---- C:\Users\Shane\AppData\Roaming\vlc
2009-07-17 21:20:31 ----D---- C:\Users\Shane\AppData\Roaming\SlySoft
2009-07-17 21:17:53 ----ASH---- C:\Windows\S1AB52DD3.tmp
2009-07-17 21:17:41 ----D---- c:\Program Files\SlySoft
2009-07-17 20:44:10 ----D---- c:\Program Files\WOT Spy
2009-07-17 19:29:17 ----D---- C:\ProgramData\ATI
2009-07-17 19:14:46 ----A---- C:\Windows\system32\unrar.dll
2009-07-17 19:14:45 ----A---- C:\Windows\avisplitter.ini
2009-07-17 19:14:44 ----A---- C:\Windows\system32\yv12vfw.dll
2009-07-17 19:14:44 ----A---- C:\Windows\system32\xvidvfw.dll
2009-07-17 19:14:44 ----A---- C:\Windows\system32\xvidcore.dll
2009-07-17 19:14:44 ----A---- C:\Windows\system32\vp7vfw.dll
2009-07-17 19:14:44 ----A---- C:\Windows\system32\vp6vfw.dll
2009-07-17 19:14:44 ----A---- C:\Windows\system32\qt-dx331.dll
2009-07-17 19:14:44 ----A---- C:\Windows\system32\huffyuv.dll
2009-07-17 19:14:43 ----A---- C:\Windows\system32\dpl100.dll
2009-07-17 19:14:42 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2009-07-17 19:14:42 ----A---- C:\Windows\system32\ff_vfw.dll
2009-07-17 19:14:41 ----D---- c:\Program Files\K-Lite Codec Pack
2009-07-16 17:03:40 ----D---- C:\Users\Shane\AppData\Roaming\EndNote
2009-07-16 17:01:06 ----D---- C:\Program Files\Common Files\Risxtd
2009-07-16 16:56:44 ----D---- C:\ProgramData\Thomson.ResearchSoft.Installers
2009-07-15 13:29:57 ----D---- C:\ProgramData\Malwarebytes
2009-07-15 13:29:57 ----D---- c:\Program Files\Malwarebytes' Anti-Malware
2009-07-15 13:26:01 ----D---- C:\Users\Shane\AppData\Roaming\SUPERAntiSpyware.com
2009-07-14 22:09:07 ----SHD---- C:\Windows\system32\%APPDATA%
2009-07-14 20:22:34 ----A---- C:\Windows\system32\t2embed.dll
2009-07-14 20:22:34 ----A---- C:\Windows\system32\fontsub.dll
2009-07-14 20:22:33 ----A---- C:\Windows\system32\lpk.dll
2009-07-14 20:22:33 ----A---- C:\Windows\system32\dciman32.dll
2009-07-14 20:22:33 ----A---- C:\Windows\system32\atmlib.dll
2009-07-14 20:22:33 ----A---- C:\Windows\system32\atmfd.dll
2009-07-14 18:58:16 ----A---- C:\Windows\system32\winresume.exe
2009-07-14 18:58:15 ----A---- C:\Windows\system32\winload.exe
2009-07-14 17:17:04 ----A---- C:\Windows\system32\xlivefnt.dll
2009-07-14 17:17:04 ----A---- C:\Windows\system32\xlive.dll
2009-07-14 17:15:00 ----A---- C:\Windows\system32\xlive.dll.cat
2009-07-14 16:12:53 ----A---- C:\Windows\system32\msls31.dll
2009-07-14 16:12:53 ----A---- C:\Windows\system32\mshtmler.dll
2009-07-14 16:12:53 ----A---- C:\Windows\system32\mshtmled.dll
2009-07-14 16:12:53 ----A---- C:\Windows\system32\icardie.dll
2009-07-14 16:12:53 ----A---- C:\Windows\system32\corpol.dll
2009-07-14 16:12:53 ----A---- C:\Windows\system32\admparse.dll
2009-07-14 16:12:52 ----A---- C:\Windows\system32\webcheck.dll
2009-07-14 16:12:52 ----A---- C:\Windows\system32\msrating.dll
2009-07-14 16:12:52 ----A---- C:\Windows\system32\licmgr10.dll
2009-07-14 16:12:52 ----A---- C:\Windows\system32\inseng.dll
2009-07-14 16:12:52 ----A---- C:\Windows\system32\imgutil.dll
2009-07-14 16:12:52 ----A---- C:\Windows\system32\ieaksie.dll
2009-07-14 16:12:52 ----A---- C:\Windows\system32\ieakeng.dll
2009-07-14 16:12:52 ----A---- C:\Windows\system32\dxtrans.dll
2009-07-14 16:12:52 ----A---- C:\Windows\system32\dxtmsft.dll
2009-07-14 16:12:51 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-07-14 16:12:51 ----A---- C:\Windows\system32\wextract.exe
2009-07-14 16:12:51 ----A---- C:\Windows\system32\vbscript.dll
2009-07-14 16:12:51 ----A---- C:\Windows\system32\pngfilt.dll
2009-07-14 16:12:51 ----A---- C:\Windows\system32\mstime.dll
2009-07-14 16:12:51 ----A---- C:\Windows\system32\jscript.dll
2009-07-14 16:12:51 ----A---- C:\Windows\system32\ieapfltr.dll
2009-07-14 16:12:51 ----A---- C:\Windows\system32\ieakui.dll
2009-07-14 16:12:51 ----A---- C:\Windows\system32\advpack.dll
2009-07-14 16:12:50 ----A---- C:\Windows\system32\url.dll
2009-07-14 16:12:50 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-07-14 16:12:50 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-07-14 16:12:50 ----A---- C:\Windows\system32\PDMSetup.exe
2009-07-14 16:12:50 ----A---- C:\Windows\system32\mshta.exe
2009-07-14 16:12:50 ----A---- C:\Windows\system32\iexpress.exe
2009-07-11 20:51:07 ----D---- c:\Program Files\MSN
2009-07-11 20:17:11 ----D---- c:\Program Files\OpenAL
2009-07-11 20:17:11 ----A---- C:\Windows\system32\wrap_oal.dll
2009-07-11 20:17:11 ----A---- C:\Windows\system32\OpenAL32.dll
2009-07-11 20:02:02 ----A---- C:\Windows\system32\SPWizUI.dll
2009-07-11 20:02:02 ----A---- C:\Windows\system32\SPReview.exe
2009-07-11 19:49:16 ----A---- C:\Windows\system32\cbsra.exe
2009-07-11 19:19:05 ----D---- c:\Program Files\Eusing Free Registry Cleaner
2009-07-11 17:24:19 ----A---- C:\Windows\system32\msxml.dll
2009-07-11 17:24:18 ----A---- C:\Windows\system32\STKIT432.DLL
2009-07-11 17:24:16 ----D---- c:\Program Files\Registry Mechanic
2009-07-11 17:22:05 ----A---- C:\Windows\system32\MSIVXodrpunponwraniuxdefepntfmtvlfgpc.dll
2009-07-11 17:22:05 ----A---- C:\Windows\system32\MSIVXbmdudqpmjpddbrcxdmwjnfloaddvqwjp.dll
2009-07-11 16:52:21 ----D---- C:\Users\Shane\AppData\Roaming\Uniblue
2009-07-11 16:52:21 ----D---- C:\ProgramData\DriverScanner
2009-07-11 16:52:21 ----D---- c:\Program Files\Uniblue
2009-07-11 16:51:44 ----HDC---- C:\ProgramData\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-07-11 16:37:07 ----A---- C:\Windows\system32\es.dll
2009-07-11 16:36:43 ----A---- C:\Windows\system32\D3DX9_39.dll
2009-07-11 16:34:15 ----A---- C:\Windows\system32\gpprefcl.dll
2009-07-11 16:00:42 ----D---- C:\Windows\system32\WindowsPowerShell
2009-07-11 15:59:14 ----D---- c:\Program Files\Microsoft ATS
2009-07-11 15:46:17 ----D---- C:\ProgramData\PC Drivers HeadQuarters
2009-07-11 13:59:30 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-07-11 13:58:42 ----D---- C:\ProgramData\NOS
2009-07-11 13:58:42 ----D---- c:\Program Files\NOS
2009-07-11 13:33:20 ----D---- c:\Program Files\Port Detective
2009-07-11 13:33:20 ----A---- C:\Windows\iun6002.exe
2009-07-11 13:11:10 ----D---- c:\Program Files\uTorrent
2009-07-11 13:10:46 ----D---- C:\Users\Shane\AppData\Roaming\uTorrent
2009-07-08 17:57:26 ----D---- c:\Program Files\Microsoft Silverlight
2009-07-08 17:57:05 ----DC---- C:\Windows\system32\DRVSTORE
2009-07-08 17:56:14 ----D---- c:\Program Files\Microsoft Sync Framework
2009-07-08 17:54:59 ----D---- c:\Program Files\Microsoft SQL Server Compact Edition
2009-07-08 17:52:54 ----D---- c:\Program Files\Microsoft
2009-07-08 17:52:36 ----D---- c:\Program Files\Windows Live SkyDrive
2009-07-08 17:52:20 ----D---- c:\Program Files\Windows Live
2009-07-08 17:48:42 ----D---- C:\Program Files\Common Files\Windows Live
2009-07-08 10:54:25 ----D---- c:\Program Files\Windows Installer Clean Up
2009-07-08 09:26:28 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-07-08 09:26:28 ----D---- c:\Program Files\Spybot - Search & Destroy
2009-07-07 17:46:32 ----D---- c:\Program Files\Monitor Calibration Wizard
2009-07-07 16:18:50 ----A---- C:\Windows\system32\winipsec.dll
2009-07-07 16:18:50 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-07-07 16:18:49 ----A---- C:\Windows\system32\polstore.dll
2009-07-07 16:18:49 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-07-07 16:17:49 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-07-07 16:17:48 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-07-07 16:17:48 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-07-07 16:16:43 ----A---- C:\Windows\system32\mcmde.dll
2009-07-07 16:16:42 ----A---- C:\Windows\system32\psisdecd.dll
2009-07-07 16:16:42 ----A---- C:\Windows\system32\EncDec.dll
2009-07-07 16:15:03 ----A---- C:\Windows\system32\WebClnt.dll
2009-07-07 16:12:52 ----A---- C:\Windows\system32\winhttp.dll
2009-07-07 16:11:59 ----A---- C:\Windows\system32\gdi32.dll
2009-07-07 16:09:11 ----A---- C:\Windows\system32\xolehlp.dll
2009-07-07 16:09:11 ----A---- C:\Windows\system32\msdtcprx.dll
2009-07-07 16:08:22 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-07-07 16:08:20 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-07-07 16:08:20 ----A---- C:\Windows\system32\gameux.dll
2009-07-07 16:07:13 ----A---- C:\Windows\system32\wmpeffects.dll
2009-07-07 16:06:23 ----A---- C:\Windows\system32\msxml3r.dll
2009-07-07 16:06:23 ----A---- C:\Windows\system32\msxml3.dll
2009-07-07 16:05:22 ----A---- C:\Windows\system32\netapi32.dll
2009-07-07 16:03:35 ----A---- C:\Windows\system32\tzres.dll
2009-07-07 16:02:20 ----A---- C:\Windows\system32\wmploc.DLL
2009-07-07 16:02:20 ----A---- C:\Windows\system32\wmp.dll
2009-07-07 16:02:19 ----A---- C:\Windows\system32\spwmp.dll
2009-07-07 16:02:19 ----A---- C:\Windows\system32\dxmasf.dll
2009-07-07 16:00:57 ----A---- C:\Windows\system32\shell32.dll
2009-07-07 15:59:58 ----A---- C:\Windows\system32\localspl.dll
2009-07-07 15:57:04 ----A---- C:\Windows\explorer.exe
2009-07-07 15:55:17 ----A---- C:\Windows\system32\netcfg.exe
2009-07-07 15:55:16 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-07-07 15:55:16 ----A---- C:\Windows\system32\netiougc.exe
2009-07-07 15:54:09 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2009-07-07 15:54:09 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2009-07-07 15:54:09 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2009-07-07 15:54:09 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2009-07-07 15:54:09 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2009-07-07 15:54:08 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2009-07-07 15:54:08 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2009-07-07 15:54:08 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2009-07-07 15:54:07 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2009-07-07 15:54:07 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2009-07-07 15:54:07 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2009-07-07 15:54:07 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2009-07-07 15:54:06 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2009-07-07 15:54:06 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2009-07-07 15:54:06 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2009-07-07 15:54:05 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2009-07-07 15:54:05 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2009-07-07 15:54:05 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2009-07-07 15:54:05 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2009-07-07 15:54:04 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2009-07-07 15:54:04 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2009-07-07 15:54:04 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-07-07 15:54:04 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-07-07 15:54:03 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2009-07-07 15:54:03 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2009-07-07 15:54:03 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2009-07-07 15:54:03 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2009-07-07 15:54:03 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2009-07-07 15:54:02 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2009-07-07 15:54:02 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2009-07-07 15:54:02 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2009-07-07 15:54:01 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2009-07-07 15:54:01 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2009-07-07 15:54:01 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2009-07-07 15:54:01 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2009-07-07 15:54:00 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2009-07-07 15:54:00 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2009-07-07 15:54:00 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2009-07-07 15:53:59 ----A---- C:\Windows\system32\NlsModels0011.dll
2009-07-07 15:53:59 ----A---- C:\Windows\system32\NlsData0047.dll
2009-07-07 15:53:59 ----A---- C:\Windows\system32\NlsData0046.dll
2009-07-07 15:53:59 ----A---- C:\Windows\system32\NlsData0045.dll
2009-07-07 15:53:58 ----A---- C:\Windows\system32\NlsData0049.dll
2009-07-07 15:53:58 ----A---- C:\Windows\system32\NlsData0039.dll
2009-07-07 15:53:58 ----A---- C:\Windows\system32\NlsData0022.dll
2009-07-07 15:53:58 ----A---- C:\Windows\system32\NlsData0021.dll
2009-07-07 15:53:58 ----A---- C:\Windows\system32\NlsData0020.dll
2009-07-07 15:53:57 ----A---- C:\Windows\system32\NlsData0027.dll
2009-07-07 15:53:57 ----A---- C:\Windows\system32\NlsData0026.dll
2009-07-07 15:53:57 ----A---- C:\Windows\system32\NlsData0024.dll
2009-07-07 15:53:57 ----A---- C:\Windows\system32\NlsData0010.dll
2009-07-07 15:53:56 ----A---- C:\Windows\system32\NlsData0018.dll
2009-07-07 15:53:56 ----A---- C:\Windows\system32\NlsData0013.dll
2009-07-07 15:53:56 ----A---- C:\Windows\system32\NlsData0011.dll
2009-07-07 15:53:56 ----A---- C:\Windows\system32\NlsData0000.dll
2009-07-07 15:53:55 ----A---- C:\Windows\system32\NlsData0019.dll
2009-07-07 15:53:55 ----A---- C:\Windows\system32\NlsData0003.dll
2009-07-07 15:53:55 ----A---- C:\Windows\system32\NlsData0002.dll
2009-07-07 15:53:55 ----A---- C:\Windows\system32\NlsData0001.dll
2009-07-07 15:53:54 ----A---- C:\Windows\system32\NlsData004b.dll
2009-07-07 15:53:54 ----A---- C:\Windows\system32\NlsData004a.dll
2009-07-07 15:53:54 ----A---- C:\Windows\system32\NlsData0009.dll
2009-07-07 15:53:54 ----A---- C:\Windows\system32\NlsData0007.dll
2009-07-07 15:53:53 ----A---- C:\Windows\system32\NlsData004e.dll
2009-07-07 15:53:53 ----A---- C:\Windows\system32\NlsData004c.dll
2009-07-07 15:53:53 ----A---- C:\Windows\system32\NlsData003e.dll
2009-07-07 15:53:53 ----A---- C:\Windows\system32\NlsData002a.dll
2009-07-07 15:53:53 ----A---- C:\Windows\system32\NlsData001a.dll
2009-07-07 15:53:52 ----A---- C:\Windows\system32\NlsData001d.dll
2009-07-07 15:53:52 ----A---- C:\Windows\system32\NlsData001b.dll
2009-07-07 15:53:52 ----A---- C:\Windows\system32\NlsData000a.dll
2009-07-07 15:53:51 ----A---- C:\Windows\system32\NlsData000f.dll
2009-07-07 15:53:51 ----A---- C:\Windows\system32\NlsData000d.dll
2009-07-07 15:53:51 ----A---- C:\Windows\system32\NlsData000c.dll
2009-07-07 15:53:50 ----A---- C:\Windows\system32\NlsData081a.dll
2009-07-07 15:53:50 ----A---- C:\Windows\system32\NlsData0816.dll
2009-07-07 15:53:50 ----A---- C:\Windows\system32\NlsData0416.dll
2009-07-07 15:53:50 ----A---- C:\Windows\system32\NlsData0414.dll
2009-07-07 15:53:50 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-07-07 15:53:49 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2009-07-07 15:53:49 ----A---- C:\Windows\system32\NlsData0c1a.dll
2009-07-07 15:46:38 ----A---- C:\Windows\system32\rpcss.dll
2009-07-07 15:46:37 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-07-07 15:46:37 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-07-07 15:46:36 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-07-07 15:46:36 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-07-07 15:46:35 ----A---- C:\Windows\system32\sdohlp.dll
2009-07-07 15:46:35 ----A---- C:\Windows\system32\iasdatastore.dll
2009-07-07 15:46:35 ----A---- C:\Windows\system32\iasads.dll
2009-07-07 15:46:34 ----A---- C:\Windows\system32\iasrecst.dll
2009-07-07 15:44:23 ----A---- C:\Windows\system32\secur32.dll
2009-07-07 15:44:23 ----A---- C:\Windows\system32\lsass.exe
2009-07-07 15:44:23 ----A---- C:\Windows\system32\lsasrv.dll
2009-07-07 15:44:23 ----A---- C:\Windows\system32\kernel32.dll
2009-07-07 15:44:22 ----A---- C:\Windows\system32\apilogen.dll
2009-07-07 15:44:22 ----A---- C:\Windows\system32\amxread.dll
2009-07-07 15:42:30 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-07-07 15:42:29 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-07-07 15:42:29 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-07-07 15:29:50 ----A---- C:\Windows\system32\win32spl.dll
2009-07-07 15:29:50 ----A---- C:\Windows\system32\printcom.dll
2009-07-07 15:28:57 ----A---- C:\Windows\system32\wshrm.dll
2009-07-07 15:27:50 ----A---- C:\Windows\system32\oleaut32.dll
2009-07-07 15:26:34 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-07-07 15:26:34 ----A---- C:\Windows\system32\dnscacheugc.exe
2009-07-07 15:26:34 ----A---- C:\Windows\system32\dnsapi.dll
2009-07-07 15:25:59 ----A---- C:\Windows\system32\schannel.dll
2009-07-07 15:22:43 ----A---- C:\Windows\system32\infocardapi.dll
2009-07-07 15:22:43 ----A---- C:\Windows\system32\icardres.dll
2009-07-07 15:22:43 ----A---- C:\Windows\system32\icardagt.exe
2009-07-07 15:22:39 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-07 15:22:38 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-07-07 15:22:38 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-07-07 15:22:38 ----A---- C:\Windows\system32\PresentationHost.exe
2009-07-07 15:08:23 ----A---- C:\Windows\system32\netfxperf.dll
2009-07-07 15:08:23 ----A---- C:\Windows\system32\dfshim.dll
2009-07-07 15:08:21 ----A---- C:\Windows\system32\mscories.dll
2009-07-07 15:08:21 ----A---- C:\Windows\system32\mscorier.dll
2009-07-07 15:08:21 ----A---- C:\Windows\system32\mscoree.dll
2009-07-07 14:58:39 ----A---- C:\Windows\system32\rrinstaller.exe
2009-07-07 14:58:39 ----A---- C:\Windows\system32\mfps.dll
2009-07-07 14:58:39 ----A---- C:\Windows\system32\mfpmp.exe
2009-07-07 14:58:39 ----A---- C:\Windows\system32\mferror.dll
2009-07-07 14:58:39 ----A---- C:\Windows\system32\mf.dll
2009-07-07 14:58:38 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-07-07 14:58:38 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-07-07 14:58:38 ----A---- C:\Windows\system32\logagent.exe
2009-07-07 14:57:05 ----A---- C:\Windows\system32\INETRES.dll
2009-07-07 14:57:05 ----A---- C:\Windows\system32\inetcomm.dll
2009-07-07 14:56:48 ----A---- C:\Windows\system32\connect.dll
2009-07-07 14:56:21 ----A---- C:\Windows\system32\rpcrt4.dll
2009-07-07 14:56:02 ----A---- C:\Windows\system32\quartz.dll
2009-07-07 14:52:45 ----A---- C:\Windows\system32\msxml6.dll
2009-07-07 14:52:44 ----A---- C:\Windows\system32\msxml6r.dll
2009-07-07 14:15:16 ----A---- C:\Windows\system32\wups2.dll
2009-07-07 14:15:16 ----A---- C:\Windows\system32\wucltux.dll
2009-07-07 14:15:16 ----A---- C:\Windows\system32\wuaueng.dll
2009-07-07 14:15:16 ----A---- C:\Windows\system32\wuauclt.exe
2009-07-07 14:14:48 ----A---- C:\Windows\system32\wups.dll
2009-07-07 14:14:48 ----A---- C:\Windows\system32\wudriver.dll
2009-07-07 14:14:48 ----A---- C:\Windows\system32\wuapi.dll
2009-07-07 14:14:28 ----A---- C:\Windows\system32\wuwebv.dll
2009-07-07 14:14:28 ----A---- C:\Windows\system32\wuapp.exe
2009-05-25 08:16:28 ----A---- C:\Windows\system32\ElbyVCD.dll
2009-05-25 08:01:38 ----A---- C:\Windows\system32\ElbyCDIO.dll
2009-05-13 17:54:52 ----A---- C:\Windows\system32\divx_xx16.dll
2009-05-13 17:54:52 ----A---- C:\Windows\system32\divx_xx11.dll
2009-05-13 17:54:52 ----A---- C:\Windows\system32\divx_xx0c.dll
2009-05-13 17:54:52 ----A---- C:\Windows\system32\divx_xx0a.dll
2009-05-13 17:54:52 ----A---- C:\Windows\system32\divx_xx07.dll
2009-05-13 17:54:52 ----A---- C:\Windows\system32\DivX.dll

======List of files/folders modified in the last 3 months======

2009-08-09 12:51:52 ----D---- C:\Windows\Temp
2009-08-09 11:56:01 ----D---- C:\Windows\Prefetch
2009-08-08 20:49:08 ----D---- C:\Windows\System32
2009-08-08 20:49:08 ----D---- C:\Windows\inf
2009-08-08 20:49:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-08-08 20:47:27 ----AD---- C:\Windows
2009-08-08 13:49:34 ----D---- c:\Program Files\Mozilla Firefox
2009-08-08 13:22:02 ----D---- C:\Windows\system32\drivers
2009-08-08 13:20:40 ----RSD---- C:\Windows\Fonts
2009-08-08 13:19:02 ----D---- C:\Windows\system32\catroot
2009-08-08 13:17:15 ----D---- C:\Windows\twain_32
2009-08-08 13:16:26 ----HD---- c:\Program Files\InstallShield Installation Information
2009-08-08 13:16:16 ----RD---- C:\Program Files
2009-08-08 13:15:45 ----SHD---- C:\Windows\Installer
2009-08-08 13:14:37 ----D---- C:\Windows\winsxs
2009-08-08 13:13:37 ----D---- c:\Program Files\Common Files
2009-08-08 13:13:22 ----HD---- C:\ProgramData
2009-08-07 19:38:07 ----D---- C:\Windows\Minidump
2009-08-06 20:55:14 ----D---- c:\Program Files\QuickTime
2009-08-06 20:54:50 ----D---- C:\Windows\system32\Tasks
2009-08-06 20:54:49 ----D---- c:\Program Files\Apple Software Update
2009-08-06 20:50:51 ----D---- C:\Windows\Speech
2009-08-06 20:50:47 ----D---- C:\Program Files\Common Files\microsoft shared
2009-08-06 10:39:37 ----A---- C:\Windows\system32\javaws.exe
2009-08-06 10:39:37 ----A---- C:\Windows\system32\javaw.exe
2009-08-06 10:39:37 ----A---- C:\Windows\system32\java.exe
2009-08-06 10:39:35 ----D---- c:\Program Files\Java
2009-08-04 16:12:24 ----D---- C:\ProgramData\Adobe
2009-07-31 05:14:44 ----D---- C:\Windows\system32\migration
2009-07-31 05:14:42 ----D---- c:\Program Files\Internet Explorer
2009-07-30 17:23:00 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-29 05:38:43 ----D---- C:\Windows\system32\catroot2
2009-07-27 14:33:41 ----D---- C:\Program Files\Common Files\Adobe
2009-07-27 14:27:31 ----D---- c:\Program Files\Adobe
2009-07-26 13:51:38 ----D---- C:\WheelOfTime
2009-07-21 19:15:54 ----SD---- C:\Windows\Downloaded Program Files
2009-07-20 18:38:06 ----D---- c:\Program Files\DivX
2009-07-19 18:40:06 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-07-17 21:36:07 ----D---- c:\Program Files\Elaborate Bytes
2009-07-17 21:11:45 ----D---- c:\Program Files\Steam
2009-07-17 19:29:14 ----RSD---- C:\Windows\assembly
2009-07-17 19:29:03 ----D---- c:\Program Files\ATI Technologies
2009-07-17 19:14:42 ----D---- c:\Program Files\DScaler5
2009-07-17 19:11:04 ----D---- c:\Program Files\DirectVobSub
2009-07-14 22:09:56 ----D---- c:\Program Files\Windows Mail
2009-07-14 22:09:46 ----D---- C:\ProgramData\Microsoft Help
2009-07-14 18:58:16 ----SHD---- C:\Boot
2009-07-14 16:52:20 ----D---- C:\Windows\rescache
2009-07-14 16:50:22 ----A---- C:\Windows\win.ini
2009-07-14 16:35:02 ----D---- C:\Windows\system32\en-US
2009-07-14 16:35:02 ----D---- C:\Windows\PolicyDefinitions
2009-07-14 15:29:29 ----D---- C:\Windows\pss
2009-07-12 06:21:40 ----D---- C:\Windows\servicing
2009-07-11 21:03:18 ----D---- C:\Windows\Microsoft.NET
2009-07-11 20:57:23 ----ASH---- c:\Program Files\desktop.ini
2009-07-11 20:52:26 ----D---- c:\Program Files\Windows Sidebar
2009-07-11 20:52:26 ----D---- c:\Program Files\Windows Calendar
2009-07-11 20:52:26 ----D---- c:\Program Files\Movie Maker
2009-07-11 20:52:24 ----D---- c:\Program Files\Windows Media Player
2009-07-11 20:52:24 ----D---- c:\Program Files\Windows Collaboration
2009-07-11 20:52:23 ----D---- c:\Program Files\Windows Photo Gallery
2009-07-11 20:52:23 ----D---- c:\Program Files\Windows Journal
2009-07-11 20:52:20 ----D---- c:\Program Files\Windows Defender
2009-07-11 20:52:20 ----D---- C:\Program Files\Common Files\System
2009-07-11 20:52:19 ----D---- C:\Windows\ehome
2009-07-11 20:52:18 ----D---- C:\Windows\MSAgent
2009-07-11 20:52:16 ----D---- C:\Windows\L2Schemas
2009-07-11 20:52:16 ----D---- C:\Windows\IME
2009-07-11 20:52:16 ----D---- C:\Windows\DigitalLocker
2009-07-11 20:52:15 ----D---- C:\Windows\system32\ko-KR
2009-07-11 20:52:15 ----D---- C:\Windows\system32\da-DK
2009-07-11 20:52:15 ----D---- C:\Windows\system32\com
2009-07-11 20:52:15 ----D---- C:\Windows\system32\0409
2009-07-11 20:52:10 ----D---- C:\Windows\system32\oobe
2009-07-11 20:52:10 ----D---- C:\Windows\system32\it-IT
2009-07-11 20:52:10 ----D---- C:\Windows\system32\el-GR
2009-07-11 20:52:10 ----D---- C:\Windows\system32\de-DE
2009-07-11 20:52:09 ----D---- C:\Windows\system32\sysprep
2009-07-11 20:52:07 ----D---- C:\Windows\system32\AdvancedInstallers
2009-07-11 20:52:06 ----D---- C:\Windows\system32\sv-SE
2009-07-11 20:52:06 ----D---- C:\Windows\system32\SLUI
2009-07-11 20:52:06 ----D---- C:\Windows\system32\setup
2009-07-11 20:52:06 ----D---- C:\Windows\system32\ru-RU
2009-07-11 20:52:06 ----D---- C:\Windows\system32\pt-PT
2009-07-11 20:52:06 ----D---- C:\Windows\system32\ias
2009-07-11 20:52:06 ----D---- C:\Windows\system32\hu-HU
2009-07-11 20:52:06 ----D---- C:\Windows\system32\he-IL
2009-07-11 20:52:06 ----D---- C:\Windows\system32\fr-FR
2009-07-11 20:52:06 ----D---- C:\Windows\system32\fi-FI
2009-07-11 20:52:06 ----D---- C:\Windows\system32\cs-CZ
2009-07-11 20:52:04 ----D---- C:\Windows\system32\zh-TW
2009-07-11 20:52:04 ----D---- C:\Windows\system32\zh-CN
2009-07-11 20:52:04 ----D---- C:\Windows\system32\ro-RO
2009-07-11 20:52:04 ----D---- C:\Windows\system32\pl-PL
2009-07-11 20:52:04 ----D---- C:\Windows\system32\manifeststore
2009-07-11 20:52:04 ----D---- C:\Windows\system32\ja-JP
2009-07-11 20:52:04 ----D---- C:\Windows\system32\es-ES
2009-07-11 20:52:04 ----D---- C:\Windows\system32\en
2009-07-11 20:52:01 ----D---- C:\Windows\system32\wbem
2009-07-11 20:52:01 ----D---- C:\Windows\system32\tr-TR
2009-07-11 20:51:59 ----D---- C:\Windows\system32\nl-NL
2009-07-11 20:51:59 ----D---- C:\Windows\system32\nb-NO
2009-07-11 20:51:59 ----D---- C:\Windows\system32\ar-SA
2009-07-11 20:51:57 ----D---- C:\Windows\system32\pt-BR
2009-07-11 20:51:57 ----D---- C:\Windows\system32\migwiz
2009-07-11 20:51:12 ----D---- C:\Windows\AppPatch
2009-07-11 20:51:05 ----D---- C:\Windows\system32\Boot
2009-07-11 20:38:55 ----A---- C:\Windows\system32\ifxcardm.dll
2009-07-11 20:38:47 ----A---- C:\Windows\system32\axaltocm.dll
2009-07-11 20:28:10 ----D---- C:\Windows\Boot
2009-07-11 20:28:05 ----D---- C:\perflogs
2009-07-11 17:23:09 ----SHD---- C:\System Volume Information
2009-07-11 17:15:21 ----D---- C:\Windows\Tasks
2009-07-11 16:36:42 ----D---- C:\Windows\Logs
2009-07-11 16:36:32 ----D---- c:\Program Files\Microsoft Games
2009-07-11 16:34:52 ----D---- C:\Windows\system32\uk-UA
2009-07-11 16:34:52 ----D---- C:\Windows\system32\th-TH
2009-07-11 16:34:52 ----D---- C:\Windows\system32\sr-Latn-CS
2009-07-11 16:34:52 ----D---- C:\Windows\system32\sl-SI
2009-07-11 16:34:52 ----D---- C:\Windows\system32\sk-SK
2009-07-11 16:34:51 ----D---- C:\Windows\system32\lv-LV
2009-07-11 16:34:51 ----D---- C:\Windows\system32\lt-LT
2009-07-11 16:34:51 ----D---- C:\Windows\system32\hr-HR
2009-07-11 16:34:51 ----D---- C:\Windows\system32\et-EE
2009-07-11 16:34:51 ----D---- C:\Windows\system32\bg-BG
2009-07-11 16:33:54 ----RSD---- C:\Windows\Media
2009-07-11 16:10:36 ----D---- c:\Program Files\CD Audio Reader Filter
2009-07-11 13:59:31 ----D---- C:\Users\Shane\AppData\Roaming\Adobe
2009-07-11 13:38:05 ----D---- C:\Users\Shane\AppData\Roaming\Azureus
2009-07-10 11:51:09 ----SD---- C:\Users\Shane\AppData\Roaming\Microsoft
2009-07-08 19:02:57 ----D---- c:\Program Files\VistaCodecPack
2009-07-08 18:59:17 ----D---- c:\Program Files\OpenSource Flash Video Splitter
2009-07-08 18:57:00 ----D---- c:\Program Files\Bonjour
2009-07-08 17:56:43 ----D---- c:\Program Files\Windows Live Toolbar
2009-07-08 17:56:05 ----SD---- C:\ProgramData\Microsoft
2009-07-08 10:54:04 ----D---- c:\Program Files\MSECache
2009-07-08 10:44:11 ----D---- c:\Program Files\iPod
2009-07-07 19:11:51 ----D---- C:\Users\Shane\AppData\Roaming\Mozilla
2009-07-07 16:33:23 ----D---- C:\Program Files\Common Files\Steam
2009-07-07 16:23:12 ----D---- C:\Windows\system32\XPSViewer
2009-07-07 15:38:30 ----D---- c:\Program Files\Microsoft Works
2009-07-07 15:31:37 ----D---- c:\Program Files\Microsoft SQL Server
2009-07-07 15:31:20 ----D---- C:\Windows\Registration
2009-07-07 14:27:35 ----D---- c:\Program Files\Google
2009-07-07 14:14:03 ----D---- C:\ProgramData\Google
2009-07-07 11:10:56 ----A---- C:\Windows\system32\mrt.exe
2009-07-06 20:45:28 ----HD---- C:\Windows\system32\GroupPolicyUsers

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2007-08-30 320000]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-06-16 371248]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2006-10-06 406672]
R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2006-11-22 247144]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2006-11-22 25448]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2006-10-26 185744]
R2 tmcomm;tmcomm; \??\C:\Windows\system32\drivers\tmcomm.sys [2007-12-24 138384]
R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\Windows\system32\DRIVERS\atinavt2.sys [2007-11-06 173696]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-27 2770432]
R3 CT20XUT.DLL;CT20XUT.DLL; C:\Windows\system32\CT20XUT.DLL [2007-03-05 170808]
R3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2007-03-05 520504]
R3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\Windows\system32\CTEXFIFX.DLL [2007-03-05 1323832]
R3 CTHWIUT.DLL;CTHWIUT.DLL; C:\Windows\system32\CTHWIUT.DLL [2007-03-05 73016]
R3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2007-03-05 14648]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2007-03-05 157496]
R3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2007-03-05 92984]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-06-16 101936]
R3 ha20x2k;Creative 20X HAL Driver; C:\Windows\system32\drivers\ha20x2k.sys [2007-03-05 1163576]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090808.003\NAVENG.SYS [2009-07-14 87888]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090808.003\NAVEX15.SYS [2009-07-14 875728]
R3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2007-03-05 126776]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2007-03-30 109744]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2006-10-26 26384]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-05-22 29696]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S3 COMMONFX.DLL;COMMONFX.DLL; C:\Windows\system32\COMMONFX.DLL [2007-03-05 98616]
S3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2007-03-05 511288]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\Windows\system32\CTAUDFX.DLL [2007-03-05 552248]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\Windows\system32\drivers\ctdvda2k.sys [2007-03-05 347144]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\Windows\system32\CTEAPSFX.DLL [2007-03-05 174392]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\Windows\system32\CTEDSPFX.DLL [2007-03-05 286520]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\Windows\system32\CTEDSPIO.DLL [2007-03-05 134968]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\Windows\system32\CTEDSPSY.DLL [2007-03-05 329528]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\Windows\system32\CTERFXFX.DLL [2007-03-05 101176]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\Windows\system32\CTSBLFX.DLL [2007-03-05 566584]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2009-07-21 17488]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-27 2770432]
S3 RimUsb;BlackBerry Device; C:\Windows\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2006-11-02 8192]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2006-11-22 274328]
S3 TVICHW32;TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [2009-07-21 23600]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-06-27 606208]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2009-02-20 30312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-22 107624]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-22 107624]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-11-28 30872]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2007-12-31 66872]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-11-28 1962136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2006-11-02 521216]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-27 651720]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-07 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-10-31 2541248]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-07 316664]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2006-11-02 562176]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------
irridion
Active Member
 
Posts: 9
Joined: July 28th, 2009, 1:01 am

Re: Uh oh ! my HJthis log

Unread postby Sharagoz » August 9th, 2009, 1:48 pm

You got the RIST logs posted fine, so lets see if we can get that GMER log too.

Temporarily disable Symantec Antivirus before launching GMER.

Download and run GMER
  • Download gmer.zip by GMER from here and extract it to a folder on your desktop
  • Double click on gmer.exe to launch the program
  • If asked, allow the gmer.sys driver to load
  • If it warns you about rootkit activity and asks if you want to run scan, click OK
  • If you don't get a warning, click the Rootkit/Malware tab and then Scan
    (The scan typically takes around 30 minutes to complete)
  • Once the scan has finished, click copy
    (There is no message displayed when the scan is finished, it will simply stop going through files)
  • A log will now be copied to the clip board
  • Paste this log into your next reply

I asked about the bluescreen in my last post, but you forgot to answer:
Your system has gone into bluescreen when running HiJackThis, GMER and Spybot?
Has this happened at other times?
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Uh oh ! my HJthis log

Unread postby irridion » August 9th, 2009, 6:05 pm

Hey!
Actually no the system has never done this before...Symantec keeps finding some trojan in the temp files now. Every few minutes!
irridion
Active Member
 
Posts: 9
Joined: July 28th, 2009, 1:01 am

Re: Uh oh ! my HJthis log

Unread postby irridion » August 11th, 2009, 10:49 am

GMER Scan of C drive
GMER 1.0.15.15011 [dmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-11 10:48:52
Windows 6.0.6000


---- System - GMER 1.0.15 ----

SSDT 86AF6ED0 ZwAlertResumeThread
SSDT 86AFAE00 ZwAlertThread
SSDT 86AFD758 ZwAllocateVirtualMemory
SSDT 86B03C08 ZwConnectPort
SSDT 86AF6C30 ZwCreateMutant
SSDT 86AFA948 ZwCreateThread
SSDT 86AF54B0 ZwFreeVirtualMemory
SSDT 86AF6D10 ZwImpersonateAnonymousToken
SSDT 86AF6DF0 ZwImpersonateThread
SSDT 86AEB308 ZwMapViewOfSection
SSDT 86AF6B50 ZwOpenEvent
SSDT 86AF44B8 ZwOpenProcessToken
SSDT 86AEB688 ZwOpenThreadToken
SSDT 86AF5450 ZwResumeThread
SSDT 86AEC620 ZwSetContextThread
SSDT 86AEB768 ZwSetInformationProcess
SSDT 86AEC540 ZwSetInformationThread
SSDT 86AF6A70 ZwSuspendProcess
SSDT 86AFAF48 ZwSuspendThread
SSDT 86B039A0 ZwTerminateProcess
SSDT 86AEC460 ZwTerminateThread
SSDT 86AEB228 ZwUnmapViewOfSection
SSDT 86AF5570 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload 8C047FEB 5 Bytes JMP 848B4770

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3652] kernel32.dll!SetUnhandledExceptionFilter 75EED177 5 Bytes JMP 59D85436 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8071861E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80717AD4] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80718748] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [80717B9C] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [80717C1A] \SystemRoot\System32\Drivers\sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 83E711E8
Device \FileSystem\fastfat \FatCdrom 840E9338
Device \Driver\netbt \Device\NetBT_Tcpip_{CCDE68D5-08C1-4CF7-A047-0239BA2CF0B8} 86B6C790
Device \Driver\volmgr \Device\VolMgrControl 83E6E1E8
Device \Driver\usbuhci \Device\USBPDO-0 855731E8
Device \Driver\usbuhci \Device\USBPDO-1 855731E8
Device \Driver\usbehci \Device\USBPDO-2 85580790
Device \Driver\usbuhci \Device\USBPDO-3 855731E8
Device \Driver\usbuhci \Device\USBPDO-4 855731E8

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-5 855731E8
Device \Driver\usbehci \Device\USBPDO-6 85580790
Device \Driver\volmgr \Device\HarddiskVolume1 83E6E1E8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 83E6E1E8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 85587790
Device \Driver\volmgr \Device\HarddiskVolume3 83E6E1E8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 83E701E8
Device \Driver\atapi \Device\Ide\IdePort0 83E701E8
Device \Driver\atapi \Device\Ide\IdePort1 83E701E8
Device \Driver\atapi \Device\Ide\IdePort2 83E701E8
Device \Driver\atapi \Device\Ide\IdePort3 83E701E8
Device \Driver\atapi \Device\Ide\IdePort4 83E701E8
Device \Driver\atapi \Device\Ide\IdePort5 83E701E8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-0 83E701E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-4 83E701E8
Device \Driver\volmgr \Device\HarddiskVolume4 83E6E1E8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\netbt \Device\NetBt_Wins_Export 86B6C790
Device \Driver\USBSTOR \Device\00000078 85DAA790
Device \Driver\USBSTOR \Device\00000079 85DAA790
Device \Driver\iScsiPrt \Device\RaidPort0 85593790

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 855731E8
Device \Driver\USBSTOR \Device\0000007a 85DAA790
Device \Driver\usbuhci \Device\USBFDO-1 855731E8
Device \Driver\usbehci \Device\USBFDO-2 85580790
Device \Driver\usbuhci \Device\USBFDO-3 855731E8
Device \Driver\usbuhci \Device\USBFDO-4 855731E8
Device \Driver\usbuhci \Device\USBFDO-5 855731E8
Device \Driver\usbehci \Device\USBFDO-6 85580790
Device \Driver\VClone \Device\Scsi\VClone1 8562B1E8
Device \FileSystem\fastfat \Fat 840E9338

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service system32\drivers\MSIVXtrvvpyvqjflwxfiphmtsacihrbsicvxa.sys (*** hidden *** ) [SYSTEM] MSIVXserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXtrvvpyvqjflwxfiphmtsacihrbsicvxa.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXtrvvpyvqjflwxfiphmtsacihrbsicvxa.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXbmdudqpmjpddbrcxdmwjnfloaddvqwjp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXodrpunponwraniuxdefepntfmtvlfgpc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFA 0xA2 0x5A 0x05 ...
Reg HKLM\SYSTEM\ControlSet018\Services\MSIVXserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet018\Services\MSIVXserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet018\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXtrvvpyvqjflwxfiphmtsacihrbsicvxa.sys
Reg HKLM\SYSTEM\ControlSet018\Services\MSIVXserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet018\Services\MSIVXserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet018\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXtrvvpyvqjflwxfiphmtsacihrbsicvxa.sys
Reg HKLM\SYSTEM\ControlSet018\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXbmdudqpmjpddbrcxdmwjnfloaddvqwjp.dll
Reg HKLM\SYSTEM\ControlSet018\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXodrpunponwraniuxdefepntfmtvlfgpc.dll
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFA 0xA2 0x5A 0x05 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: copy of MBR

---- EOF - GMER 1.0.15 ----
irridion
Active Member
 
Posts: 9
Joined: July 28th, 2009, 1:01 am

Re: Uh oh ! my HJthis log

Unread postby Sharagoz » August 11th, 2009, 11:45 am

Symantec keeps finding some trojan in the temp files now. Every few minutes!
Do the files have a name of DWH****.tmp?



Disable Symantec Antivirus before the next step

1) Download and Run ComboFix
  • Visit this webpage for download links and and instructions on how to properly run ComboFix:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
    Note: You have an infection that might try to block ComboFix from running. Rename combofix.exe to cf.exe before you run it.
  • Make sure you install the recovery console if asked to
    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time and can be a lifesaver later.
    Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • Run ComboFix as instructed by the tutorial. Normal scan time is 10-20 minutes. When ComboFix is finished running, a log will be opened. Include this log in your next reply.

Enable Symantec Antivirus again

2) Get new RSIT log
  • Double click on RSIT.exe (on your desktop) to run RSIT
  • Click Continue at the disclaimer screen to start the scanner
  • When the scan finishes a log will open. Include this log in your next reply
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Uh oh ! my HJthis log

Unread postby NonSuch » August 16th, 2009, 6:29 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 614 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware