Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My HiJackThis Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My HiJackThis Log

Unread postby dragon910 » December 27th, 2009, 3:41 pm

Can someone analyze my log to see if I have any viruses or keyloggers? Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:55 PM, on 12/27/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\KeyScrambler\KeyScrambler.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: [Internet Media][AS12008][204.69.234.0 - 204.69.234.255]
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe /a
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll c:\progra~1\google\google~2\goec62~1.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe (file missing)

--
End of file - 11975 bytes
dragon910
Active Member
 
Posts: 13
Joined: December 27th, 2009, 3:38 pm
Advertisement
Register to Remove

Re: My HiJackThis Log

Unread postby MWR 3 day Mod » December 30th, 2009, 5:39 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: My HiJackThis Log

Unread postby Wingman » January 1st, 2010, 2:55 pm

Hello... dragon910... welcome to the forum.
I apologize for the delay getting to your log... as you can see the forum is very busy.

My name is Wingman, and I'll be helping you with any malware problems.
The logs I request can take a while to research, so please be patient.

Before we begin...please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. DO NOT run any other fix or removal tools unless instructed to do so!
  3. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  4. Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  5. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  6. Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean"

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

What makes you think you have a virus or keylogger. What symptoms, if any, are your experiencing?

Step 1.
GMER
The downloaded file will have a random name... this prevents malware from detecting and blocking it.
Please download GMER... random file name.exe by GMER. An alternate (zip file) download site.
Note: Do not run any programs while Gmer is running.
**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  1. Double click on the random named.exe to execute. If asked, allow the gmer.sys driver load.
    Using Vista, you must right click random named.exe and choose "Run As Administrator".
  2. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO <--- Important!
  3. On the right side panel, several boxes have been checked. Please UNCHECK the following: (see image below)
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All <-- don't miss this one

    Image
    Click on image to enlarge
  4. If you don't get a warning then... Click the Rootkit/Malware tab at the top of the GMER window.
  5. Click the Scan button.
  6. Once the scan has finished... click Save. The Save... window will open.
  7. Save the scan results as gmerroot.log, save it to your Desktop.
  8. Double click on the desktop "gmerroot.log" file, to open in Notepad.
  9. Copy and paste the contents of the file gmerroot.log in your next reply.

Step 2.
RSIT (Random's System Information Tool)
Please download RSIT by random/random... save it to your desktop.
  1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  2. Please read the disclaimer... click on Continue.
  3. RSIT will start running. When done... 2 logs files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. GMER - gmerroot.txt file contents.
  3. RSIT log.txt and info.txt file contents.
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: My HiJackThis Log

Unread postby dragon910 » January 1st, 2010, 5:00 pm

I can't finish the scan with GMER cause when I use it, my laptop crashes, and it says something about Windows detecting something on my computer so it has to shut down. It said something about "pwddrpow.sys" or something.
dragon910
Active Member
 
Posts: 13
Joined: December 27th, 2009, 3:38 pm

Re: My HiJackThis Log

Unread postby Wingman » January 1st, 2010, 5:52 pm

Hello dragon910,

Thanks for letting me know. We'll try a different scanner.
Again... What makes you think you have a virus or keylogger. What symptoms, if any, are your experiencing?

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me.
Please read these instructions carefully before executing and then perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
SysProt AntiRootkit
Please download SysProt.zip ... by swatkat. Save it to your desktop.
Alternate download sites include: Softpedia, MajorGeeks, BetaNews and FreewareGeeks
If you have a 3rd party "unzipping" program...use it to open the zipped file...then skip to Step 5. Otherwise...
  1. Right click on SysProt.zip and select "Extract All"....
  2. Click Next on the "Welcome to the Compressed (zipped) Folders Extraction Wizard."
  3. Click on the Browse...button, then click on Desktop, then click OK.
  4. Once done, check (tick) the Show extracted files box and click Finish.
  5. Open the SysProt folder... Double click Sysprot.exe to start the program.
    Using VISTA, you must right-click "Sysprot.exe" and select "Run As Administrator", to start the program.
  6. Click on the Log tab.
  7. In the Write to log box... check ALL items... then check Hidden Objects Only at the bottom of the window.
  8. Click the Create Log button... (After a few seconds a new window should appear.)
  9. Select Scan root drive only... then click the Start button, to begin scanning.
    When completed, a window appears indicating the scan finished & a log file was successfully created.
    The SysProt folder on your desktop, will contain the scan results file named "SysProtLog.txt".
  10. Please copy and paste the contents of SysProtLog.txt into your next reply.

Step 2.
RSIT (Random's System Information Tool)
Please download RSIT by random/random... save it to your desktop.
  1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  2. Please read the disclaimer... click on Continue.
  3. RSIT will start running. When done... 2 logs files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Answer to my question.
  3. SysProt - SysProtlog.txt file contents.
  4. RSIT log.txt and info.txt file contents.
  5. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: My HiJackThis Log

Unread postby dragon910 » January 3rd, 2010, 1:24 am

1. There was no problem in executing the instructions.
2. An account for a forum was stolen, but it might have been from being phished. I'm not sure if its a keylogger or not. Sometimes, my laptop is really slow(and some programs crash). Like..a program isn't "responding" even though I just barely clicked it. Another thing that almost made me paranoid was the "harmful program being detected on windows, shutting down" thing. These kind of things scare me a lot.
5. The computer is behaving fine, but sometimes some programs don't respond(like I said above).
3. SysProtlog.txt
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: 8BA9A000
Module End: 8BB61000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAlpcConnectPort
Address: 8B0BD000
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwAssignProcessToJobObject
Address: 8B0B9A60
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwClose
Address: 8B09EBF0
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwConnectPort
Address: 8B0BB920
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwCreateFile
Address: 8B09AF60
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwCreateKey
Address: 8B0A6090
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwCreateProcess
Address: 8B0B22B0
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwCreateProcessEx
Address: 8B0B2BB0
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwCreateSection
Address: 8B099D10
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwCreateSymbolicLinkObject
Address: 8B0A5E40
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwCreateThread
Address: 8B0B0D70
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwDebugActiveProcess
Address: 8B0BEF30
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwDeleteFile
Address: 8B0A4B20
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwDeleteKey
Address: 8B0A7900
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwDeleteValueKey
Address: 8B0AE3A0
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwLoadDriver
Address: 8B0AFBB0
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwMakeTemporaryObject
Address: 8B0A56B0
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwOpenFile
Address: 8B09DC10
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwOpenKey
Address: 8B0A6FC0
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwOpenProcess
Address: 8B0B4CA0
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwOpenSection
Address: 8B09A580
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwOpenThread
Address: 8B0B4060
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwProtectVirtualMemory
Address: 8B0BADA0
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwQueryDirectoryFile
Address: 8B09F8A0
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwQueryKey
Address: 8B0A9750
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwQueryValueKey
Address: 8B0A9FA0
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwQueueApcThread
Address: 8B0B8ED0
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwRenameKey
Address: 8B0AD590
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwReplaceKey
Address: 8B0AB500
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwRequestPort
Address: 8B0BDA50
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwRequestWaitReplyPort
Address: 8B0BDD70
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwRestoreKey
Address: 8B0ACD20
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwSaveKey
Address: 8B0ABC80
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwSaveKeyEx
Address: 8B0AC4D0
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwSecureConnectPort
Address: 8B0BC480
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwSetContextThread
Address: 8B0B8440
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwSetInformationDebugObject
Address: 8B0BF520
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwSetInformationFile
Address: 8B0A0BF0
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwSetSystemInformation
Address: 8B0AF1C0
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwSetValueKey
Address: 8B0AA820
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwSuspendProcess
Address: 8B0B7190
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwSuspendThread
Address: 8B0B7AC0
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwSystemDebugControl
Address: 8B0BE770
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwTerminateProcess
Address: 8B0B5790
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwTerminateThread
Address: 8B0B6620
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwUnloadDriver
Address: 8B0B0530
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwWriteVirtualMemory
Address: 8B0BA2B0
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwCreateThreadEx
Address: 8B0B17F0
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

Function Name: ZwCreateUserProcess
Address: 8B0B34C0
Driver Base: 8B099000
Driver End: 8B144000
Driver Name: \??\C:\Windows\system32\drivers\SandBox.sys

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwYieldExecution
At Address: 81870982
Jump To: 8BA1D7C8
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwUnmapViewOfSection
At Address: 81A55709
Jump To: 8BA1D7F2
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwSetInformationProcess
At Address: 81A59474
Jump To: 8BA1D778
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwNotifyChangeKey
At Address: 81A045B5
Jump To: 8BA1D81F
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwMapViewOfSection
At Address: 81A55446
Jump To: 8BA1D7DC
Module Name: C:\Windows\system32\drivers\mfehidk.sys

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: C:\Windows\system32\drivers\nsiproxy.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8B03A6E2
Hooking Module: C:\Windows\system32\drivers\afwcore.sys

Hooked Module: C:\Windows\system32\drivers\nsiproxy.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8B03A4F0
Hooking Module: C:\Windows\system32\drivers\afwcore.sys

******************************************************************************************
******************************************************************************************
Ports:
Local Address: ANDY-PC.GATEWAY.2WIRE.NET:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: ANDY-PC.GATEWAY.2WIRE.NET:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: ANDY-PC:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: ANDY-PC:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: ANDY-PC:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: ANDY-PC:49157
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: ANDY-PC:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: ANDY-PC:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: ANDY-PC:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: ANDY-PC:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: ANDY-PC:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: ANDY-PC:6646
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
State: LISTENING

Local Address: ANDY-PC:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: ANDY-PC:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: ANDY-PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: ANDY-PC.GATEWAY.2WIRE.NET:53552
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ANDY-PC.GATEWAY.2WIRE.NET:6646
Remote Address: NA
Type: UDP
Process: C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
State: NA

Local Address: ANDY-PC.GATEWAY.2WIRE.NET:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: ANDY-PC.GATEWAY.2WIRE.NET:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ANDY-PC.GATEWAY.2WIRE.NET:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: ANDY-PC.GATEWAY.2WIRE.NET:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: ANDY-PC.GATEWAY.2WIRE.NET:53551
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ANDY-PC.GATEWAY.2WIRE.NET:6646
Remote Address: NA
Type: UDP
Process: C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
State: NA

Local Address: ANDY-PC.GATEWAY.2WIRE.NET:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: ANDY-PC.GATEWAY.2WIRE.NET:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ANDY-PC.GATEWAY.2WIRE.NET:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: ANDY-PC.GATEWAY.2WIRE.NET:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: ANDY-PC:53554
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ANDY-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ANDY-PC:53553
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ANDY-PC:6646
Remote Address: NA
Type: UDP
Process: C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
State: NA

Local Address: ANDY-PC:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: ANDY-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ANDY-PC:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: ANDY-PC:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: ANDY-PC:68
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ANDY-PC:56801
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ANDY-PC:56799
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: ANDY-PC:51821
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: ANDY-PC:LLMNR
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ANDY-PC:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ANDY-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ANDY-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ANDY-PC:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ANDY-PC:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\SPP
Status: Access denied

Object: C:\System Volume Information\SystemRestore
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\{2fbfc7e7-f3d3-11de-aab8-001d60f3fd63}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{75776a86-f631-11de-a3b6-001d60f3fd63}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{976ddf53-f7ec-11de-8bb6-001d60f3fd63}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{bc1c199c-f717-11de-b32d-001d60f3fd63}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Access denied
Last edited by dragon910 on January 3rd, 2010, 5:08 pm, edited 2 times in total.
dragon910
Active Member
 
Posts: 13
Joined: December 27th, 2009, 3:38 pm

Re: My HiJackThis Log

Unread postby dragon910 » January 3rd, 2010, 1:25 am

RSIT log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by Andy at 2010-01-02 21:16:49
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 35 GB (47%) free of 75 GB
Total RAM: 1014 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:48 PM, on 1/2/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\KeyScrambler\KeyScrambler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Andy\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Andy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: [Internet Media][AS12008][204.69.234.0 - 204.69.234.255]
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe /a
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BA2E328-50AF-446B-A44C-BC131CB3F659}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{872D7EC5-B036-4FA0-9D70-2D42C4F0BF46}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{7BA2E328-50AF-446B-A44C-BC131CB3F659}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll c:\progra~1\google\google~2\goec62~1.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe (file missing)

--
End of file - 12161 bytes

======Scheduled tasks folder======

C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-01-22 161200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}]
KeyScramblerBHO Class - C:\Program Files\KeyScrambler\KeyScramblerIE.dll [2009-03-24 833776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-08-04 5960520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-12 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-12 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-08-04 5960520]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]
{DE9C389F-3316-41A7-809B-AA305ED9D922}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-12 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-22 894248]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-06 4669440]
"Skytel"=C:\Windows\Skytel.exe [2007-06-15 1826816]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-06-06 142104]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-06-06 154392]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-06-06 138008]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"KeyScrambler"=C:\Program Files\KeyScrambler\keyscrambler.exe [2009-03-24 510704]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-07-07 1176808]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2009-04-28 2374464]
"OutpostFeedBack"=C:\Program Files\Agnitum\Outpost Firewall\feedback.exe [2009-04-28 428032]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=TOSCDSPD.EXE []
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1145860967]
C:\Program Files\Toshiba Registration\Registration.exe [2007-03-19 65603]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX8400 Series]
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE [2007-02-15 179200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-08-09 1862144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-13 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~1\agnitum\outpos~1\wl_hook.dll c:\progra~1\google\google~2\goec62~1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-05-31 200704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2010-01-02 21:16:49 ----D---- C:\rsit
2010-01-01 12:28:23 ----D---- C:\Windows\Minidump
2009-12-27 14:11:19 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-12-27 14:11:19 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-27 13:40:57 ----D---- C:\Program Files\SpywareBlaster
2009-12-27 13:29:56 ----D---- C:\Program Files\Agnitum
2009-12-27 13:29:34 ----D---- C:\ProgramData\Agnitum
2009-12-27 11:34:59 ----D---- C:\Program Files\Trend Micro
2009-12-24 14:21:13 ----A---- C:\Windows\system32\SpOrder.dll
2009-12-24 14:21:09 ----A---- C:\Windows\system32\VistaInfo32.dll
2009-12-10 19:26:20 ----D---- C:\Users\Andy\AppData\Roaming\gtk-2.0
2009-12-09 16:47:40 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 16:47:39 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 16:47:37 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 16:47:37 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 16:47:37 ----A---- C:\Windows\system32\iertutil.dll
2009-12-09 16:47:36 ----A---- C:\Windows\system32\occache.dll
2009-12-09 16:47:36 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-09 16:47:36 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-09 16:47:34 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-09 16:47:34 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-09 16:47:34 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-09 16:47:34 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 16:47:34 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-09 16:47:34 ----A---- C:\Windows\system32\iepeers.dll
2009-12-09 16:47:33 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-09 16:47:33 ----A---- C:\Windows\system32\iesetup.dll
2009-12-09 16:47:33 ----A---- C:\Windows\system32\iernonce.dll
2009-12-09 16:47:33 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-09 16:21:35 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 16:18:01 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-09 16:18:01 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 16:16:29 ----A---- C:\Windows\system32\rastls.dll
2009-12-03 17:30:55 ----D---- C:\Users\Andy\AppData\Roaming\Apple Computer
2009-12-03 17:29:52 ----A---- C:\Windows\system32\GEARAspi.dll
2009-12-03 17:29:51 ----DC---- C:\Windows\system32\DRVSTORE
2009-12-03 17:28:13 ----D---- C:\Program Files\iPod
2009-12-03 17:28:09 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-03 17:28:09 ----D---- C:\Program Files\iTunes
2009-12-03 17:26:39 ----D---- C:\Program Files\Bonjour
2009-12-03 17:24:57 ----D---- C:\Program Files\QuickTime
2009-12-03 17:24:55 ----D---- C:\ProgramData\Apple Computer
2009-12-03 17:24:11 ----D---- C:\Program Files\Apple Software Update
2009-12-03 17:20:46 ----D---- C:\ProgramData\Apple
2009-12-03 17:20:46 ----D---- C:\Program Files\Common Files\Apple
2009-11-28 19:27:30 ----D---- C:\ProgramData\Nexon
2009-11-25 16:26:14 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 07:18:04 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 07:18:04 ----A---- C:\Windows\system32\msxml3.dll
2009-11-24 16:53:44 ----D---- C:\ProgramData\MySQL
2009-11-18 22:11:02 ----D---- C:\Users\Andy\AppData\Roaming\MySQL
2009-11-11 17:49:20 ----A---- C:\Windows\system32\WSDApi.dll
2009-11-06 19:51:23 ----D---- C:\Program Files\GIMP-2.0
2009-11-05 16:09:35 ----D---- C:\Users\Andy\AppData\Roaming\GetRightToGo
2009-11-04 06:45:22 ----D---- C:\Program Files\LogMeIn Hamachi
2009-11-03 15:56:04 ----A---- C:\Windows\system32\wups2.dll
2009-11-03 15:56:03 ----A---- C:\Windows\system32\wucltux.dll
2009-11-03 15:56:03 ----A---- C:\Windows\system32\wuaueng.dll
2009-11-03 15:56:03 ----A---- C:\Windows\system32\wuauclt.exe
2009-11-03 15:55:17 ----A---- C:\Windows\system32\wups.dll
2009-11-03 15:55:17 ----A---- C:\Windows\system32\wudriver.dll
2009-11-03 15:55:17 ----A---- C:\Windows\system32\wuapi.dll
2009-11-03 15:54:54 ----A---- C:\Windows\system32\wuwebv.dll
2009-11-03 15:54:54 ----A---- C:\Windows\system32\wuapp.exe
2009-11-03 07:14:15 ----D---- C:\Program Files\Windows Portable Devices
2009-11-03 07:11:41 ----A---- C:\Windows\system32\UIAnimation.dll
2009-11-03 07:11:38 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-11-03 07:11:38 ----A---- C:\Windows\system32\UIRibbon.dll
2009-11-03 07:10:54 ----A---- C:\Windows\system32\WMPhoto.dll
2009-11-03 07:10:50 ----A---- C:\Windows\system32\cdd.dll
2009-11-03 07:10:47 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-11-03 07:10:47 ----A---- C:\Windows\system32\d3d10warp.dll
2009-11-03 07:10:46 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-11-03 07:10:46 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-11-03 07:10:46 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-11-03 07:10:46 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-11-03 07:10:46 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-11-03 07:10:46 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-11-03 07:10:46 ----A---- C:\Windows\system32\dxdiagn.dll
2009-11-03 07:10:46 ----A---- C:\Windows\system32\dxdiag.exe
2009-11-03 07:10:46 ----A---- C:\Windows\system32\d2d1.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\xpsservices.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\XpsPrint.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\OpcServices.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\FntCache.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\dxgi.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\DWrite.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\d3d11.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\d3d10level9.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\d3d10core.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-11-03 07:10:44 ----A---- C:\Windows\system32\d3d10_1.dll
2009-11-03 07:10:44 ----A---- C:\Windows\system32\d3d10.dll
2009-11-03 07:10:10 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-11-03 07:10:10 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-11-03 07:10:10 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-11-03 07:09:56 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-11-03 07:09:48 ----A---- C:\Windows\system32\WpdMtpUS.dll
2009-11-03 07:09:48 ----A---- C:\Windows\system32\WpdConns.dll
2009-11-03 07:09:47 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-11-03 07:09:47 ----A---- C:\Windows\system32\wpdshext.dll
2009-11-03 07:09:47 ----A---- C:\Windows\system32\WpdMtp.dll
2009-11-03 07:09:47 ----A---- C:\Windows\system32\wpd_ci.dll
2009-11-03 07:09:47 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-11-03 07:09:47 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-11-03 07:09:47 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-11-03 07:09:46 ----A---- C:\Windows\system32\WPDSp.dll
2009-11-03 07:09:46 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-11-03 07:07:52 ----A---- C:\Windows\system32\oleaccrc.dll
2009-11-03 07:07:50 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-11-03 07:07:50 ----A---- C:\Windows\system32\oleacc.dll
2009-10-30 05:57:01 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-30 05:56:34 ----A---- C:\Windows\system32\wmp.dll
2009-10-30 05:55:28 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-27 15:25:36 ----D---- C:\Users\Andy\AppData\Roaming\HotzAdam
2009-10-21 18:02:36 ----D---- C:\Program Files\Microsoft SQL Server
2009-10-21 18:02:29 ----D---- C:\Program Files\Microsoft Silverlight
2009-10-21 18:02:18 ----D---- C:\Program Files\Microsoft Synchronization Services
2009-10-21 18:02:17 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-10-21 17:56:08 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2009-10-21 17:55:14 ----D---- C:\Program Files\Microsoft SDKs
2009-10-19 19:58:42 ----D---- C:\Users\Andy\AppData\Roaming\Dev-Cpp
2009-10-14 14:44:45 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-14 14:44:36 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-14 14:44:36 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-14 14:44:30 ----A---- C:\Windows\system32\msasn1.dll
2009-10-14 14:43:50 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-09 18:30:19 ----D---- C:\Program Files\AIM6
2009-10-03 12:46:59 ----D---- C:\Users\Andy\AppData\Roaming\Hamachi

======List of files/folders modified in the last 3 months======

2010-01-02 21:17:07 ----D---- C:\Windows\Prefetch
2010-01-02 21:16:59 ----D---- C:\Windows\Temp
2010-01-02 21:16:12 ----D---- C:\Users\Andy\AppData\Roaming\DMCache
2010-01-02 21:02:14 ----SHD---- C:\System Volume Information
2010-01-02 20:17:58 ----AD---- C:\Windows\System32
2010-01-02 17:24:56 ----D---- C:\Windows\system32\drivers
2010-01-02 14:18:44 ----D---- C:\Windows
2010-01-01 12:34:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-01 12:34:48 ----D---- C:\Windows\inf
2009-12-30 22:52:28 ----D---- C:\Windows\system32\config
2009-12-29 16:02:47 ----D---- C:\Windows\Debug
2009-12-28 13:04:15 ----D---- C:\Program Files\Mozilla Firefox
2009-12-27 14:11:19 ----RD---- C:\Program Files
2009-12-27 14:11:19 ----HD---- C:\ProgramData
2009-12-27 13:34:01 ----D---- C:\Windows\system32\catroot
2009-12-27 13:31:22 ----SHD---- C:\Windows\Installer
2009-12-25 08:15:24 ----D---- C:\Windows\system32\catroot2
2009-12-23 14:12:58 ----SHD---- C:\Boot
2009-12-22 09:47:19 ----D---- C:\ProgramData\Google
2009-12-22 09:47:18 ----D---- C:\Program Files\Google
2009-12-22 09:47:15 ----D---- C:\Windows\Tasks
2009-12-21 21:51:58 ----RSD---- C:\Windows\Fonts
2009-12-18 06:50:21 ----D---- C:\Program Files\McAfee
2009-12-09 17:30:57 ----D---- C:\Windows\rescache
2009-12-09 17:12:37 ----D---- C:\Windows\winsxs
2009-12-09 16:59:08 ----D---- C:\Windows\system32\migration
2009-12-09 16:59:05 ----D---- C:\Program Files\Internet Explorer
2009-12-09 16:59:04 ----D---- C:\Windows\system32\en-US
2009-12-09 16:59:03 ----D---- C:\Program Files\Windows Mail
2009-12-03 17:20:46 ----D---- C:\Program Files\Common Files
2009-12-01 20:28:58 ----D---- C:\Nexon
2009-12-01 19:08:05 ----D---- C:\ProgramData\McAfee
2009-12-01 12:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-11-21 18:41:14 ----D---- C:\Windows\system32\LogFiles
2009-11-11 08:52:43 ----D---- C:\Windows\system32\Msdtc
2009-11-11 08:52:38 ----D---- C:\Windows\system32\wbem
2009-11-11 08:51:35 ----D---- C:\Windows\system32\spool
2009-11-11 08:51:35 ----D---- C:\Windows\system32\CodeIntegrity
2009-11-11 08:51:30 ----D---- C:\Windows\registration
2009-11-07 10:53:54 ----D---- C:\ProgramData\Ten Thumbs Typing Tutor
2009-11-06 17:22:50 ----SD---- C:\Users\Andy\AppData\Roaming\Microsoft
2009-11-03 15:45:27 ----D---- C:\Windows\system32\Tasks
2009-11-03 07:14:06 ----D---- C:\Windows\system32\pt-BR
2009-11-03 07:14:05 ----D---- C:\Windows\system32\uk-UA
2009-11-03 07:14:05 ----D---- C:\Windows\system32\pt-PT
2009-11-03 07:14:05 ----D---- C:\Windows\system32\pl-PL
2009-11-03 07:14:05 ----D---- C:\Windows\system32\ko-KR
2009-11-03 07:14:05 ----D---- C:\Windows\system32\it-IT
2009-11-03 07:14:05 ----D---- C:\Windows\system32\he-IL
2009-11-03 07:14:05 ----D---- C:\Windows\system32\bg-BG
2009-11-03 07:14:04 ----D---- C:\Windows\system32\zh-HK
2009-11-03 07:14:04 ----D---- C:\Windows\system32\sl-SI
2009-11-03 07:14:04 ----D---- C:\Windows\system32\nl-NL
2009-11-03 07:14:04 ----D---- C:\Windows\system32\hu-HU
2009-11-03 07:14:04 ----D---- C:\Windows\system32\hr-HR
2009-11-03 07:14:04 ----D---- C:\Windows\system32\el-GR
2009-11-03 07:14:03 ----D---- C:\Windows\system32\tr-TR
2009-11-03 07:14:03 ----D---- C:\Windows\system32\th-TH
2009-11-03 07:14:03 ----D---- C:\Windows\system32\sv-SE
2009-11-03 07:14:03 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-03 07:14:03 ----D---- C:\Windows\system32\fr-FR
2009-11-03 07:14:03 ----D---- C:\Windows\system32\fi-FI
2009-11-03 07:14:02 ----D---- C:\Windows\system32\zh-TW
2009-11-03 07:14:02 ----D---- C:\Windows\system32\sk-SK
2009-11-03 07:14:02 ----D---- C:\Windows\system32\lv-LV
2009-11-03 07:14:02 ----D---- C:\Windows\system32\lt-LT
2009-11-03 07:14:02 ----D---- C:\Windows\system32\et-EE
2009-11-03 07:14:02 ----D---- C:\Windows\system32\es-ES
2009-11-03 07:14:02 ----D---- C:\Windows\system32\de-DE
2009-11-03 07:14:01 ----D---- C:\Windows\system32\zh-CN
2009-11-03 07:14:01 ----D---- C:\Windows\system32\ro-RO
2009-11-03 07:14:01 ----D---- C:\Windows\system32\ja-JP
2009-11-03 07:14:01 ----D---- C:\Windows\system32\cs-CZ
2009-11-03 07:14:01 ----D---- C:\Windows\system32\ar-SA
2009-11-03 07:14:00 ----D---- C:\Windows\system32\ru-RU
2009-11-03 07:14:00 ----D---- C:\Windows\system32\nb-NO
2009-11-03 07:14:00 ----D---- C:\Windows\system32\da-DK
2009-11-02 20:42:06 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-30 06:13:10 ----D---- C:\Program Files\Windows Media Player
2009-10-21 18:20:01 ----D---- C:\Windows\Microsoft.NET
2009-10-21 18:19:48 ----RSD---- C:\Windows\assembly
2009-10-21 18:02:23 ----SD---- C:\ProgramData\Microsoft
2009-10-21 18:02:00 ----D---- C:\ProgramData\Microsoft Help
2009-10-21 17:56:25 ----D---- C:\Program Files\Common Files\microsoft shared
2009-10-21 17:05:46 ----D---- C:\Program Files\Java
2009-10-12 18:21:14 ----D---- C:\Program Files\Common Files\AOL
2009-10-12 18:21:07 ----D---- C:\ProgramData\Viewpoint
2009-10-09 18:30:49 ----SD---- C:\Windows\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 afw;Agnitum Firewall Driver; C:\Windows\system32\DRIVERS\afw.sys [2009-02-18 29208]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424]
R1 SandBox;SandBox; \??\C:\Windows\system32\drivers\SandBox.sys [2009-04-06 704384]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 afwcore;afwcore; C:\Windows\system32\drivers\afwcore.sys [2009-02-10 307224]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-04-23 26176]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-05-31 1774080]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-18 1841312]
R3 KeyScrambler;KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [2009-01-18 114024]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-09-16 40552]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-07-13 50688]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-06-01 252416]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-06-22 187440]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory V55\npkcrypt.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 msloop;Microsoft Loopback Adapter Driver; C:\Windows\system32\DRIVERS\loop.sys [2008-01-18 6656]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2006-11-09 219264]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2006-11-09 211072]
S4 KR3NPXP;KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [2006-09-27 479488]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 94208]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640]
R2 pinger;pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [2007-01-25 136816]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2007-01-25 63096]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-02-27 185640]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-07-26 77824]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-06-09 603904]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2009-04-28 1195008]
S2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Program Files\MySQL\MySQL Server 5.1\my.ini MySQL []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-08-09 1862144]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-13 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-06-09 360192]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -k runservice []
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe wampmysqld []

-----------------EOF-----------------
dragon910
Active Member
 
Posts: 13
Joined: December 27th, 2009, 3:38 pm

Re: My HiJackThis Log

Unread postby dragon910 » January 3rd, 2010, 1:26 am

RSIT info.txt
info.txt logfile of random's system information tool 1.06 2010-01-02 21:17:58

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
Accessibility-->C:\Program Files\InstallShield Installation Information\{2C544254-39F2-4ACA-B779-ABF7297C96CF}\setup.exe -runfromtemp -l0x0009 -removeonly
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoImpression 6-->C:\Program Files\InstallShield Installation Information\{D03E7B00-CA85-4684-9321-1888873C34BD}\Setup.exe -runfromtemp -l0x0009 -removeonly
ArcSoft Print Creations-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}\Setup.exe" -l0x9
ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\setup.exe -runfromtemp -l0x0009 -removeonly
BitSpirit v3.5.0.275 Stable-->"C:\Program Files\BitSpirit\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0009 -removeonly
Combat Arms-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US
Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
EPSON CX8400 User's Guide-->C:\Program Files\epson\guide\cx8400_e\uninstall.exe
EPSON Printer Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX8400 Series Scanner Driver Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}\Setup.exe" -l0x9
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Game Booster-->"C:\Program Files\IObit\Game Booster\unins000.exe"
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Gus Verdun's RX-Plugin-->C:\Program Files\Gus Verdun\uninstallrxplugin.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
KeyScrambler-->C:\Program Files\KeyScrambler\uninstall.exe
LogMeIn Hamachi-->C:\Windows\system32\\msiexec.exe /i {067EC517-9731-43FD-B4D5-296EE0027BBB} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{067EC517-9731-43FD-B4D5-296EE0027BBB}
MapleStory-->MsiExec.exe /I{3062D9D0-0EF0-4F0D-9575-26013FF60FC9}
MapleStory-->MsiExec.exe /I{C19AB6C4-BBD0-49EF-927D-9C7CB80BC0B0}
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
Microsoft SQL Server Compact 3.5 SP1 Design Tools English-->MsiExec.exe /X{0C19D563-5F25-4621-BF10-01F741BD283F}
Microsoft SQL Server Compact 3.5 SP1 English-->MsiExec.exe /I{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition with SP1 - ENU\setup.exe
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU-->MsiExec.exe /X{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu-->MsiExec.exe /X{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
Mozilla Firefox (3.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 -removeonly
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
Outpost Firewall 2009-->"C:\Program Files\Agnitum\Outpost Firewall\unins000.exe"
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
Ten Thumbs 4.7-->"C:\Program Files\Ten Thumbs Typing Tutor 4.7\unins000.exe"
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x0009 uninstall
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
Toshiba Registration-->MsiExec.exe /I{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com

======Security center information======

FW: Outpost Firewall (disabled)
AS: Windows Defender

======System event log======

Computer Name: Andy-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 54164
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090816152135.034176-000
Event Type: Error
User:

Computer Name: Andy-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 54152
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090816053035.536800-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Andy-PC
Event Code: 7000
Message: The EagleNT service failed to start due to the following error:
The system cannot find the file specified.
Record Number: 54129
Source Name: Service Control Manager
Time Written: 20090816002949.000000-000
Event Type: Error
User:

Computer Name: Andy-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 54013
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090815204005.212549-000
Event Type: Error
User:

Computer Name: Andy-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 54003
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090815163803.205200-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Andy-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {a9628444-cddc-4dab-86fd-03e56a4e06ed}
Record Number: 843
Source Name: VSS
Time Written: 20090609024529.000000-000
Event Type: Error
User:

Computer Name: Andy-PC
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0
Record Number: 830
Source Name: MsiInstaller
Time Written: 20090609024248.000000-000
Event Type: Warning
User: Andy-PC\Andy

Computer Name: Andy-PC
Event Code: 1533
Message: Windows cannot delete the profile directory C:\Users\Administrator. This error may be caused by files in this directory being used by another program.

DETAIL - The directory is not empty.
Record Number: 812
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090609022945.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Andy-PC
Event Code: 5007
Message: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Record Number: 804
Source Name: WerSvc
Time Written: 20090609022936.000000-000
Event Type: Error
User:

Computer Name: Andy-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 795
Source Name: Microsoft-Windows-Search
Time Written: 20090609022908.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: Andy-PC
Event Code: 4647
Message: User initiated logoff:

Subject:
Security ID: S-1-5-21-752062067-2629128311-3012230091-500
Account Name: Administrator
Account Domain: LH-KMTC5G8I0LPR
Logon ID: 0x2da36

This event is generated when a logoff is initiated but the token reference count is not zero and the logon session cannot be destroyed. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 1020
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090609021144.043400-000
Event Type: Audit Success
User:

Computer Name: LH-KMTC5G8I0LPR
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x21bbd

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 1019
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090609021142.686200-000
Event Type: Audit Success
User:

Computer Name: LH-KMTC5G8I0LPR
Event Code: 4616
Message: The system time was changed.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Process Information:
Process ID: 0x4bc
Name: C:\Windows\System32\svchost.exe

Previous Time: 7:11:42 PM 6/8/2009
New Time: 7:11:42 PM 6/8/2009

This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Record Number: 1018
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090609021142.499000-000
Event Type: Audit Success
User:

Computer Name: LH-KMTC5G8I0LPR
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 1017
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090609021142.577000-000
Event Type: Audit Success
User:

Computer Name: LH-KMTC5G8I0LPR
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-752062067-2629128311-3012230091-500
Account Name: Administrator
Domain Name: LH-KMTC5G8I0LPR
Logon ID: 0x2da36
Record Number: 1016
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090609021131.657361-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
dragon910
Active Member
 
Posts: 13
Joined: December 27th, 2009, 3:38 pm

Re: My HiJackThis Log

Unread postby Wingman » January 4th, 2010, 11:29 am

Hello dragon910,

The good news is I didn't see any apparent signs of malware in your logs. There are a few thing we can take care of and one file I would like you to check with an online scanner. There are some applications that need to be updated, which we will address shortly.

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me.
Please read these instructions carefully before executing and then perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.


Step 1.
ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.
ERUNT utility program
Download:

  1. Please download ERUNT...by Lars Hederer. Save it to your desktop.
  2. Double-click erunt-setup-exe to run the install process. Install ERUNT by following the prompts.
    VISTA users must right-click erunt-setup-exe, select "Run As Administrator" to run the install process. Install by following prompts.
  3. Use the default install settings... say "NO" to the section that asks you to add ERUNT to the Start-Up folder. You can enable this later.
  4. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
    VISTA users must right-click the desktop icon, select "Run As Administrator" or start it at the end of the setup process.
  5. Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is fine.
  6. Make sure the first two check boxes are selected.
  7. Click on OK ... then click on "YES" to create the folder.
Run:
This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.
  1. Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
    Vista users: Right-click on ERUNT in the menu, then select "Run As Administrator". If UAC prompts, please allow it.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
Online Multi Antivirus file scan
Please go to either: Jotti or Virus Total and upload -only one file per scan- the following file(s) for scanning:

C:\Windows\system32\SpOrder.dll

Using Jotti
  1. Choose the appropriate language... once a language is selected, you'll see a message "Ready to receive files"
  2. Please copy and paste... the above full path and file name(s)...in the text box next to the Browse button.
  3. Click on Submit..button.
      If you receive the message: This file has been scanned before. The results for this previous scan are listed below.
      Please press the Scan again button, so your file will be scanned.
  4. The file will be uploaded and scanned by various antivirus scanners..this may take a few minutes.
  5. When all scans have completed... Highlight the results text from the Jotti's malware scan box.
  6. Copy the selected text... Open Notepad... Paste the contents into Notepad... Save the file to a convenient place.
  7. Paste the contents of all the Jotti scan results in your next reply.

Using Virus Total
  1. Please copy and paste... the above full path and file name(s)...in the text box next to the Browse button.
  2. Click on Send File...button.
  3. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  4. When the scan is completed...press the "Compact" icon
  5. The results will be shown in a grid like window... right-click on the text, choose Select All, then Copy the entire contents.
  6. Open Notepad...Paste the result contents into the Notepad window...Save this file to a convenient place.
  7. Paste the contents of all the Virus Total results in your next reply.

Step 3.
SReng - System Repair Engineer ...from KZTechs.COM.
Repair File Associations
If you already have SREng by Smallfrogs, please delete it and download again to ensure you get the most recent version.
Download SREng ... © Smallfrogs ... save the .zip file to your desktop.
  1. Extract SREngLdr.EXE to your Desktop...then double-click to run it.
    Using VISTA: you must right click on SREngLdr.EXE, then select "Run As Administrator", to run it.
  2. Select System Repair from the left pane.
  3. Click on the File Association...tab.
  4. Check each entry that has an Error status...then click the Repair button.
  5. Refer to this image for an example:
    Image
  6. In the above example (only) ... it would be .TXT, .REG, .SCR and .INI file associations that need repairing.
    Your case may be different...
  7. Once finished... Close and Exit SREng.

Step 4.
RSIT (Random's System Information Tool)
You should still have this program on your desktop. If so, just ignore the download instructions.
Please download RSIT by random/random... save it to your desktop.
Attention!
In order for both info and log files to be produced again, I need you to delete the existing RSIT folder:
  1. C:\RSIT <-- delete this entire folder , then...
  2. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  3. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... 2 (Notepad) text files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.
    (These logs can be lengthy, so post 1 log per reply please.)

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Jotti or Virus Total scan results
  3. RSIT log.txt and info.txt file contents
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: My HiJackThis Log

Unread postby dragon910 » January 6th, 2010, 8:27 pm

1. There were no problems executing the instructions.
4. The computer is behaving normally.
2. VirusTotal Scan Results

File SpOrder.dll received on 2010.01.07 00:14:15 (UTC)
Antivirus Version Last Update Result
a-squared 4.5.0.48 2010.01.07 -
AhnLab-V3 5.0.0.2 2010.01.06 -
AntiVir 7.9.1.122 2009.12.31 -
Antiy-AVL 2.0.3.7 2010.01.06 -
Authentium 5.2.0.5 2010.01.06 -
Avast 4.8.1351.0 2010.01.06 -
AVG 8.5.0.430 2010.01.04 -
BitDefender 7.2 2010.01.06 -
CAT-QuickHeal 10.00 2010.01.05 -
ClamAV 0.94.1 2010.01.06 -
Comodo 3490 2010.01.06 -
DrWeb 5.0.1.12222 2010.01.06 -
eSafe 7.0.17.0 2010.01.06 -
eTrust-Vet 35.1.7219 2010.01.06 -
F-Prot 4.5.1.85 2010.01.06 -
F-Secure 9.0.15370.0 2010.01.06 -
Fortinet 4.0.14.0 2010.01.07 -
GData 19 2010.01.06 -
Ikarus T3.1.1.79.0 2010.01.06 -
Jiangmin 13.0.900 2010.01.06 -
K7AntiVirus 7.10.940 2010.01.06 -
Kaspersky 7.0.0.125 2010.01.07 -
McAfee 5853 2010.01.06 -
McAfee+Artemis 5853 2010.01.06 -
McAfee-GW-Edition 6.8.5 2010.01.06 -
Microsoft 1.5302 2010.01.07 -
NOD32 4749 2010.01.06 -
nProtect 2009.1.8.0 2010.01.06 -
Panda 10.0.2.2 2010.01.06 -
PCTools 7.0.3.5 2010.01.07 -
Prevx 3.0 2010.01.07 -
Rising 22.29.02.06 2010.01.06 -
Sophos 4.49.0 2010.01.07 -
Sunbelt 3.2.1858.2 2010.01.07 -
Symantec 20091.2.0.41 2010.01.06 -
TheHacker 6.5.0.3.137 2010.01.06 -
TrendMicro 9.120.0.1004 2010.01.06 -
VBA32 3.12.12.1 2010.01.06 -
ViRobot 2010.1.6.2124 2010.01.06 -
VirusBuster 5.0.21.0 2010.01.06 -
Additional information
File size: 8704 bytes
MD5...: a082e5473b2a9a4d846ed7ddf637ac76
SHA1..: 1703f7969a6e76f8458eda3e8e40fd115c0bfdc3
SHA256: 73f7171c2af70ccf8ee4c49626fb456807a6a668f6a967298dcd5ed29773bd2a
ssdeep: 192:M1+NFZv/IcZvJIRTCf0MON8JfhW1qoX8W:TzZvAcZx5sMLW1xX8W<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1130<br>timedatestamp.....: 0x3e80257c (Tue Mar 25 09:46:36 2003)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xfe5 0x1000 6.13 b983f1dea7c4c42cd1c9d999bcf776a5<br>.data 0x2000 0x1a0188 0x200 3.50 4b7dad49a38caf94045bb119b8276305<br>.rsrc 0x1a3000 0x400 0x400 3.37 8e3390b69862c290438ce7b852cff3e2<br>.reloc 0x1a4000 0x75c 0x800 1.30 d8ea031013e200818ba1022628518f0d<br><br>( 2 imports ) <br>&gt; KERNEL32.dll: WaitForSingleObject, CreateMutexA, GetProcAddress, GetModuleHandleA, lstrlenA, QueryPerformanceCounter, lstrcmpA, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, lstrcpyA, lstrcatA, ReleaseMutex, CloseHandle, GetTickCount<br>&gt; ADVAPI32.dll: RegQueryValueExA, RegCloseKey, RegEnumKeyExA, RegSetValueExA, RegOpenKeyExA<br><br>( 2 exports ) <br>WSCWriteNameSpaceOrder, WSCWriteProviderOrder<br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: WinSock2 reorder service providers<br>original name: sporder.dll<br>internal name: sporder.dll<br>file version.: 5.2.3790.0 (srv03_rtm.030324-2048)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
dragon910
Active Member
 
Posts: 13
Joined: December 27th, 2009, 3:38 pm

Re: My HiJackThis Log

Unread postby dragon910 » January 6th, 2010, 8:28 pm

3. RSIT log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by Andy at 2010-01-06 16:21:19
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 34 GB (45%) free of 75 GB
Total RAM: 1014 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:42 PM, on 1/6/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\KeyScrambler\KeyScrambler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Andy\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Andy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: [Internet Media][AS12008][204.69.234.0 - 204.69.234.255]
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe /a
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BA2E328-50AF-446B-A44C-BC131CB3F659}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{872D7EC5-B036-4FA0-9D70-2D42C4F0BF46}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{7BA2E328-50AF-446B-A44C-BC131CB3F659}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll c:\progra~1\google\google~2\goec62~1.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe (file missing)

--
End of file - 12207 bytes

======Scheduled tasks folder======

C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-01-22 161200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}]
KeyScramblerBHO Class - C:\Program Files\KeyScrambler\KeyScramblerIE.dll [2009-03-24 833776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-08-04 5960520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-12 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-12 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-08-04 5960520]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]
{DE9C389F-3316-41A7-809B-AA305ED9D922}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-12 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-22 894248]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-06 4669440]
"Skytel"=C:\Windows\Skytel.exe [2007-06-15 1826816]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-06-06 142104]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-06-06 154392]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-06-06 138008]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"KeyScrambler"=C:\Program Files\KeyScrambler\keyscrambler.exe [2009-03-24 510704]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-07-07 1176808]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2009-04-28 2374464]
"OutpostFeedBack"=C:\Program Files\Agnitum\Outpost Firewall\feedback.exe [2009-04-28 428032]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=TOSCDSPD.EXE []
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1145860967]
C:\Program Files\Toshiba Registration\Registration.exe [2007-03-19 65603]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX8400 Series]
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE [2007-02-15 179200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-08-09 1862144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-13 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~1\agnitum\outpos~1\wl_hook.dll c:\progra~1\google\google~2\goec62~1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-05-31 200704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 3 months======

2010-01-06 16:21:19 ----D---- C:\rsit
2010-01-06 16:13:04 ----D---- C:\Windows\ERDNT
2010-01-06 16:12:19 ----D---- C:\Program Files\ERUNT
2010-01-01 12:28:23 ----D---- C:\Windows\Minidump
2009-12-27 14:11:19 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-12-27 14:11:19 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-27 13:40:57 ----D---- C:\Program Files\SpywareBlaster
2009-12-27 13:29:56 ----D---- C:\Program Files\Agnitum
2009-12-27 13:29:34 ----D---- C:\ProgramData\Agnitum
2009-12-27 11:34:59 ----D---- C:\Program Files\Trend Micro
2009-12-24 14:21:13 ----A---- C:\Windows\system32\SpOrder.dll
2009-12-24 14:21:09 ----A---- C:\Windows\system32\VistaInfo32.dll
2009-12-10 19:26:20 ----D---- C:\Users\Andy\AppData\Roaming\gtk-2.0
2009-12-09 16:47:40 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 16:47:39 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 16:47:37 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 16:47:37 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 16:47:37 ----A---- C:\Windows\system32\iertutil.dll
2009-12-09 16:47:36 ----A---- C:\Windows\system32\occache.dll
2009-12-09 16:47:36 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-09 16:47:36 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-09 16:47:34 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-09 16:47:34 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-09 16:47:34 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-09 16:47:34 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 16:47:34 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-09 16:47:34 ----A---- C:\Windows\system32\iepeers.dll
2009-12-09 16:47:33 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-09 16:47:33 ----A---- C:\Windows\system32\iesetup.dll
2009-12-09 16:47:33 ----A---- C:\Windows\system32\iernonce.dll
2009-12-09 16:47:33 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-09 16:21:35 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 16:18:01 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-09 16:18:01 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 16:16:29 ----A---- C:\Windows\system32\rastls.dll
2009-12-03 17:30:55 ----D---- C:\Users\Andy\AppData\Roaming\Apple Computer
2009-12-03 17:29:52 ----A---- C:\Windows\system32\GEARAspi.dll
2009-12-03 17:29:51 ----DC---- C:\Windows\system32\DRVSTORE
2009-12-03 17:28:13 ----D---- C:\Program Files\iPod
2009-12-03 17:28:09 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-03 17:28:09 ----D---- C:\Program Files\iTunes
2009-12-03 17:26:39 ----D---- C:\Program Files\Bonjour
2009-12-03 17:24:57 ----D---- C:\Program Files\QuickTime
2009-12-03 17:24:55 ----D---- C:\ProgramData\Apple Computer
2009-12-03 17:24:11 ----D---- C:\Program Files\Apple Software Update
2009-12-03 17:20:46 ----D---- C:\ProgramData\Apple
2009-12-03 17:20:46 ----D---- C:\Program Files\Common Files\Apple
2009-11-28 19:27:30 ----D---- C:\ProgramData\Nexon
2009-11-25 16:26:14 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 07:18:04 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 07:18:04 ----A---- C:\Windows\system32\msxml3.dll
2009-11-24 16:53:44 ----D---- C:\ProgramData\MySQL
2009-11-18 22:11:02 ----D---- C:\Users\Andy\AppData\Roaming\MySQL
2009-11-11 17:49:20 ----A---- C:\Windows\system32\WSDApi.dll
2009-11-06 19:51:23 ----D---- C:\Program Files\GIMP-2.0
2009-11-05 16:09:35 ----D---- C:\Users\Andy\AppData\Roaming\GetRightToGo
2009-11-04 06:45:22 ----D---- C:\Program Files\LogMeIn Hamachi
2009-11-03 15:56:04 ----A---- C:\Windows\system32\wups2.dll
2009-11-03 15:56:03 ----A---- C:\Windows\system32\wucltux.dll
2009-11-03 15:56:03 ----A---- C:\Windows\system32\wuaueng.dll
2009-11-03 15:56:03 ----A---- C:\Windows\system32\wuauclt.exe
2009-11-03 15:55:17 ----A---- C:\Windows\system32\wups.dll
2009-11-03 15:55:17 ----A---- C:\Windows\system32\wudriver.dll
2009-11-03 15:55:17 ----A---- C:\Windows\system32\wuapi.dll
2009-11-03 15:54:54 ----A---- C:\Windows\system32\wuwebv.dll
2009-11-03 15:54:54 ----A---- C:\Windows\system32\wuapp.exe
2009-11-03 07:14:15 ----D---- C:\Program Files\Windows Portable Devices
2009-11-03 07:11:41 ----A---- C:\Windows\system32\UIAnimation.dll
2009-11-03 07:11:38 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-11-03 07:11:38 ----A---- C:\Windows\system32\UIRibbon.dll
2009-11-03 07:10:54 ----A---- C:\Windows\system32\WMPhoto.dll
2009-11-03 07:10:50 ----A---- C:\Windows\system32\cdd.dll
2009-11-03 07:10:47 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-11-03 07:10:47 ----A---- C:\Windows\system32\d3d10warp.dll
2009-11-03 07:10:46 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-11-03 07:10:46 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-11-03 07:10:46 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-11-03 07:10:46 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-11-03 07:10:46 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-11-03 07:10:46 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-11-03 07:10:46 ----A---- C:\Windows\system32\dxdiagn.dll
2009-11-03 07:10:46 ----A---- C:\Windows\system32\dxdiag.exe
2009-11-03 07:10:46 ----A---- C:\Windows\system32\d2d1.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\xpsservices.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\XpsPrint.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\OpcServices.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\FntCache.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\dxgi.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\DWrite.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\d3d11.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\d3d10level9.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\d3d10core.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-11-03 07:10:44 ----A---- C:\Windows\system32\d3d10_1.dll
2009-11-03 07:10:44 ----A---- C:\Windows\system32\d3d10.dll
2009-11-03 07:10:10 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-11-03 07:10:10 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-11-03 07:10:10 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-11-03 07:09:56 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-11-03 07:09:48 ----A---- C:\Windows\system32\WpdMtpUS.dll
2009-11-03 07:09:48 ----A---- C:\Windows\system32\WpdConns.dll
2009-11-03 07:09:47 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-11-03 07:09:47 ----A---- C:\Windows\system32\wpdshext.dll
2009-11-03 07:09:47 ----A---- C:\Windows\system32\WpdMtp.dll
2009-11-03 07:09:47 ----A---- C:\Windows\system32\wpd_ci.dll
2009-11-03 07:09:47 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-11-03 07:09:47 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-11-03 07:09:47 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-11-03 07:09:46 ----A---- C:\Windows\system32\WPDSp.dll
2009-11-03 07:09:46 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-11-03 07:07:52 ----A---- C:\Windows\system32\oleaccrc.dll
2009-11-03 07:07:50 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-11-03 07:07:50 ----A---- C:\Windows\system32\oleacc.dll
2009-10-30 05:57:01 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-30 05:56:34 ----A---- C:\Windows\system32\wmp.dll
2009-10-30 05:55:28 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-27 15:25:36 ----D---- C:\Users\Andy\AppData\Roaming\HotzAdam
2009-10-21 18:02:36 ----D---- C:\Program Files\Microsoft SQL Server
2009-10-21 18:02:29 ----D---- C:\Program Files\Microsoft Silverlight
2009-10-21 18:02:18 ----D---- C:\Program Files\Microsoft Synchronization Services
2009-10-21 18:02:17 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-10-21 17:56:08 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2009-10-21 17:55:14 ----D---- C:\Program Files\Microsoft SDKs
2009-10-19 19:58:42 ----D---- C:\Users\Andy\AppData\Roaming\Dev-Cpp
2009-10-14 14:44:45 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-14 14:44:36 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-14 14:44:36 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-14 14:44:30 ----A---- C:\Windows\system32\msasn1.dll
2009-10-14 14:43:50 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-09 18:30:19 ----D---- C:\Program Files\AIM6

======List of files/folders modified in the last 3 months======

2010-01-06 16:21:35 ----D---- C:\Windows\Temp
2010-01-06 16:20:28 ----D---- C:\Users\Andy\AppData\Roaming\DMCache
2010-01-06 16:19:04 ----D---- C:\Windows\Prefetch
2010-01-06 16:13:04 ----D---- C:\Windows
2010-01-06 16:12:19 ----RD---- C:\Program Files
2010-01-06 06:55:19 ----D---- C:\Program Files\Mozilla Firefox
2010-01-05 22:36:03 ----AD---- C:\Windows\System32
2010-01-05 22:36:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-05 22:36:02 ----D---- C:\Windows\inf
2010-01-04 07:00:38 ----SHD---- C:\System Volume Information
2010-01-02 22:15:23 ----D---- C:\Windows\system32\drivers
2009-12-30 22:52:28 ----D---- C:\Windows\system32\config
2009-12-29 16:02:47 ----D---- C:\Windows\Debug
2009-12-27 14:11:19 ----HD---- C:\ProgramData
2009-12-27 13:34:01 ----D---- C:\Windows\system32\catroot
2009-12-27 13:31:22 ----SHD---- C:\Windows\Installer
2009-12-25 08:15:24 ----D---- C:\Windows\system32\catroot2
2009-12-23 14:12:58 ----SHD---- C:\Boot
2009-12-22 09:47:19 ----D---- C:\ProgramData\Google
2009-12-22 09:47:18 ----D---- C:\Program Files\Google
2009-12-22 09:47:15 ----D---- C:\Windows\Tasks
2009-12-21 21:51:58 ----RSD---- C:\Windows\Fonts
2009-12-18 06:50:21 ----D---- C:\Program Files\McAfee
2009-12-09 17:30:57 ----D---- C:\Windows\rescache
2009-12-09 17:12:37 ----D---- C:\Windows\winsxs
2009-12-09 16:59:08 ----D---- C:\Windows\system32\migration
2009-12-09 16:59:05 ----D---- C:\Program Files\Internet Explorer
2009-12-09 16:59:04 ----D---- C:\Windows\system32\en-US
2009-12-09 16:59:03 ----D---- C:\Program Files\Windows Mail
2009-12-03 17:20:46 ----D---- C:\Program Files\Common Files
2009-12-01 20:28:58 ----D---- C:\Nexon
2009-12-01 19:08:05 ----D---- C:\ProgramData\McAfee
2009-12-01 12:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-11-21 18:41:14 ----D---- C:\Windows\system32\LogFiles
2009-11-11 08:52:43 ----D---- C:\Windows\system32\Msdtc
2009-11-11 08:52:38 ----D---- C:\Windows\system32\wbem
2009-11-11 08:51:35 ----D---- C:\Windows\system32\spool
2009-11-11 08:51:35 ----D---- C:\Windows\system32\CodeIntegrity
2009-11-11 08:51:30 ----D---- C:\Windows\registration
2009-11-07 10:53:54 ----D---- C:\ProgramData\Ten Thumbs Typing Tutor
2009-11-06 17:22:50 ----SD---- C:\Users\Andy\AppData\Roaming\Microsoft
2009-11-03 15:45:27 ----D---- C:\Windows\system32\Tasks
2009-11-03 07:14:06 ----D---- C:\Windows\system32\pt-BR
2009-11-03 07:14:05 ----D---- C:\Windows\system32\uk-UA
2009-11-03 07:14:05 ----D---- C:\Windows\system32\pt-PT
2009-11-03 07:14:05 ----D---- C:\Windows\system32\pl-PL
2009-11-03 07:14:05 ----D---- C:\Windows\system32\ko-KR
2009-11-03 07:14:05 ----D---- C:\Windows\system32\it-IT
2009-11-03 07:14:05 ----D---- C:\Windows\system32\he-IL
2009-11-03 07:14:05 ----D---- C:\Windows\system32\bg-BG
2009-11-03 07:14:04 ----D---- C:\Windows\system32\zh-HK
2009-11-03 07:14:04 ----D---- C:\Windows\system32\sl-SI
2009-11-03 07:14:04 ----D---- C:\Windows\system32\nl-NL
2009-11-03 07:14:04 ----D---- C:\Windows\system32\hu-HU
2009-11-03 07:14:04 ----D---- C:\Windows\system32\hr-HR
2009-11-03 07:14:04 ----D---- C:\Windows\system32\el-GR
2009-11-03 07:14:03 ----D---- C:\Windows\system32\tr-TR
2009-11-03 07:14:03 ----D---- C:\Windows\system32\th-TH
2009-11-03 07:14:03 ----D---- C:\Windows\system32\sv-SE
2009-11-03 07:14:03 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-03 07:14:03 ----D---- C:\Windows\system32\fr-FR
2009-11-03 07:14:03 ----D---- C:\Windows\system32\fi-FI
2009-11-03 07:14:02 ----D---- C:\Windows\system32\zh-TW
2009-11-03 07:14:02 ----D---- C:\Windows\system32\sk-SK
2009-11-03 07:14:02 ----D---- C:\Windows\system32\lv-LV
2009-11-03 07:14:02 ----D---- C:\Windows\system32\lt-LT
2009-11-03 07:14:02 ----D---- C:\Windows\system32\et-EE
2009-11-03 07:14:02 ----D---- C:\Windows\system32\es-ES
2009-11-03 07:14:02 ----D---- C:\Windows\system32\de-DE
2009-11-03 07:14:01 ----D---- C:\Windows\system32\zh-CN
2009-11-03 07:14:01 ----D---- C:\Windows\system32\ro-RO
2009-11-03 07:14:01 ----D---- C:\Windows\system32\ja-JP
2009-11-03 07:14:01 ----D---- C:\Windows\system32\cs-CZ
2009-11-03 07:14:01 ----D---- C:\Windows\system32\ar-SA
2009-11-03 07:14:00 ----D---- C:\Windows\system32\ru-RU
2009-11-03 07:14:00 ----D---- C:\Windows\system32\nb-NO
2009-11-03 07:14:00 ----D---- C:\Windows\system32\da-DK
2009-11-02 20:42:06 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-30 06:13:10 ----D---- C:\Program Files\Windows Media Player
2009-10-21 18:20:01 ----D---- C:\Windows\Microsoft.NET
2009-10-21 18:19:48 ----RSD---- C:\Windows\assembly
2009-10-21 18:02:23 ----SD---- C:\ProgramData\Microsoft
2009-10-21 18:02:00 ----D---- C:\ProgramData\Microsoft Help
2009-10-21 17:56:25 ----D---- C:\Program Files\Common Files\microsoft shared
2009-10-21 17:05:46 ----D---- C:\Program Files\Java
2009-10-12 18:21:14 ----D---- C:\Program Files\Common Files\AOL
2009-10-12 18:21:07 ----D---- C:\ProgramData\Viewpoint
2009-10-09 18:30:49 ----SD---- C:\Windows\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 afw;Agnitum Firewall Driver; C:\Windows\system32\DRIVERS\afw.sys [2009-02-18 29208]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424]
R1 SandBox;SandBox; \??\C:\Windows\system32\drivers\SandBox.sys [2009-04-06 704384]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 afwcore;afwcore; C:\Windows\system32\drivers\afwcore.sys [2009-02-10 307224]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-04-23 26176]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-05-31 1774080]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-18 1841312]
R3 KeyScrambler;KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [2009-01-18 114024]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-09-16 40552]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-07-13 50688]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-06-01 252416]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-06-22 187440]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory V55\npkcrypt.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 msloop;Microsoft Loopback Adapter Driver; C:\Windows\system32\DRIVERS\loop.sys [2008-01-18 6656]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2006-11-09 219264]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2006-11-09 211072]
S4 KR3NPXP;KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [2006-09-27 479488]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 94208]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640]
R2 pinger;pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [2007-01-25 136816]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2007-01-25 63096]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-02-27 185640]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-07-26 77824]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-06-09 603904]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2009-04-28 1195008]
S2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Program Files\MySQL\MySQL Server 5.1\my.ini MySQL []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-08-09 1862144]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-13 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-06-09 360192]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -k runservice []
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe wampmysqld []

-----------------EOF-----------------
dragon910
Active Member
 
Posts: 13
Joined: December 27th, 2009, 3:38 pm

Re: My HiJackThis Log

Unread postby dragon910 » January 6th, 2010, 8:29 pm

3. RSIT info.txt

info.txt logfile of random's system information tool 1.06 2010-01-06 16:22:53

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
Accessibility-->C:\Program Files\InstallShield Installation Information\{2C544254-39F2-4ACA-B779-ABF7297C96CF}\setup.exe -runfromtemp -l0x0009 -removeonly
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoImpression 6-->C:\Program Files\InstallShield Installation Information\{D03E7B00-CA85-4684-9321-1888873C34BD}\Setup.exe -runfromtemp -l0x0009 -removeonly
ArcSoft Print Creations-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}\Setup.exe" -l0x9
ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\setup.exe -runfromtemp -l0x0009 -removeonly
BitSpirit v3.5.0.275 Stable-->"C:\Program Files\BitSpirit\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0009 -removeonly
Combat Arms-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US
Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
EPSON CX8400 User's Guide-->C:\Program Files\epson\guide\cx8400_e\uninstall.exe
EPSON Printer Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX8400 Series Scanner Driver Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}\Setup.exe" -l0x9
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Game Booster-->"C:\Program Files\IObit\Game Booster\unins000.exe"
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Gus Verdun's RX-Plugin-->C:\Program Files\Gus Verdun\uninstallrxplugin.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
KeyScrambler-->C:\Program Files\KeyScrambler\uninstall.exe
LogMeIn Hamachi-->C:\Windows\system32\\msiexec.exe /i {067EC517-9731-43FD-B4D5-296EE0027BBB} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{067EC517-9731-43FD-B4D5-296EE0027BBB}
MapleStory-->MsiExec.exe /I{3062D9D0-0EF0-4F0D-9575-26013FF60FC9}
MapleStory-->MsiExec.exe /I{C19AB6C4-BBD0-49EF-927D-9C7CB80BC0B0}
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
Microsoft SQL Server Compact 3.5 SP1 Design Tools English-->MsiExec.exe /X{0C19D563-5F25-4621-BF10-01F741BD283F}
Microsoft SQL Server Compact 3.5 SP1 English-->MsiExec.exe /I{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition with SP1 - ENU\setup.exe
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU-->MsiExec.exe /X{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu-->MsiExec.exe /X{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
Mozilla Firefox (3.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 -removeonly
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
Outpost Firewall 2009-->"C:\Program Files\Agnitum\Outpost Firewall\unins000.exe"
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
Ten Thumbs 4.7-->"C:\Program Files\Ten Thumbs Typing Tutor 4.7\unins000.exe"
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x0009 uninstall
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
Toshiba Registration-->MsiExec.exe /I{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com

======Security center information======

FW: Outpost Firewall (disabled)
AS: Windows Defender

======System event log======

Computer Name: Andy-PC
Event Code: 10010
Message: The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.
Record Number: 55594
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090821223156.000000-000
Event Type: Error
User:

Computer Name: Andy-PC
Event Code: 7000
Message: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Record Number: 55550
Source Name: Service Control Manager
Time Written: 20090821172251.000000-000
Event Type: Error
User:

Computer Name: Andy-PC
Event Code: 7009
Message: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
Record Number: 55549
Source Name: Service Control Manager
Time Written: 20090821172251.000000-000
Event Type: Error
User:

Computer Name: Andy-PC
Event Code: 10005
Message: DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Record Number: 55548
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090821172251.000000-000
Event Type: Error
User:

Computer Name: Andy-PC
Event Code: 263
Message: The service 'TabletInputService' may not have unregistered for device event notifications before it was stopped.
Record Number: 55540
Source Name: PlugPlayManager
Time Written: 20090821172235.000000-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: Andy-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {a9628444-cddc-4dab-86fd-03e56a4e06ed}
Record Number: 843
Source Name: VSS
Time Written: 20090609024529.000000-000
Event Type: Error
User:

Computer Name: Andy-PC
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0
Record Number: 830
Source Name: MsiInstaller
Time Written: 20090609024248.000000-000
Event Type: Warning
User: Andy-PC\Andy

Computer Name: Andy-PC
Event Code: 1533
Message: Windows cannot delete the profile directory C:\Users\Administrator. This error may be caused by files in this directory being used by another program.

DETAIL - The directory is not empty.
Record Number: 812
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090609022945.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Andy-PC
Event Code: 5007
Message: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Record Number: 804
Source Name: WerSvc
Time Written: 20090609022936.000000-000
Event Type: Error
User:

Computer Name: Andy-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 795
Source Name: Microsoft-Windows-Search
Time Written: 20090609022908.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: Andy-PC
Event Code: 4647
Message: User initiated logoff:

Subject:
Security ID: S-1-5-21-752062067-2629128311-3012230091-500
Account Name: Administrator
Account Domain: LH-KMTC5G8I0LPR
Logon ID: 0x2da36

This event is generated when a logoff is initiated but the token reference count is not zero and the logon session cannot be destroyed. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 1020
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090609021144.043400-000
Event Type: Audit Success
User:

Computer Name: LH-KMTC5G8I0LPR
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x21bbd

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 1019
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090609021142.686200-000
Event Type: Audit Success
User:

Computer Name: LH-KMTC5G8I0LPR
Event Code: 4616
Message: The system time was changed.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Process Information:
Process ID: 0x4bc
Name: C:\Windows\System32\svchost.exe

Previous Time: 7:11:42 PM 6/8/2009
New Time: 7:11:42 PM 6/8/2009

This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Record Number: 1018
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090609021142.499000-000
Event Type: Audit Success
User:

Computer Name: LH-KMTC5G8I0LPR
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 1017
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090609021142.577000-000
Event Type: Audit Success
User:

Computer Name: LH-KMTC5G8I0LPR
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-752062067-2629128311-3012230091-500
Account Name: Administrator
Domain Name: LH-KMTC5G8I0LPR
Logon ID: 0x2da36
Record Number: 1016
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090609021131.657361-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
dragon910
Active Member
 
Posts: 13
Joined: December 27th, 2009, 3:38 pm

Re: My HiJackThis Log

Unread postby Wingman » January 6th, 2010, 10:42 pm

Hello dragon910,

We'll take care of an HJT entry, update some programs, that pose a security risk if not kept up-to-date.
Your version of Mozilla Firefox (3.0.17) is also outdated. It may be prudent to update the the latest version for improved performance and stability. If you decide to update Firefox...please do so after we have finished.
Once these steps are completed, we'll run some scans to make sure there's no malware left behind and then provide some final instructions.

Please read these instructions carefully before executing and then perform the steps, in the order given. lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please print these instructions, you will be closing your browser and won't have access to them.

Step 1.
Disable TeaTimer
The Resident TeaTimer tool of Spybot-S&D, may interfere with the fix, so we need to temporarily disable it.
This is a two step process.
First step:
  1. Right-click the Spybot Icon in the System Tray (resembles a blue/white calendar with a padlock symbol)
    New Version:
    • Click once on Resident Protection
    • Right-click the Spybot icon again and make sure Resident Protection is now Unchecked.
      The Spybot icon in the System tray should now be colorless.
    Old Version:
    • Click on Exit Spybot S&D Resident

Second step: (use for both new and older versions)
  1. Open Spybot S&D
  2. Click Mode, choose Advanced Mode
  3. Go to the bottom of the vertical panel on the left, click Tools
  4. Then, also in left panel, click Resident shows a red/white shield.
  5. If your firewall raises a question, say OK
  6. In the Resident protection status frame, Uncheck the box labelled Resident "Tea-Timer"(Protection of over-all system settings) active
  7. OK any prompts.
  8. Use File, then choose Exit to terminate Spybot
  9. Reboot your machine for the changes to take effect.

Step 2.
Fix HijackThis entries
Important!
Please temporarily disable any anti-spyware programs you are using, listed Here
...so they will not interfere with the entries we will be fixing in HijackThis.
  1. Run HijackThis
    Located in: C:\Program Files\Trend Micro\HijackThis\Andy.exe (or hijackthis.exe)
    If using Vista, you must right click (hijackthis.exe) and choose "Run As Administrator".
    • If you are on the Main Menu page... Click "Do a system scan only"
    • If you are on the "scan & fix stuff" page... Press the Scan...button.
  2. When the scan finishes...Place a check mark next to the following entries (if they are still present):
      *Only check those items listed below*
      O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
  3. After checking these items... CLOSE ALL open windows except HijackThis
  4. Click the Fix Checked...button. Choose YES...when prompted to fix the selected items.
  5. Once it has fixed them, close HijackThis and reboot your computer normally.

Step 3.
Update Adobe Reader
Your version of Adobe Reader is out-of-date. There are serious security issues with older versions of Adobe Reader.
I'm not asking you to update the Adobe Acrobat installation... this can be quite costly. I am going to insist that you update your Adobe Reader software.
Then use the Reader for viewing PDF files... you can use the Acrobat software for your other needs.

Please download the current version of Adobe Reader...Copyright © Adobe Systems Inc.
Please UNCHECK the box for the: Free McAfee Security Scan.
  1. Click the yellow "Download now"... button. If you don't already have Adobe DLM... you may receive a prompt...
  2. If prompted to install "Adobe DLM" This software is not a requirement to obtain the latest Adobe Reader software...so the choice is yours.
    The Adobe (DLM) Download Manager... allows you to "pick up where you left off", if your download process is interrupted. A good idea if you are using dial-up.
    If you choose to install Adobe DLM, it will start the download automatically. Adobe DLM software removal instructions available here...if wanted.
  3. If not using Adobe DLM...click on the highlighted "click here to download" text, to begin the Reader download.
    Save the file to your desktop.
    Uninstall OLD Adobe Reader
  4. Click on Start...then... Click the Start Search box on the Start Menu.
  5. Copy and paste control appwiz.cpl into the open text entry box.
      Depending on your current view setting ...
    • Double click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  6. Locate the following program(s):
    Adobe Reader 9.1
  7. Select the program and click on Uninstall to uninstall it. When finished... Close the Control Panel window.
    Install NEW Adobe Reader (9.2)
  8. Click on the Adobe Acrobat Reader (AdbeRdrxx_en_US.exe) icon, on your desktop... to install the new (free) version.
    The Adobe Reader download file name will be different, depending on the language or OS chosen. xx in the name = version numbers.
  9. The Adobe installer will check your system and begin the installation process. Use the default installation parameters.
  10. When the installation is complete... Close and re-open your Internet browser.
An alternate to Adobe Reader, you could try the free (for personal use) Foxit-Reader. It's a smaller download and when installed, uses less resources than Adobe Reader. Note: Let me know if interested in Foxit-Reader and I will provide safe download and installation instructions.

Step 4.
Java Update Needed!
Your Java is out of date.
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older versions of Java components and update:

Attention: Print these instructions or copy them. You will be closing your browser!!

DOWNLOAD UPDATED VERSION
  1. Get the latest version of Java Runtime Environment (JRE)... © Sun Microsystems, Inc.
  2. Look for "Java Runtime Environment (JRE)" JRE 6 Update 17.
  3. Click the "Download" button to the right.
  4. Select your Platform: "Windows"... then check "I agree to the (current update version) License Agreement.".
  5. Click Continue and the page will refresh.
  6. Locate the entry for Windows Offline Installation and click on the file name, save the file to your desktop.
    Dial-up users: You may want to check the "Windows Offline Installation" box and opt to use...
    "Download Selected with Sun Download Manager". The download can be restarted, in case it's interrupted.
<STOP> Do not install the new version of Java yet. We need to do some cleanup first!

REMOVE OLD JAVA VERSIONS
  1. Click on Start...then... Click the Start Search box on the Start Menu.
  2. Copy and paste control appwiz.cpl into the open text entry box.
      Depending on your current view setting ...
    • Double click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  3. Locate the following program(s):
    Java(TM) 6 Update 16
    Java(TM) SE Runtime Environment 6
  4. Select the program and click on Uninstall to uninstall it.
  5. Repeat steps 3 - 4 for each program in the list. When finished... Close the Control Panel window.
    Delete old Java Folder
    • Right click on the Start...button.
    • Using the Start Search box on the Start Menu.
    • Navigate to and find the following folder: if found, delete it.
      It's possible it may have been removed by the uninstall steps
      C:\Program Files\Java\ <==== delete this entire folder
    • When finished, exit Search.

INSTALL UPDATED VERSION
  1. Close all open applications (standard), especially your browser.
  2. From desktop... double-click on jre-6u17-windows-i586.exe to install the newest version.
    VISTA users: right-click on the above file, select "Run As Administrator" to install the newest version.
  3. Follow the on-screen directions...when installation is completed successfully, reboot your computer normally.
  4. Once the computer has been restarted, you can delete the "downloaded" installation file from your desktop.
OPTIONAL:
To prevent some unnecessary JAVA components from running when you boot your computer each time...
  1. Go to Control Panel... click on the JAVA icon.
  2. Press the Update tab... UNCHECK "Check for Updates Automatically". (You can check for updates manually.)
      Reply "Never Check" to the warning prompt.
  3. Now press the Advanced tab. Press the [+] to expand the "Miscellaneous" options.
  4. UNCHECK "Java Quick Starter".
  5. Press Apply and OK... then close the Java Control Panel. close and exit Control Panel.
If you choose to update via the Java applet in Control Panel, uncheck the option to install the Google Toolbar unless you want it.

Step 5.
RSIT (Random's System Information Tool)
You should still have this program on your desktop. If so, just ignore the download instructions.
Please download RSIT by random/random... save it to your desktop.
Attention!
In order for both info and log files to be produced again, I need you to delete the existing RSIT folder:
  1. C:\RSIT <-- delete this entire folder , then...
  2. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  3. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... 2 (Notepad) text files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.
    (These logs can be lengthy, so post 1 log per reply please.)

Step 6.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. RSIT log.txt and info.txt file contents
  3. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: My HiJackThis Log

Unread postby dragon910 » January 8th, 2010, 9:32 pm

1. There were no problems in executing the instructions.
3. The computer is behaving fine.

2. RSIT log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Andy at 2010-01-08 17:25:32
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 36 GB (48%) free of 75 GB
Total RAM: 1014 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:52 PM, on 1/8/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\KeyScrambler\KeyScrambler.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Andy\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Andy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: [Internet Media][AS12008][204.69.234.0 - 204.69.234.255]
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe /a
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BA2E328-50AF-446B-A44C-BC131CB3F659}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{872D7EC5-B036-4FA0-9D70-2D42C4F0BF46}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{7BA2E328-50AF-446B-A44C-BC131CB3F659}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll c:\progra~1\google\google~2\goec62~1.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe (file missing)

--
End of file - 12032 bytes

======Scheduled tasks folder======

C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-01-22 161200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}]
KeyScramblerBHO Class - C:\Program Files\KeyScrambler\KeyScramblerIE.dll [2009-03-24 833776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-08-04 5960520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-12 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-12 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-08-04 5960520]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-12 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-22 894248]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-06 4669440]
"Skytel"=C:\Windows\Skytel.exe [2007-06-15 1826816]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-06-06 142104]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-06-06 154392]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-06-06 138008]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"KeyScrambler"=C:\Program Files\KeyScrambler\keyscrambler.exe [2009-03-24 510704]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-07-07 1176808]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2009-04-28 2374464]
"OutpostFeedBack"=C:\Program Files\Agnitum\Outpost Firewall\feedback.exe [2009-04-28 428032]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=TOSCDSPD.EXE []
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1145860967]
C:\Program Files\Toshiba Registration\Registration.exe [2007-03-19 65603]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX8400 Series]
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE [2007-02-15 179200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-08-09 1862144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-08 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-13 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~1\agnitum\outpos~1\wl_hook.dll c:\progra~1\google\google~2\goec62~1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-05-31 200704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 3 months======

2010-01-08 17:25:32 ----D---- C:\rsit
2010-01-08 17:15:16 ----A---- C:\Windows\system32\javaws.exe
2010-01-08 17:15:16 ----A---- C:\Windows\system32\javaw.exe
2010-01-08 17:15:15 ----A---- C:\Windows\system32\java.exe
2010-01-08 17:14:37 ----D---- C:\Program Files\Java
2010-01-08 16:58:29 ----D---- C:\Program Files\Common Files\Adobe
2010-01-08 16:51:22 ----SHD---- C:\Config.Msi
2010-01-06 16:13:04 ----D---- C:\Windows\ERDNT
2010-01-06 16:12:19 ----D---- C:\Program Files\ERUNT
2010-01-01 12:28:23 ----D---- C:\Windows\Minidump
2009-12-27 14:11:19 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-12-27 14:11:19 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-27 13:40:57 ----D---- C:\Program Files\SpywareBlaster
2009-12-27 13:29:56 ----D---- C:\Program Files\Agnitum
2009-12-27 13:29:34 ----D---- C:\ProgramData\Agnitum
2009-12-27 11:34:59 ----D---- C:\Program Files\Trend Micro
2009-12-24 14:21:13 ----A---- C:\Windows\system32\SpOrder.dll
2009-12-24 14:21:09 ----A---- C:\Windows\system32\VistaInfo32.dll
2009-12-10 19:26:20 ----D---- C:\Users\Andy\AppData\Roaming\gtk-2.0
2009-12-09 16:47:40 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 16:47:39 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 16:47:37 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 16:47:37 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 16:47:37 ----A---- C:\Windows\system32\iertutil.dll
2009-12-09 16:47:36 ----A---- C:\Windows\system32\occache.dll
2009-12-09 16:47:36 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-09 16:47:36 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-09 16:47:34 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-09 16:47:34 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-09 16:47:34 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-09 16:47:34 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 16:47:34 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-09 16:47:34 ----A---- C:\Windows\system32\iepeers.dll
2009-12-09 16:47:33 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-09 16:47:33 ----A---- C:\Windows\system32\iesetup.dll
2009-12-09 16:47:33 ----A---- C:\Windows\system32\iernonce.dll
2009-12-09 16:47:33 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-09 16:21:35 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 16:18:01 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-09 16:18:01 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 16:16:29 ----A---- C:\Windows\system32\rastls.dll
2009-12-03 17:30:55 ----D---- C:\Users\Andy\AppData\Roaming\Apple Computer
2009-12-03 17:29:52 ----A---- C:\Windows\system32\GEARAspi.dll
2009-12-03 17:29:51 ----DC---- C:\Windows\system32\DRVSTORE
2009-12-03 17:28:13 ----D---- C:\Program Files\iPod
2009-12-03 17:28:09 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-03 17:28:09 ----D---- C:\Program Files\iTunes
2009-12-03 17:26:39 ----D---- C:\Program Files\Bonjour
2009-12-03 17:24:57 ----D---- C:\Program Files\QuickTime
2009-12-03 17:24:55 ----D---- C:\ProgramData\Apple Computer
2009-12-03 17:24:11 ----D---- C:\Program Files\Apple Software Update
2009-12-03 17:20:46 ----D---- C:\ProgramData\Apple
2009-12-03 17:20:46 ----D---- C:\Program Files\Common Files\Apple
2009-11-28 19:27:30 ----D---- C:\ProgramData\Nexon
2009-11-25 16:26:14 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 07:18:04 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 07:18:04 ----A---- C:\Windows\system32\msxml3.dll
2009-11-24 16:53:44 ----D---- C:\ProgramData\MySQL
2009-11-18 22:11:02 ----D---- C:\Users\Andy\AppData\Roaming\MySQL
2009-11-11 17:49:20 ----A---- C:\Windows\system32\WSDApi.dll
2009-11-06 19:51:23 ----D---- C:\Program Files\GIMP-2.0
2009-11-05 16:09:35 ----D---- C:\Users\Andy\AppData\Roaming\GetRightToGo
2009-11-04 06:45:22 ----D---- C:\Program Files\LogMeIn Hamachi
2009-11-03 15:56:04 ----A---- C:\Windows\system32\wups2.dll
2009-11-03 15:56:03 ----A---- C:\Windows\system32\wucltux.dll
2009-11-03 15:56:03 ----A---- C:\Windows\system32\wuaueng.dll
2009-11-03 15:56:03 ----A---- C:\Windows\system32\wuauclt.exe
2009-11-03 15:55:17 ----A---- C:\Windows\system32\wups.dll
2009-11-03 15:55:17 ----A---- C:\Windows\system32\wudriver.dll
2009-11-03 15:55:17 ----A---- C:\Windows\system32\wuapi.dll
2009-11-03 15:54:54 ----A---- C:\Windows\system32\wuwebv.dll
2009-11-03 15:54:54 ----A---- C:\Windows\system32\wuapp.exe
2009-11-03 07:14:15 ----D---- C:\Program Files\Windows Portable Devices
2009-11-03 07:11:41 ----A---- C:\Windows\system32\UIAnimation.dll
2009-11-03 07:11:38 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-11-03 07:11:38 ----A---- C:\Windows\system32\UIRibbon.dll
2009-11-03 07:10:54 ----A---- C:\Windows\system32\WMPhoto.dll
2009-11-03 07:10:50 ----A---- C:\Windows\system32\cdd.dll
2009-11-03 07:10:47 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-11-03 07:10:47 ----A---- C:\Windows\system32\d3d10warp.dll
2009-11-03 07:10:46 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-11-03 07:10:46 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-11-03 07:10:46 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-11-03 07:10:46 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-11-03 07:10:46 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-11-03 07:10:46 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-11-03 07:10:46 ----A---- C:\Windows\system32\dxdiagn.dll
2009-11-03 07:10:46 ----A---- C:\Windows\system32\dxdiag.exe
2009-11-03 07:10:46 ----A---- C:\Windows\system32\d2d1.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\xpsservices.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\XpsPrint.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\OpcServices.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\FntCache.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\dxgi.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\DWrite.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\d3d11.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\d3d10level9.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\d3d10core.dll
2009-11-03 07:10:45 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-11-03 07:10:44 ----A---- C:\Windows\system32\d3d10_1.dll
2009-11-03 07:10:44 ----A---- C:\Windows\system32\d3d10.dll
2009-11-03 07:10:10 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-11-03 07:10:10 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-11-03 07:10:10 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-11-03 07:09:56 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-11-03 07:09:48 ----A---- C:\Windows\system32\WpdMtpUS.dll
2009-11-03 07:09:48 ----A---- C:\Windows\system32\WpdConns.dll
2009-11-03 07:09:47 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-11-03 07:09:47 ----A---- C:\Windows\system32\wpdshext.dll
2009-11-03 07:09:47 ----A---- C:\Windows\system32\WpdMtp.dll
2009-11-03 07:09:47 ----A---- C:\Windows\system32\wpd_ci.dll
2009-11-03 07:09:47 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-11-03 07:09:47 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-11-03 07:09:47 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-11-03 07:09:46 ----A---- C:\Windows\system32\WPDSp.dll
2009-11-03 07:09:46 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-11-03 07:07:52 ----A---- C:\Windows\system32\oleaccrc.dll
2009-11-03 07:07:50 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-11-03 07:07:50 ----A---- C:\Windows\system32\oleacc.dll
2009-10-30 05:57:01 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-30 05:56:34 ----A---- C:\Windows\system32\wmp.dll
2009-10-30 05:55:28 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-27 15:25:36 ----D---- C:\Users\Andy\AppData\Roaming\HotzAdam
2009-10-21 18:02:36 ----D---- C:\Program Files\Microsoft SQL Server
2009-10-21 18:02:29 ----D---- C:\Program Files\Microsoft Silverlight
2009-10-21 18:02:18 ----D---- C:\Program Files\Microsoft Synchronization Services
2009-10-21 18:02:17 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-10-21 17:56:08 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2009-10-21 17:55:14 ----D---- C:\Program Files\Microsoft SDKs
2009-10-19 19:58:42 ----D---- C:\Users\Andy\AppData\Roaming\Dev-Cpp
2009-10-14 14:44:45 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-14 14:44:36 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-14 14:44:36 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-14 14:44:30 ----A---- C:\Windows\system32\msasn1.dll
2009-10-14 14:43:50 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-09 18:30:19 ----D---- C:\Program Files\AIM6

======List of files/folders modified in the last 3 months======

2010-01-08 17:25:39 ----D---- C:\Windows\Temp
2010-01-08 17:20:27 ----D---- C:\Windows
2010-01-08 17:15:32 ----SHD---- C:\Windows\Installer
2010-01-08 17:15:16 ----AD---- C:\Windows\System32
2010-01-08 17:14:44 ----A---- C:\Windows\system32\deploytk.dll
2010-01-08 17:14:37 ----RD---- C:\Program Files
2010-01-08 17:14:27 ----SHD---- C:\System Volume Information
2010-01-08 17:11:52 ----D---- C:\Program Files\Common Files
2010-01-08 16:58:53 ----D---- C:\ProgramData\Adobe
2010-01-08 16:58:29 ----D---- C:\Program Files\Adobe
2010-01-08 16:58:14 ----D---- C:\Windows\system32\catroot2
2010-01-08 16:53:45 ----D---- C:\Users\Andy\AppData\Roaming\DMCache
2010-01-08 16:36:08 ----D---- C:\Windows\Prefetch
2010-01-08 16:19:08 ----D---- C:\Windows\inf
2010-01-08 16:19:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-06 06:55:19 ----D---- C:\Program Files\Mozilla Firefox
2010-01-02 22:15:23 ----D---- C:\Windows\system32\drivers
2009-12-30 22:52:28 ----D---- C:\Windows\system32\config
2009-12-29 16:02:47 ----D---- C:\Windows\Debug
2009-12-27 14:11:19 ----HD---- C:\ProgramData
2009-12-27 13:34:01 ----D---- C:\Windows\system32\catroot
2009-12-23 14:12:58 ----SHD---- C:\Boot
2009-12-22 09:47:19 ----D---- C:\ProgramData\Google
2009-12-22 09:47:18 ----D---- C:\Program Files\Google
2009-12-22 09:47:15 ----D---- C:\Windows\Tasks
2009-12-21 21:51:58 ----RSD---- C:\Windows\Fonts
2009-12-18 06:50:21 ----D---- C:\Program Files\McAfee
2009-12-09 17:30:57 ----D---- C:\Windows\rescache
2009-12-09 17:12:37 ----D---- C:\Windows\winsxs
2009-12-09 16:59:08 ----D---- C:\Windows\system32\migration
2009-12-09 16:59:05 ----D---- C:\Program Files\Internet Explorer
2009-12-09 16:59:04 ----D---- C:\Windows\system32\en-US
2009-12-09 16:59:03 ----D---- C:\Program Files\Windows Mail
2009-12-01 20:28:58 ----D---- C:\Nexon
2009-12-01 19:08:05 ----D---- C:\ProgramData\McAfee
2009-12-01 12:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-11-21 18:41:14 ----D---- C:\Windows\system32\LogFiles
2009-11-11 08:52:43 ----D---- C:\Windows\system32\Msdtc
2009-11-11 08:52:38 ----D---- C:\Windows\system32\wbem
2009-11-11 08:51:35 ----D---- C:\Windows\system32\spool
2009-11-11 08:51:35 ----D---- C:\Windows\system32\CodeIntegrity
2009-11-11 08:51:30 ----D---- C:\Windows\registration
2009-11-07 10:53:54 ----D---- C:\ProgramData\Ten Thumbs Typing Tutor
2009-11-06 17:22:50 ----SD---- C:\Users\Andy\AppData\Roaming\Microsoft
2009-11-03 15:45:27 ----D---- C:\Windows\system32\Tasks
2009-11-03 07:14:06 ----D---- C:\Windows\system32\pt-BR
2009-11-03 07:14:05 ----D---- C:\Windows\system32\uk-UA
2009-11-03 07:14:05 ----D---- C:\Windows\system32\pt-PT
2009-11-03 07:14:05 ----D---- C:\Windows\system32\pl-PL
2009-11-03 07:14:05 ----D---- C:\Windows\system32\ko-KR
2009-11-03 07:14:05 ----D---- C:\Windows\system32\it-IT
2009-11-03 07:14:05 ----D---- C:\Windows\system32\he-IL
2009-11-03 07:14:05 ----D---- C:\Windows\system32\bg-BG
2009-11-03 07:14:04 ----D---- C:\Windows\system32\zh-HK
2009-11-03 07:14:04 ----D---- C:\Windows\system32\sl-SI
2009-11-03 07:14:04 ----D---- C:\Windows\system32\nl-NL
2009-11-03 07:14:04 ----D---- C:\Windows\system32\hu-HU
2009-11-03 07:14:04 ----D---- C:\Windows\system32\hr-HR
2009-11-03 07:14:04 ----D---- C:\Windows\system32\el-GR
2009-11-03 07:14:03 ----D---- C:\Windows\system32\tr-TR
2009-11-03 07:14:03 ----D---- C:\Windows\system32\th-TH
2009-11-03 07:14:03 ----D---- C:\Windows\system32\sv-SE
2009-11-03 07:14:03 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-03 07:14:03 ----D---- C:\Windows\system32\fr-FR
2009-11-03 07:14:03 ----D---- C:\Windows\system32\fi-FI
2009-11-03 07:14:02 ----D---- C:\Windows\system32\zh-TW
2009-11-03 07:14:02 ----D---- C:\Windows\system32\sk-SK
2009-11-03 07:14:02 ----D---- C:\Windows\system32\lv-LV
2009-11-03 07:14:02 ----D---- C:\Windows\system32\lt-LT
2009-11-03 07:14:02 ----D---- C:\Windows\system32\et-EE
2009-11-03 07:14:02 ----D---- C:\Windows\system32\es-ES
2009-11-03 07:14:02 ----D---- C:\Windows\system32\de-DE
2009-11-03 07:14:01 ----D---- C:\Windows\system32\zh-CN
2009-11-03 07:14:01 ----D---- C:\Windows\system32\ro-RO
2009-11-03 07:14:01 ----D---- C:\Windows\system32\ja-JP
2009-11-03 07:14:01 ----D---- C:\Windows\system32\cs-CZ
2009-11-03 07:14:01 ----D---- C:\Windows\system32\ar-SA
2009-11-03 07:14:00 ----D---- C:\Windows\system32\ru-RU
2009-11-03 07:14:00 ----D---- C:\Windows\system32\nb-NO
2009-11-03 07:14:00 ----D---- C:\Windows\system32\da-DK
2009-11-02 20:42:06 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-30 06:13:10 ----D---- C:\Program Files\Windows Media Player
2009-10-21 18:20:01 ----D---- C:\Windows\Microsoft.NET
2009-10-21 18:19:48 ----RSD---- C:\Windows\assembly
2009-10-21 18:02:23 ----SD---- C:\ProgramData\Microsoft
2009-10-21 18:02:00 ----D---- C:\ProgramData\Microsoft Help
2009-10-21 17:56:25 ----D---- C:\Program Files\Common Files\microsoft shared
2009-10-12 18:21:14 ----D---- C:\Program Files\Common Files\AOL
2009-10-12 18:21:07 ----D---- C:\ProgramData\Viewpoint
2009-10-09 18:30:49 ----SD---- C:\Windows\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 afw;Agnitum Firewall Driver; C:\Windows\system32\DRIVERS\afw.sys [2009-02-18 29208]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424]
R1 SandBox;SandBox; \??\C:\Windows\system32\drivers\SandBox.sys [2009-04-06 704384]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 afwcore;afwcore; C:\Windows\system32\drivers\afwcore.sys [2009-02-10 307224]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-04-23 26176]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-05-31 1774080]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-18 1841312]
R3 KeyScrambler;KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [2009-01-18 114024]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-09-16 40552]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-07-13 50688]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-06-01 252416]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-06-22 187440]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory V55\npkcrypt.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 msloop;Microsoft Loopback Adapter Driver; C:\Windows\system32\DRIVERS\loop.sys [2008-01-18 6656]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2006-11-09 219264]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2006-11-09 211072]
S4 KR3NPXP;KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [2006-09-27 479488]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 94208]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640]
R2 pinger;pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [2007-01-25 136816]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2007-01-25 63096]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-02-27 185640]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-07-26 77824]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-06-09 603904]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2009-04-28 1195008]
S2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Program Files\MySQL\MySQL Server 5.1\my.ini MySQL []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-08-09 1862144]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-13 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-06-09 360192]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -k runservice []
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe wampmysqld []

-----------------EOF-----------------
dragon910
Active Member
 
Posts: 13
Joined: December 27th, 2009, 3:38 pm

Re: My HiJackThis Log

Unread postby dragon910 » January 8th, 2010, 9:38 pm

2. RSIT info.txt

info.txt logfile of random's system information tool 1.06 2010-01-08 17:27:00

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
Accessibility-->C:\Program Files\InstallShield Installation Information\{2C544254-39F2-4ACA-B779-ABF7297C96CF}\setup.exe -runfromtemp -l0x0009 -removeonly
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoImpression 6-->C:\Program Files\InstallShield Installation Information\{D03E7B00-CA85-4684-9321-1888873C34BD}\Setup.exe -runfromtemp -l0x0009 -removeonly
ArcSoft Print Creations-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}\Setup.exe" -l0x9
ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\setup.exe -runfromtemp -l0x0009 -removeonly
BitSpirit v3.5.0.275 Stable-->"C:\Program Files\BitSpirit\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0009 -removeonly
Combat Arms-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US
Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
EPSON CX8400 User's Guide-->C:\Program Files\epson\guide\cx8400_e\uninstall.exe
EPSON Printer Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX8400 Series Scanner Driver Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}\Setup.exe" -l0x9
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Game Booster-->"C:\Program Files\IObit\Game Booster\unins000.exe"
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Gus Verdun's RX-Plugin-->C:\Program Files\Gus Verdun\uninstallrxplugin.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
KeyScrambler-->C:\Program Files\KeyScrambler\uninstall.exe
LogMeIn Hamachi-->C:\Windows\system32\\msiexec.exe /i {067EC517-9731-43FD-B4D5-296EE0027BBB} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{067EC517-9731-43FD-B4D5-296EE0027BBB}
MapleStory-->MsiExec.exe /I{3062D9D0-0EF0-4F0D-9575-26013FF60FC9}
MapleStory-->MsiExec.exe /I{C19AB6C4-BBD0-49EF-927D-9C7CB80BC0B0}
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
Microsoft SQL Server Compact 3.5 SP1 Design Tools English-->MsiExec.exe /X{0C19D563-5F25-4621-BF10-01F741BD283F}
Microsoft SQL Server Compact 3.5 SP1 English-->MsiExec.exe /I{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition with SP1 - ENU\setup.exe
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU-->MsiExec.exe /X{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu-->MsiExec.exe /X{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
Mozilla Firefox (3.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 -removeonly
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
Outpost Firewall 2009-->"C:\Program Files\Agnitum\Outpost Firewall\unins000.exe"
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
Ten Thumbs 4.7-->"C:\Program Files\Ten Thumbs Typing Tutor 4.7\unins000.exe"
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x0009 uninstall
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
Toshiba Registration-->MsiExec.exe /I{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

=====HijackThis Backups=====

O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file) [2010-01-08]

======Hosts File======

127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com

======Security center information======

FW: Outpost Firewall (disabled)
AS: Windows Defender

======System event log======

Computer Name: Andy-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 56590
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090824235939.547000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Andy-PC
Event Code: 10010
Message: The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.
Record Number: 56577
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090824235920.000000-000
Event Type: Error
User:

Computer Name: Andy-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 56443
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090824152343.715366-000
Event Type: Error
User:

Computer Name: Andy-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 56433
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090824053627.684400-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Andy-PC
Event Code: 10010
Message: The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.
Record Number: 56422
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090824053612.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Andy-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {a9628444-cddc-4dab-86fd-03e56a4e06ed}
Record Number: 843
Source Name: VSS
Time Written: 20090609024529.000000-000
Event Type: Error
User:

Computer Name: Andy-PC
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0
Record Number: 830
Source Name: MsiInstaller
Time Written: 20090609024248.000000-000
Event Type: Warning
User: Andy-PC\Andy

Computer Name: Andy-PC
Event Code: 1533
Message: Windows cannot delete the profile directory C:\Users\Administrator. This error may be caused by files in this directory being used by another program.

DETAIL - The directory is not empty.
Record Number: 812
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090609022945.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Andy-PC
Event Code: 5007
Message: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Record Number: 804
Source Name: WerSvc
Time Written: 20090609022936.000000-000
Event Type: Error
User:

Computer Name: Andy-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 795
Source Name: Microsoft-Windows-Search
Time Written: 20090609022908.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: Andy-PC
Event Code: 4647
Message: User initiated logoff:

Subject:
Security ID: S-1-5-21-752062067-2629128311-3012230091-500
Account Name: Administrator
Account Domain: LH-KMTC5G8I0LPR
Logon ID: 0x2da36

This event is generated when a logoff is initiated but the token reference count is not zero and the logon session cannot be destroyed. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 1020
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090609021144.043400-000
Event Type: Audit Success
User:

Computer Name: LH-KMTC5G8I0LPR
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x21bbd

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 1019
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090609021142.686200-000
Event Type: Audit Success
User:

Computer Name: LH-KMTC5G8I0LPR
Event Code: 4616
Message: The system time was changed.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Process Information:
Process ID: 0x4bc
Name: C:\Windows\System32\svchost.exe

Previous Time: 7:11:42 PM 6/8/2009
New Time: 7:11:42 PM 6/8/2009

This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Record Number: 1018
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090609021142.499000-000
Event Type: Audit Success
User:

Computer Name: LH-KMTC5G8I0LPR
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 1017
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090609021142.577000-000
Event Type: Audit Success
User:

Computer Name: LH-KMTC5G8I0LPR
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-752062067-2629128311-3012230091-500
Account Name: Administrator
Domain Name: LH-KMTC5G8I0LPR
Logon ID: 0x2da36
Record Number: 1016
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090609021131.657361-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
dragon910
Active Member
 
Posts: 13
Joined: December 27th, 2009, 3:38 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 307 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware