Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

cant run hijackthis

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

cant run hijackthis

Unread postby Trigger » September 16th, 2009, 7:38 am

hi i need loads of help here... ive had a hard time with this. ive dl hijackthis and installed but i cant run the program. please help. every time i load it comes up saying "a problem caused the program to stop working correctly. windows will close the program and notify you if a solution is available"
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am
Advertisement
Register to Remove

Re: cant run hijackthis

Unread postby Wingman » September 20th, 2009, 3:17 pm

Hello... Welcome to the forum.
My name is Wingman, and I'll be helping you with any malware problems.
HijackThis logs can take a while to research, so please be patient.

I am currently under the guidance of the MRU teachers, everything I post to you, has been reviewed by them.
This additional review process can add some extra time to my responses...but not too much
.
;)

Before we begin...please note the following important guidelines.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. DO NOT run any other fix or removal tools unless instructed to do so!
  3. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  4. Please, if you have questions about something...ASK, don't guess or assume.
  5. Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  7. Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean"

If you follow these guidelines, things should proceed smoothly. :)
I am currently reviewing your log and will return, as soon as possible, with additional instructions.
In the meantime...

I am conferring with the MRU expert teachers on the best and safest way to address your situation. If you still need help with this, please stay with us. If you are receiving help or have received help, on this problem, elsewhere, please let us know.

Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: cant run hijackthis

Unread postby Wingman » September 20th, 2009, 4:34 pm

Hello Trigger,
Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
Windows XP or Vista only
RSIT (Random's System Information Tool)
Please download RSIT by random/random... save it to your desktop.
  1. Double click on RSIT.exe to run it... read the disclaimer... click on Continue.
  2. RSIT will start running. When done... 2 logs files...will be produced.
    The first one, "log.txt", will be maximized ... the second one, "info.txt", will be minimized.
  3. Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Step 2.
GMER
The downloaded file will have a random name... this prevents malware from detecting and blocking it.
Please download GMER... random file name.exe by GMER. An alternate (zip file) download site.
Note: Do not run any programs while Gmer is running.
**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  1. Double click on the random named.exe to execute. If asked, allow the gmer.sys driver load.
  2. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO <--- Important!

    Image
    Click the image to enlarge it

  3. On the right panel, you'll see several boxes have been checked. Please UNCHECK the following:
    Refer to the image above for these entries
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All <-- don't miss this one
  4. If you don't get a warning then...
    • Click the Rootkit/Malware tab at the top of the GMER window.
  5. Click the Scan button.
  6. Once the scan has finished... click Copy. ... Do not close the GMER window yet...
  7. Open Notepad and paste (Ctrl+V) what you copied.
  8. Select "Save As" in Notepad...saving the file to your desktop as "gmerroot.txt"... then close Notepad.
    In the GMER window...
  9. Click on the >>> tab at the top of the GMER window. This displays the rest of the "selection" tabs for you.
  10. Click on the Autostart tab... then click on Scan button.
  11. Once the scan has finished... click Copy.
  12. Open Notepad (again) and paste (Ctrl+V) what you copied.
  13. Select "Save As" in Notepad...saving the file to your desktop as "gmerauto.txt"
  14. Copy and paste the contents of the files gmerroot.txt and gmerauto.txt in you next reply.

Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. RSIT - log.txt and info.txt file contents
  3. GMER - gmerroot and gmerauto.txt files contents
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: cant run hijackthis

Unread postby Trigger » September 20th, 2009, 11:41 pm

thanks for your reply Wingman, 1. no problem with your instructions
2. as you can see i got rsit log files done
3.but when i went to scan with GMER my computer blue screened and restarted.
4. Firefox and IE are runnig slowly google search gets redirected and i've noticed that IE is just occationally redirecting any link that i click on

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-09-21 13:34:28
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 2 GB (14%) free of 15 GB
Total RAM: 893 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:01 PM, on 9/21/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\User\Desktop\RSIT.exe
C:\Program Files\trend micro\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - FBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - *CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - E:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - E:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - E:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SymLnch] "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe" "C:\PROGRA~1\COMMON~1\SYMANT~1\SymSetup\{C1C18~1\Setup.exe" " /X"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AutoStartNPSAgent] E:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D965245-1D18-4311-93E7-85170C98C195}: NameServer = 85.255.112.174,85.255.112.71
O17 - HKLM\System\CCS\Services\Tcpip\..\{B051BBF1-D2E7-4AD6-A1A3-C8676AB2F333}: NameServer = 85.255.112.174,85.255.112.71
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.174,85.255.112.71
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.174,85.255.112.71
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\Skype4COM.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - D:\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - D:\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate1c9a391f4bedba5) (gupdate1c9a391f4bedba5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Unknown owner - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Start BT in service - Unknown owner - E:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 11333 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1827766B-9F49-4854-8034-F6EE26FCB1EC}]
ZILLAbar Browser Helper Object - E:\Program Files\STOPzilla!\SZSG.dll [2009-08-18 259520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}]
STOPzilla Browser Helper Object - E:\Program Files\STOPzilla!\SZIEBHO.dll [2009-08-18 222656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{98828DED-A591-462F-83BA-D2F62A68B8B8} - STOPzilla - E:\Program Files\STOPzilla!\SZSG.dll [2009-08-18 259520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-09-19 4702208]
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-02-18 13683232]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-02-18 92704]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"HP Software Update"=E:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"NPSStartup"= []
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-07-10 195072]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"SymLnch"=C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe C:\PROGRA~1\COMMON~1\SYMANT~1\SymSetup\{C1C18~1\Setup.exe /X []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"AutoStartNPSAgent"=E:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-08-08 98304]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Telstra\unpw\unpwclient.exe"="C:\Program Files\Telstra\unpw\unpwclient.exe:*:Enabled:BigPond Username/Password Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d367856-a0c4-11de-889e-001583184ae9}]
shell\AutoRun\command - DRIVER///vozacka.exe
shell\explore\command - DRIVER//vozacka.exe
shell\open\command - DRIVER//vozacka.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7758d994-57fd-11dd-99af-806e6f6e6963}]
shell\AutoRun\command - F:\Run.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2009-12-23 18:02:07 ----AC---- C:\Windows\system32\8953hzcktool163.exe
2009-12-17 04:28:05 ----AC---- C:\Windows\system32\15759pamboz15.dll
2009-11-29 07:39:43 ----AC---- C:\Windows\system32\5cedspars91z79.exe
2009-11-23 03:25:20 ----AC---- C:\Windows\system32\25952t5ojz9.exe
2009-11-21 01:45:38 ----AC---- C:\Windows\system32\7z505ownloa9er877.exe
2009-11-16 00:33:52 ----AC---- C:\Windows\system32\9556s9yz1c.dll
2009-11-12 08:19:32 ----AC---- C:\Windows\system32\zc4thief1359.exe
2009-11-10 10:55:22 ----AC---- C:\Windows\system32\28324zot-5-virus7439.exe
2009-11-07 16:42:33 ----AC---- C:\Windows\system32\2414zi5us2469.exe
2009-11-05 23:08:44 ----AC---- C:\Windows\system32\5964ba9kdozr2365.dll
2009-10-25 01:04:45 ----AC---- C:\Windows\system32\25699wozm663.dll
2009-10-23 17:55:58 ----AC---- C:\Windows\system32\zaeathrea925855.exe
2009-10-12 10:26:09 ----AC---- C:\Windows\system32\26999ozm7995.exe
2009-10-04 18:25:33 ----AC---- C:\Windows\system32\79zestea519479.dll
2009-10-04 00:01:31 ----AC---- C:\Windows\system32\59764szy126.exe
2009-09-24 10:39:52 ----AC---- C:\Windows\system32\5d79viz605.exe
2009-09-21 13:34:28 ----DC---- C:\rsit
2009-09-21 13:34:28 ----DC---- \rsit
2009-09-20 16:54:16 ----DC---- C:\Program Files\Trend Micro
2009-09-19 15:07:37 ----AC---- C:\MGtools.exe
2009-09-19 15:07:37 ----AC---- \MGtools.exe
2009-09-16 10:12:42 ----AC---- C:\Windows\ntbtlog.txt
2009-09-16 09:04:13 ----DC---- C:\Program Files\Common Files\iS3
2009-09-13 20:11:30 ----AC---- C:\Windows\system32\6c31backdoz51921.exe
2009-09-13 20:07:34 ----DC---- C:\Program Files\BinaryBiz
2009-09-12 12:54:19 ----AC---- C:\Windows\system32\3f6b5zkdoor2960.exe
2009-09-12 11:51:22 ----AC---- C:\Windows\system32\13728ha9kzoo5311.dll
2009-09-06 22:26:18 ----DC---- C:\Windows\BDOSCAN8
2009-09-05 21:32:40 ----AC---- C:\Windows\PhotoSnapViewer.INI
2009-09-05 07:47:31 ----AC---- C:\Windows\system32\1z023hackt9ol10a5.exe
2009-08-26 09:16:39 ----AC---- C:\Windows\system32\1b3backd95r158z.dll
2009-08-26 04:23:34 ----DC---- C:\Windows\Sun
2009-08-25 13:03:00 ----DC---- C:\Users\User\AppData\Roaming\KodakCredentialStore
2009-08-25 12:59:43 ----DC---- C:\Users\User\AppData\Roaming\Skinux
2009-08-25 12:58:15 ----DC---- C:\Program Files\QuickTime
2009-08-25 12:58:10 ----ASHC---- C:\Users\User\AppData\Roaming\desktop.ini
2009-08-25 12:57:27 ----DC---- C:\Users\User\AppData\Roaming\ArcSoft
2009-08-25 12:55:54 ----DC---- C:\Program Files\Common Files\ArcSoft
2009-08-25 12:55:54 ----DC---- C:\Program Files\ArcSoft
2009-08-25 12:55:00 ----DC---- C:\Program Files\Kodak
2009-08-25 12:52:50 ----DC---- C:\Program Files\Common Files\Kodak
2009-08-25 12:51:30 ----DC---- C:\Program Files\Common Files\MSSoap
2009-08-25 09:31:05 ----AC---- C:\Windows\NeroDigital.ini
2009-08-24 22:39:29 ----DC---- C:\Program Files\AVG
2009-08-24 22:21:48 ----DC---- C:\Users\User\AppData\Roaming\AVG8
2009-08-20 20:23:35 ----AC---- C:\Windows\system32\65ee9pars5189z.dll
2009-08-20 20:23:34 ----AC---- C:\Windows\system32\4753v5r69z.dll
2009-08-20 20:23:32 ----AC---- C:\Windows\system32\5e54spzrse2495.exe
2009-08-20 20:23:32 ----AC---- C:\Windows\system32\3215z9ro574a.dll
2009-08-20 20:23:30 ----AC---- C:\Windows\system32\12825hacztool529.dll
2009-08-20 20:23:29 ----AC---- C:\Windows\system32\79zeaddware5032.dll
2009-08-20 20:23:28 ----AC---- C:\Windows\system32\23785w9r51z9.exe
2009-08-20 20:23:28 ----AC---- C:\Windows\system32\12858not-a-vizu54149.exe
2009-08-20 20:23:27 ----AC---- C:\Windows\system32\7ed0do5zloade967.dll
2009-08-20 20:23:27 ----AC---- C:\Windows\system32\330za9dware11265.dll
2009-08-20 20:23:27 ----AC---- C:\Windows\system32\155steaz18329.dll
2009-08-20 20:23:26 ----AC---- C:\Windows\system32\3333no5-azvirus79b.exe
2009-08-20 20:23:25 ----AC---- C:\Windows\system32\15174s9y5z5.dll
2009-08-20 20:23:23 ----AC---- C:\Windows\system32\969zsparse5625.exe
2009-08-20 20:23:23 ----AC---- C:\Windows\system32\6161zparse5669.dll
2009-08-20 20:23:22 ----AC---- C:\Windows\system32\25b9szy5are1976.dll
2009-08-20 20:23:20 ----AC---- C:\Windows\system32\35z5spyware1796.dll
2009-08-20 20:23:19 ----AC---- C:\Windows\system32\6816hzckt5ol3e9.dll
2009-08-20 20:23:19 ----AC---- C:\Windows\system32\5z84th9eat15207.exe
2009-08-20 20:23:17 ----AC---- C:\Windows\system32\z4421spy2095.exe
2009-08-20 20:23:17 ----AC---- C:\Windows\system32\7a8avir15z9.exe
2009-08-20 20:23:17 ----AC---- C:\Windows\system32\5558spyware9z16.dll
2009-08-17 07:06:21 ----AC---- C:\Windows\system32\505bzddw9re361.dll
2009-08-15 07:29:40 ----AC---- C:\Windows\system32\1909ztro5e8.dll
2009-08-13 22:56:11 ----AC---- C:\Windows\system32\3az6addware3539.dll
2009-08-11 13:30:04 ----AC---- C:\Windows\system32\11431not-a5virz92ff.dll
2009-08-09 08:19:14 ----AC---- C:\Windows\system32\9536wo9m50z.exe
2009-08-08 21:22:08 ----DC---- C:\Program Files\MarkAnyContentSAFER
2009-08-08 21:06:31 ----DC---- C:\Windows\system32\Samsung_USB_Drivers
2009-08-08 21:05:07 ----AC---- C:\Windows\system32\FsUsbExDevice.Dll
2009-08-08 21:05:07 ----A---- C:\Windows\system32\FsUsbExService.Exe
2009-08-08 21:03:52 ----DC---- C:\Users\User\AppData\Roaming\Samsung
2009-07-22 18:35:32 ----AC---- C:\Windows\system32\zad2backdoor26595.dll
2009-07-20 14:57:28 ----RAC---- C:\Windows\system32\SZIO5.dll
2009-07-20 14:56:28 ----RAC---- C:\Windows\system32\SZBase5.dll
2009-07-20 14:56:04 ----RAC---- C:\Windows\system32\SZComp5.dll
2009-07-17 09:46:17 ----AC---- C:\Windows\ODBC.INI
2009-07-17 09:44:44 ----DC---- C:\Program Files\Microsoft ActiveSync
2009-07-17 09:44:34 ----DC---- C:\Program Files\Common Files\Designer
2009-07-17 09:44:06 ----DC---- C:\Windows\ShellNew
2009-07-09 15:52:32 ----RAC---- C:\Windows\system32\IS3HTUI5.dll
2009-07-09 15:52:22 ----RAC---- C:\Windows\system32\IS3DBA5.dll
2009-07-09 15:51:40 ----RAC---- C:\Windows\system32\IS3UI5.dll
2009-07-09 15:51:24 ----RAC---- C:\Windows\system32\IS3Hks5.dll
2009-07-09 15:51:06 ----RAC---- C:\Windows\system32\IS3XDat5.dll
2009-07-09 15:50:48 ----RAC---- C:\Windows\system32\IS3Win325.dll
2009-07-09 15:50:28 ----RAC---- C:\Windows\system32\IS3Inet5.dll
2009-07-09 15:50:16 ----RAC---- C:\Windows\system32\IS3Svc5.dll
2009-07-09 15:47:06 ----RAC---- C:\Windows\system32\IS3Base5.dll
2009-07-06 16:59:54 ----AC---- C:\Windows\system32\68735roj33z9.exe
2009-06-27 19:13:09 ----DC---- C:\Users\User\AppData\Roaming\Symantec
2009-06-27 00:01:55 ----DC---- C:\Program Files\Common Files\Symantec Shared

======List of files/folders modified in the last 3 months======

2009-09-21 13:34:45 ----DC---- C:\Windows\Prefetch
2009-09-21 13:34:36 ----DC---- C:\Windows\Temp
2009-09-21 12:38:10 ----DC---- C:\Windows\Tasks
2009-09-21 03:00:27 ----SHDC---- C:\Windows\Installer
2009-09-20 16:54:16 ----RDC---- C:\Program Files
2009-09-20 16:54:16 ----RDC---- \Program Files
2009-09-20 16:53:26 ----DC---- C:\Windows\System32
2009-09-20 16:53:26 ----DC---- C:\Windows\inf
2009-09-20 16:53:26 ----AC---- C:\Windows\system32\PerfStringBackup.INI
2009-09-20 16:52:03 ----DC---- C:\Windows\system32\Tasks
2009-09-19 15:14:17 ----DC---- C:\Windows\system32\drivers
2009-09-16 10:12:42 ----DC---- C:\Windows
2009-09-16 10:12:42 ----DC---- \Windows
2009-09-16 10:12:39 ----HDC---- C:\ProgramData
2009-09-16 10:12:39 ----HDC---- \ProgramData
2009-09-16 09:04:16 ----HDC---- C:\Config.Msi
2009-09-16 09:04:16 ----HDC---- \Config.Msi
2009-09-16 09:04:13 ----DC---- C:\Program Files\Common Files
2009-09-16 09:00:17 ----DC---- C:\Windows\system32\DRVSTORE
2009-09-16 08:30:25 ----DC---- C:\Windows\system32\catroot
2009-09-14 13:03:24 ----SHD---- C:\System Volume Information
2009-09-14 13:03:24 ----SHD---- \System Volume Information
2009-09-14 12:53:21 ----DC---- C:\Windows\system32\catroot2
2009-09-08 19:55:24 ----DC---- C:\Windows\Minidump
2009-09-08 19:55:24 ----DC---- C:\Windows\Debug
2009-09-06 22:26:21 ----SDC---- C:\Windows\Downloaded Program Files
2009-08-25 12:59:02 ----HDC---- C:\Program Files\InstallShield Installation Information
2009-08-25 12:58:56 ----DC---- C:\Program Files\Internet Explorer
2009-08-25 12:55:00 ----DC---- C:\Windows\Help
2009-08-25 12:54:17 ----RSDC---- C:\Windows\assembly
2009-08-25 12:52:38 ----D---- C:\Windows\winsxs
2009-08-24 22:39:06 ----SDC---- C:\Users\User\AppData\Roaming\Microsoft
2009-07-17 09:47:23 ----RSDC---- C:\Windows\Fonts
2009-07-17 09:44:42 ----DC---- C:\Program Files\Common Files\microsoft shared
2009-07-17 09:41:08 ----DC---- C:\Windows\system
2009-07-07 08:35:20 ----DC---- C:\Users\User\AppData\Roaming\uTorrent
2009-06-27 19:34:28 ----DC---- C:\Windows\system32\WDI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
R3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-06-24 34312]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2007-06-24 27656]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 DM9102; CNet PRO200 PCI Fast Ethernet NT Driver ; C:\Windows\system32\DRIVERS\DM9PCI5.SYS [2002-10-29 33280]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2008-11-14 36608]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-19 1959832]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-02-18 7765504]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2009-08-24 23832]
S1 avgio;avgio; \??\D:\Avira\AntiVir Desktop\avgio.sys []
S3 2WIREPCP;2Wire USB; C:\Windows\system32\DRIVERS\2WirePCP.sys [2007-03-23 60768]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-06-24 38920]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2008-07-22 15600]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
S3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-03-31 51200]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2007-12-27 166520]
R2 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2008-11-14 233472]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-02-18 207392]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 Start BT in service;Start BT in service; E:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; D:\Avira\AntiVir Desktop\sched.exe []
S2 AntiVirService;Avira AntiVir Guard; D:\Avira\AntiVir Desktop\avguard.exe []
S2 gupdate1c9a391f4bedba5;Google Update Service (gupdate1c9a391f4bedba5); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-13 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 szserver;STOPzilla Service; C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe [2009-07-20 57344]
S3 NBService;NBService; D:\Program Files\Nero 7\Nero BackItUp\NBService.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2009-06-27 1245064]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-09-21 13:35:07

======Uninstall list======

-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
ArcSoft Print Creations - Album Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1AlbumPage
ArcSoft Print Creations - Funhouse-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Funhouse
ArcSoft Print Creations - Greeting Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1GreetingCard
ArcSoft Print Creations - Photo Book-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1PhotoBook
ArcSoft Print Creations - Photo Calendar-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Calendar
ArcSoft Print Creations - Scrapbook-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1ScrapBook
ArcSoft Print Creations - Slimline Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Slimline
ArcSoft Print Creations-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9
BigPond ADSL Password Tool-->MsiExec.exe /X{281E3A71-83B7-4862-8FF7-095BEC1882CF}
Bluesoleil2.7.0.13 VoIP Release 071227-->MsiExec.exe /X{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}
CCleaner (remove only)-->"e:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
DM9XInst-->c:\Program Files\DAVICOM\DM9XInst\uninst2k.exe {D9E09B07-6C95-11D5-AEBB-00606E910201} PCI\ Win2k
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
e-tax 2009-->MsiExec.exe /X{0A8C7880-F199-4807-ABD4-6E695B71A3D7}
fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3-->E:\Program Files\HP\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop
HP Imaging Device Functions 10.0-->E:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Smart Web Printing-->E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Kodak EasyShare software-->C:\ProgramData\Kodak\EasyShareSetup\$SETUP_140001_328bb14\Setup.exe /APR-REMOVE
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
Malwarebytes' Anti-Malware-->"e:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft IPsec Diagnostic Tool-->MsiExec.exe /X{931DCC98-DA00-4908-8356-FB822088E278}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.3)-->e:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Ultra Edition-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Setup.exe" /X
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x0409 -removeonly
Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
STOPzilla-->MsiExec.exe /X{DB9ECBEC-F228-460D-8CF7-DCDCC872CBAB}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TestDrive Client-->MsiExec.exe /X{36C9E08A-BE2B-40A0-83C5-576748F7B777}
VirtualLab Client 5.7.3-->"C:\Program Files\BinaryBiz\VirtualLab5\unins000.exe"
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Driver Package - 2Wire (2WIREPCP) Net (03/22/2007 2.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\2wirepcp.inf_2b7726ce\2wirepcp.inf
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

======Hosts File======

127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: User-PC
Event Code: 7001
Message: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error:
The dependency service or group failed to start.
Record Number: 76577
Source Name: Service Control Manager
Time Written: 20090920065015.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.
Record Number: 76596
Source Name: Service Control Manager
Time Written: 20090920065022.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
Avgfwfd
avgio
Record Number: 76597
Source Name: Service Control Manager
Time Written: 20090920065023.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
Record Number: 76645
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20090920124418.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: User-PC
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Word Viewer 2003 (KB969614).
Record Number: 76668
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20090920170113.453000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: User-PC
Event Code: 16387
Message: Shadow copy creation failed because of error reported by ASR Writer. More info: The maximum number of secrets that may be stored in a single system has been exceeded. (0x80070565).
Record Number: 28681
Source Name: SPP
Time Written: 20090920170018.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 8193
Message: Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x800423f4).
Record Number: 28682
Source Name: System Restore
Time Written: 20090920170018.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 1024
Message: Product: Microsoft Office Word Viewer 2003 - Update 'Security Update for Word Viewer 2003 (KB969614): WORDVIEW' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Record Number: 28683
Source Name: MsiInstaller
Time Written: 20090920170027.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: User-PC
Event Code: 1000
Message: Faulting application HijackThis.exe, version 2.0.0.2, time stamp 0x466838c1, faulting module HijackThis.exe, version 2.0.0.2, time stamp 0x466838c1, exception code 0x80000003, fault offset 0x00142830, process id 0x3cc, application start time 0x01ca3a1c9c992d20.
Record Number: 28687
Source Name: Application Error
Time Written: 20090920180311.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 64
Message: Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.
Record Number: 28689
Source Name: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Time Written: 20090920224849.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 25128
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090921033500.773000-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 25129
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090921033500.798000-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 25130
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090921033500.821000-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 25131
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090921033500.845000-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 25132
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090921033500.869000-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Windows\Microsoft.NET\Framework\v2.0.50727;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Wingman » September 22nd, 2009, 4:26 pm

Hi Trigger,

Is this computer used for business? Please let me know in your reply.

Please do not run any "fix" programs and/or remove any files unless instructed to do so, by me. I need to see what's present in order to properly
diagnose the problem(s) and recommend corrective actions. Thanks.

Vista Advice
Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file & selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
MGA Diagnostics
I need you to run a tool... that will aid in determining what additional steps we'll need to perform.
  • Please download this tool from Microsoft, to your desktop.
  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click "Run" again...then Click "Continue".
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in. Save this file and post it in your next reply.

Step 2.
CKScanner
Please download CKScanner ... Save it to your desktop.
Make sure that CKScanner.exe is on the your desktop before running the application!
  1. Double-click on the CKScanner.exe icon... then click the Search For Files button.
  2. When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
    A text file will be created on your desktop named "ckfiles.txt"
  3. Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
  4. Please copy/paste the contents of ckfiles.txt in your next reply.

Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Business computer?
  3. MGA Diagnostics reults
  4. CKScanner - ckfiles.txt file contents
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: cant run hijackthis

Unread postby Trigger » September 22nd, 2009, 4:52 pm

hey wingman

1 the link you gave me for MGAdiag didnt work so i went and searched for it on windows web site got it from there

2. no i'm to poor to run a business. this computer is part of a home netwrok i have the network set up for online gaming with a xbox 360 its connected through a router

3.Diagnostic Report (1.7.0095.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: 0x0
Cached Validation Code: 0x0
Windows Product Key: *****-*****-VW3BT-JPDKY-VPWXH
Windows Product Key Hash: czDyRm0fuu4YNcsflSfdOdQWlZA=
Windows Product ID: 89572-OEM-7301091-55420
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.0.6001.2.00010300.1.0.002
CSVLK Server: N/A
CSVLK PID: N/A
ID: {35AFE104-A37D-4176-84DE-BE0EC2476D34}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: Windows Vista (TM) Home Basic
Architecture: 0x00000000
Build lab: 6001.vistasp1_gdr.090302-1506
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80004005
File Exists: No
Version: 1.7.105.35
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: 114
Version: 1.7.105.35
WGATray.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 1.7.105.35
Signed By: Microsoft
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-282-80041010_025D1FF3-170-80041010_025D1FF3-171-1_025D1FF3-434-80040154_025D1FF3-178-80040154_025D1FF3-179-2_025D1FF3-185-80070002_025D1FF3-199-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: e:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Disabled
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Disabled
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Disabled
Script ActiveX controls marked as safe for scripting: Disabled

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{35AFE104-A37D-4176-84DE-BE0EC2476D34}</UGUID><Version>1.7.0095.0</Version><OS>6.0.6001.2.00010300.1.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-VPWXH</PKey><PID>89572-OEM-7301091-55420</PID><PIDType>3</PIDType><SID>S-1-5-21-898363624-1207730517-237989879</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>GA-73VM-S2</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F3</Version><SMBIOSVersion major="2" minor="4"/><Date>20080121000000.000000+000</Date></BIOS><HWID>DD303507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>E. Australia Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002


4. CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----


i have uninstalled microsoft office it was just to open pps files that i got emailed to me by friends
i have read your articles on non genuine software and i thought i got it all before we started
office wont be coming back i got no need for it anymore now i dont get any emails with pps extention.
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Wingman » September 23rd, 2009, 5:01 pm

Hi Trigger,

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
RootRepeal
Please download RootRepeal.zip.
Save it to your Desktop. Alternate download links here or here.
Please print these instructions, you will not have an Internet connection!
If you have a 3rd party "unzipping" program...use it to open the zipped file...then skip to Step 5. Otherwise...
  1. Right click on RootRepeal.zip and select "Extract All"....
  2. Click Next on the "Welcome to the Compressed (zipped) Folders Extraction Wizard."
  3. Click on the Browse...button, then click on Desktop, then click OK.
  4. Once done, check (tick) the Show extracted files box and click Finish.
  5. Before running RootRepeal:
      Disconnect from the Internet as your system will be unprotected while using this tool.
      Close all programs and temporarily disable WINDOWS DEFENDER protection before performing a scan.
      Disable Windows Defender
      Windows Defender's Real Time Protection may interfere with the fix, so we need to temporarily disable it.
      • Open Windows Defender
      • Click Tools ... Under the "Settings" section...click "Option"
      • Under the "Automatic scanning" section ...uncheck the "Automatically scan my computer (recommended)" box.
      • Scroll down to "Real Time Protection Options" section.
      • Uncheck the "Turn on Real Time Protection (recommended)" box.
      • Close Windows Defender
      Don't forget to enable your Windows Defender, Real Time Protection, when your computer is clean..
  6. Open the RootRepeal folder and right-click on RootRepeal.exe select "Run as Administrator" to execute. If UAC prompted... allow it.
  7. When the program opens, click the Report tab at the bottom, then click the Scan button.
  8. In the Select Scan, dialog which asks What do you want to include in the scan?, check ALL the boxes.
    Image
  9. Click OK.
  10. In the Select Drives, dialog Please select drives to scan: select all drives showing, then click OK.
    The scan can take some time to finish. Do not use the computer while the scan is running.
    When the scan has completed, a list of files will be generated in the RootRepeal window.
  11. Click on the Save Report button and save it as "rootrepeal.txt" to your desktop.
  12. Close and exit RootRepeal
  13. Double-click on the file rootrepeal.txt... Notepad will open... copy/paste the file contents in your next reply.
Make sure to enable your anti-virus, Firewall and any other security programs you disabled.
Note: If RootRepeal cannot complete a scan and results in a crash report, try repeating the scan in "safe mode".

Step 2.
Re-run - RSIT (Random's System Information Tool)
You should still have this program on your desktop.
  1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  2. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
  3. Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)

Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. RootRepeal - rootrepeal.txt file contents
  3. RSIT sit
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: cant run hijackthis

Unread postby Trigger » September 23rd, 2009, 6:22 pm

1.Any problem executing the instructions? no went smoothly scan in safe mode

2.RootRepeal - rootrepeal.txt file contents

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/09/24 07:46
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x897C9000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x897BE000 Size: 45056 File Visible: No Signed: -
Status: -

Name: MSIVXmevwscqsornsixincigrkqvltqxnvcqp.sys
Image Path: C:\Windows\system32\drivers\MSIVXmevwscqsornsixincigrkqvltqxnvcqp.sys
Address: 0x8973A000 Size: 184320 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x897DB000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Windows\System32\MSIVXcount
Status: Invisible to the Windows API!

Path: C:\Windows\System32\MSIVXguibutqjrbxndcwfdfxubecfctifiosh.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\MSIVXwlrkxumevofxxqfmisbpnpnprtrcppxi.dll
Status: Invisible to the Windows API!

Path: C:\Program Files\Microsoft Games\Purble Place\PURBLE~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\System32\drivers\MSIVXmevwscqsornsixincigrkqvltqxnvcqp.sys
Status: Invisible to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_58b1a5ca663317c4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_db5f5c9d98cb161f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_5c400d5e63e93b68.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_54c1279468b7b84b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_d088a2ec442ef17b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.91_none_588445e3d272feb1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.91_none_0e9c342f74fd2e58.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_d6c3f1519bae0514.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_dc9917e997f80c63.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_516953ad0f4d16c4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.16720_none_c39efe8a3f927437\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.20883_none_acd7152e5934b92a\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.18111_none_c379e3403fe480d8\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.22230_none_acae53dc5989f9eb\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.16720_none_b103fb905f6db0d9\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.20883_none_9a3c1234790ff5cc\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.18111_none_b0dee0465fbfbd7a\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd20258aff\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.22230_none_9a1350e27965368d\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_a2f69a4627a6df36\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_8c2eb0ea41492429\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_a2d17efc27f8ebd7\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_8c05ef98419e64ea\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_32a2a55c0f70152b\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_1bdabc0029125a1e\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_896e9639ab2bdcfb\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_327d8a120fc221cc\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_2c88b9b71ca44e71\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_15c0d05b36469364\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_2c639e6d1cf65b12\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_15980f09369bd425\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6001.22230_none_5efce545badd1f03\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.16720_none_87d39b55197883e6\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.16720_none_87d39b55197883e6\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.20883_none_710bb1f9331ac8d9\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.20883_none_710bb1f9331ac8d9\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.18111_none_87ae800b19ca9087\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.18111_none_87ae800b19ca9087\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.22230_none_70e2f0a73370099a\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.22230_none_70e2f0a73370099a\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6000.16720_none_62b207ce0c996d96\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6000.20883_none_4bea1e72263bb289\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6001.18111_none_628cec840ceb7a37\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6001.22230_none_4bc15d202690f34a\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6000.16720_none_c035c989242f4981\WEB_LO~1.DEF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6000.20883_none_a96de02d3dd18e74\WEB_LO~1.DEF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6001.18111_none_c010ae3f24815622\WEB_LO~1.DEF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6001.22230_none_a9451edb3e26cf35\WEB_LO~1.DEF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_1bb1faae29679adf\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_879a188098bde787\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_70d22f24b2602c7a\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_8774fd36990ff428\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_70a96dd2b2b56d3b\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WIZARD~2.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WIZARD~3.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WIZARD~4.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WI1344~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WI5BF5~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WIZARD~2.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WIZARD~3.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WIZARD~4.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WI1344~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WI5BF5~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WIZARD~2.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WIZARD~3.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WIZARD~4.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WI1344~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WI5BF5~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WIZARD~2.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WIZARD~3.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WIZARD~4.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WI1344~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WI5BF5~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\CONFIR~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WIZARD~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WIZARD~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WIZARD~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI7FD4~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI49C3~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI2CD7~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI3A48~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\CONFIR~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WIZARD~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WIZARD~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WIZARD~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WI7FD4~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WI49C3~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WI2CD7~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WI3A48~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\CONFIR~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WIZARD~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WIZARD~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WIZARD~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WI7FD4~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WI49C3~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WI2CD7~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WI3A48~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\CONFIR~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WIZARD~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WIZARD~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WIZARD~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WI7FD4~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WI49C3~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WI2CD7~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WI3A48~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.16720_none_a35a3f7808e4975c\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.16720_none_a35a3f7808e4975c\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.20883_none_8c92561c2286dc4f\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.20883_none_8c92561c2286dc4f\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6000.16720_none_fc112931b73e055f\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6000.16720_none_fc112931b73e055f\GLOBAL~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6000.20883_none_e5493fd5d0e04a52\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_res_res_bProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Module [Name: MSIVXguibutqjrbxndcwfdfxubecfctifiosh.dll]
Process: svchost.exe (PID: 568) Address: 0x10000000 Size: 61440

Hidden Services
-------------------
Service Name: MSIVXserv.sys
Image Path: C:\Windows\system32\drivers\MSIVXmevwscqsornsixincigrkqvltqxnvcqp.sys

==EOF==
3.RSIT sit

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-09-24 08:00:24
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 2 GB (14%) free of 15 GB
Total RAM: 893 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:42 AM, on 9/24/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Users\User\Desktop\RSIT.exe
C:\Program Files\trend micro\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - FBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - *CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - E:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - E:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - E:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SymLnch] "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe" "C:\PROGRA~1\COMMON~1\SYMANT~1\SymSetup\{C1C18~1\Setup.exe" " /X"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AutoStartNPSAgent] E:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D965245-1D18-4311-93E7-85170C98C195}: NameServer = 85.255.112.174,85.255.112.71
O17 - HKLM\System\CCS\Services\Tcpip\..\{B051BBF1-D2E7-4AD6-A1A3-C8676AB2F333}: NameServer = 85.255.112.174,85.255.112.71
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.174,85.255.112.71
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.174,85.255.112.71
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\Skype4COM.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - D:\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - D:\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate1c9a391f4bedba5) (gupdate1c9a391f4bedba5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Unknown owner - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Start BT in service - Unknown owner - E:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 10209 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1827766B-9F49-4854-8034-F6EE26FCB1EC}]
ZILLAbar Browser Helper Object - E:\Program Files\STOPzilla!\SZSG.dll [2009-08-18 259520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}]
STOPzilla Browser Helper Object - E:\Program Files\STOPzilla!\SZIEBHO.dll [2009-08-18 222656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{98828DED-A591-462F-83BA-D2F62A68B8B8} - STOPzilla - E:\Program Files\STOPzilla!\SZSG.dll [2009-08-18 259520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-09-19 4702208]
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-02-18 13683232]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-02-18 92704]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"HP Software Update"=E:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"NPSStartup"= []
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-07-10 195072]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"SymLnch"=C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe C:\PROGRA~1\COMMON~1\SYMANT~1\SymSetup\{C1C18~1\Setup.exe /X []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"AutoStartNPSAgent"=E:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-08-08 98304]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Telstra\unpw\unpwclient.exe"="C:\Program Files\Telstra\unpw\unpwclient.exe:*:Enabled:BigPond Username/Password Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d367856-a0c4-11de-889e-001583184ae9}]
shell\AutoRun\command - DRIVER///vozacka.exe
shell\explore\command - DRIVER//vozacka.exe
shell\open\command - DRIVER//vozacka.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7758d994-57fd-11dd-99af-806e6f6e6963}]
shell\AutoRun\command - F:\Run.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2009-12-23 18:02:07 ----AC---- C:\Windows\system32\8953hzcktool163.exe
2009-12-17 04:28:05 ----AC---- C:\Windows\system32\15759pamboz15.dll
2009-11-29 07:39:43 ----AC---- C:\Windows\system32\5cedspars91z79.exe
2009-11-23 03:25:20 ----AC---- C:\Windows\system32\25952t5ojz9.exe
2009-11-21 01:45:38 ----AC---- C:\Windows\system32\7z505ownloa9er877.exe
2009-11-16 00:33:52 ----AC---- C:\Windows\system32\9556s9yz1c.dll
2009-11-12 08:19:32 ----AC---- C:\Windows\system32\zc4thief1359.exe
2009-11-10 10:55:22 ----AC---- C:\Windows\system32\28324zot-5-virus7439.exe
2009-11-07 16:42:33 ----AC---- C:\Windows\system32\2414zi5us2469.exe
2009-11-05 23:08:44 ----AC---- C:\Windows\system32\5964ba9kdozr2365.dll
2009-10-25 01:04:45 ----AC---- C:\Windows\system32\25699wozm663.dll
2009-10-23 17:55:58 ----AC---- C:\Windows\system32\zaeathrea925855.exe
2009-10-12 10:26:09 ----AC---- C:\Windows\system32\26999ozm7995.exe
2009-10-04 18:25:33 ----AC---- C:\Windows\system32\79zestea519479.dll
2009-10-04 00:01:31 ----AC---- C:\Windows\system32\59764szy126.exe
2009-09-24 10:39:52 ----AC---- C:\Windows\system32\5d79viz605.exe
2009-09-24 07:54:46 ----AC---- C:\RootRepeal report 09-24-09 (07-54-46).txt
2009-09-24 07:54:46 ----AC---- \RootRepeal report 09-24-09 (07-54-46).txt
2009-09-21 13:34:28 ----DC---- C:\rsit
2009-09-21 13:34:28 ----DC---- \rsit
2009-09-20 16:54:16 ----DC---- C:\Program Files\Trend Micro
2009-09-19 15:07:37 ----AC---- C:\MGtools.exe
2009-09-19 15:07:37 ----AC---- \MGtools.exe
2009-09-16 10:12:42 ----AC---- C:\Windows\ntbtlog.txt
2009-09-16 09:04:13 ----DC---- C:\Program Files\Common Files\iS3
2009-09-13 20:11:30 ----AC---- C:\Windows\system32\6c31backdoz51921.exe
2009-09-13 20:07:34 ----DC---- C:\Program Files\BinaryBiz
2009-09-12 12:54:19 ----AC---- C:\Windows\system32\3f6b5zkdoor2960.exe
2009-09-12 11:51:22 ----AC---- C:\Windows\system32\13728ha9kzoo5311.dll
2009-09-06 22:26:18 ----DC---- C:\Windows\BDOSCAN8
2009-09-05 21:32:40 ----AC---- C:\Windows\PhotoSnapViewer.INI
2009-09-05 07:47:31 ----AC---- C:\Windows\system32\1z023hackt9ol10a5.exe
2009-08-26 09:16:39 ----AC---- C:\Windows\system32\1b3backd95r158z.dll
2009-08-26 04:23:34 ----DC---- C:\Windows\Sun
2009-08-25 13:03:00 ----DC---- C:\Users\User\AppData\Roaming\KodakCredentialStore
2009-08-25 12:59:43 ----DC---- C:\Users\User\AppData\Roaming\Skinux
2009-08-25 12:58:15 ----DC---- C:\Program Files\QuickTime
2009-08-25 12:58:10 ----ASHC---- C:\Users\User\AppData\Roaming\desktop.ini
2009-08-25 12:57:27 ----DC---- C:\Users\User\AppData\Roaming\ArcSoft
2009-08-25 12:55:54 ----DC---- C:\Program Files\Common Files\ArcSoft
2009-08-25 12:55:54 ----DC---- C:\Program Files\ArcSoft
2009-08-25 12:55:00 ----DC---- C:\Program Files\Kodak
2009-08-25 12:52:50 ----DC---- C:\Program Files\Common Files\Kodak
2009-08-25 12:51:30 ----DC---- C:\Program Files\Common Files\MSSoap
2009-08-25 09:31:05 ----AC---- C:\Windows\NeroDigital.ini
2009-08-24 22:39:29 ----DC---- C:\Program Files\AVG
2009-08-24 22:21:48 ----DC---- C:\Users\User\AppData\Roaming\AVG8
2009-08-20 20:23:35 ----AC---- C:\Windows\system32\65ee9pars5189z.dll
2009-08-20 20:23:34 ----AC---- C:\Windows\system32\4753v5r69z.dll
2009-08-20 20:23:32 ----AC---- C:\Windows\system32\5e54spzrse2495.exe
2009-08-20 20:23:32 ----AC---- C:\Windows\system32\3215z9ro574a.dll
2009-08-20 20:23:30 ----AC---- C:\Windows\system32\12825hacztool529.dll
2009-08-20 20:23:29 ----AC---- C:\Windows\system32\79zeaddware5032.dll
2009-08-20 20:23:28 ----AC---- C:\Windows\system32\23785w9r51z9.exe
2009-08-20 20:23:28 ----AC---- C:\Windows\system32\12858not-a-vizu54149.exe
2009-08-20 20:23:27 ----AC---- C:\Windows\system32\7ed0do5zloade967.dll
2009-08-20 20:23:27 ----AC---- C:\Windows\system32\330za9dware11265.dll
2009-08-20 20:23:27 ----AC---- C:\Windows\system32\155steaz18329.dll
2009-08-20 20:23:26 ----AC---- C:\Windows\system32\3333no5-azvirus79b.exe
2009-08-20 20:23:25 ----AC---- C:\Windows\system32\15174s9y5z5.dll
2009-08-20 20:23:23 ----AC---- C:\Windows\system32\969zsparse5625.exe
2009-08-20 20:23:23 ----AC---- C:\Windows\system32\6161zparse5669.dll
2009-08-20 20:23:22 ----AC---- C:\Windows\system32\25b9szy5are1976.dll
2009-08-20 20:23:20 ----AC---- C:\Windows\system32\35z5spyware1796.dll
2009-08-20 20:23:19 ----AC---- C:\Windows\system32\6816hzckt5ol3e9.dll
2009-08-20 20:23:19 ----AC---- C:\Windows\system32\5z84th9eat15207.exe
2009-08-20 20:23:17 ----AC---- C:\Windows\system32\z4421spy2095.exe
2009-08-20 20:23:17 ----AC---- C:\Windows\system32\7a8avir15z9.exe
2009-08-20 20:23:17 ----AC---- C:\Windows\system32\5558spyware9z16.dll
2009-08-17 07:06:21 ----AC---- C:\Windows\system32\505bzddw9re361.dll
2009-08-15 07:29:40 ----AC---- C:\Windows\system32\1909ztro5e8.dll
2009-08-13 22:56:11 ----AC---- C:\Windows\system32\3az6addware3539.dll
2009-08-11 13:30:04 ----AC---- C:\Windows\system32\11431not-a5virz92ff.dll
2009-08-09 08:19:14 ----AC---- C:\Windows\system32\9536wo9m50z.exe
2009-08-08 21:22:08 ----DC---- C:\Program Files\MarkAnyContentSAFER
2009-08-08 21:06:31 ----DC---- C:\Windows\system32\Samsung_USB_Drivers
2009-08-08 21:05:07 ----AC---- C:\Windows\system32\FsUsbExDevice.Dll
2009-08-08 21:05:07 ----A---- C:\Windows\system32\FsUsbExService.Exe
2009-08-08 21:03:52 ----DC---- C:\Users\User\AppData\Roaming\Samsung
2009-07-22 18:35:32 ----AC---- C:\Windows\system32\zad2backdoor26595.dll
2009-07-20 14:57:28 ----RAC---- C:\Windows\system32\SZIO5.dll
2009-07-20 14:56:28 ----RAC---- C:\Windows\system32\SZBase5.dll
2009-07-20 14:56:04 ----RAC---- C:\Windows\system32\SZComp5.dll
2009-07-17 09:46:17 ----AC---- C:\Windows\ODBC.INI
2009-07-09 15:52:32 ----RAC---- C:\Windows\system32\IS3HTUI5.dll
2009-07-09 15:52:22 ----RAC---- C:\Windows\system32\IS3DBA5.dll
2009-07-09 15:51:40 ----RAC---- C:\Windows\system32\IS3UI5.dll
2009-07-09 15:51:24 ----RAC---- C:\Windows\system32\IS3Hks5.dll
2009-07-09 15:51:06 ----RAC---- C:\Windows\system32\IS3XDat5.dll
2009-07-09 15:50:48 ----RAC---- C:\Windows\system32\IS3Win325.dll
2009-07-09 15:50:28 ----RAC---- C:\Windows\system32\IS3Inet5.dll
2009-07-09 15:50:16 ----RAC---- C:\Windows\system32\IS3Svc5.dll
2009-07-09 15:47:06 ----RAC---- C:\Windows\system32\IS3Base5.dll
2009-07-06 16:59:54 ----AC---- C:\Windows\system32\68735roj33z9.exe
2009-06-27 19:13:09 ----DC---- C:\Users\User\AppData\Roaming\Symantec
2009-06-27 00:01:55 ----DC---- C:\Program Files\Common Files\Symantec Shared

======List of files/folders modified in the last 3 months======

2009-09-24 07:46:29 ----DC---- C:\Windows\system32\drivers
2009-09-24 07:44:25 ----DC---- C:\Windows\Temp
2009-09-24 07:43:45 ----DC---- C:\Windows\System32
2009-09-24 07:43:45 ----DC---- C:\Windows\inf
2009-09-24 07:43:45 ----AC---- C:\Windows\system32\PerfStringBackup.INI
2009-09-24 07:42:49 ----DC---- C:\Windows\Tasks
2009-09-24 07:37:57 ----DC---- C:\Windows\Prefetch
2009-09-24 03:00:35 ----SHDC---- C:\Windows\Installer
2009-09-23 07:12:18 ----HDC---- C:\Config.Msi
2009-09-23 07:12:18 ----HDC---- \Config.Msi
2009-09-23 07:12:13 ----RDC---- C:\Program Files
2009-09-23 07:12:13 ----RDC---- \Program Files
2009-09-23 07:12:13 ----DC---- C:\Program Files\Common Files\microsoft shared
2009-09-23 07:12:10 ----DC---- C:\Windows
2009-09-23 07:12:10 ----DC---- C:\Program Files\Common Files
2009-09-23 07:12:10 ----DC---- \Windows
2009-09-20 16:52:03 ----DC---- C:\Windows\system32\Tasks
2009-09-16 10:12:39 ----HDC---- C:\ProgramData
2009-09-16 10:12:39 ----HDC---- \ProgramData
2009-09-16 09:00:17 ----DC---- C:\Windows\system32\DRVSTORE
2009-09-16 08:30:25 ----DC---- C:\Windows\system32\catroot
2009-09-14 13:03:24 ----SHD---- C:\System Volume Information
2009-09-14 13:03:24 ----SHD---- \System Volume Information
2009-09-14 12:53:21 ----DC---- C:\Windows\system32\catroot2
2009-09-08 19:55:24 ----DC---- C:\Windows\Minidump
2009-09-08 19:55:24 ----DC---- C:\Windows\Debug
2009-09-06 22:26:21 ----SDC---- C:\Windows\Downloaded Program Files
2009-08-25 12:59:02 ----HDC---- C:\Program Files\InstallShield Installation Information
2009-08-25 12:58:56 ----DC---- C:\Program Files\Internet Explorer
2009-08-25 12:55:00 ----DC---- C:\Windows\Help
2009-08-25 12:54:17 ----RSDC---- C:\Windows\assembly
2009-08-25 12:52:38 ----D---- C:\Windows\winsxs
2009-08-24 22:39:06 ----SDC---- C:\Users\User\AppData\Roaming\Microsoft
2009-07-17 09:47:23 ----RSDC---- C:\Windows\Fonts
2009-07-17 09:41:08 ----DC---- C:\Windows\system
2009-07-07 08:35:20 ----DC---- C:\Users\User\AppData\Roaming\uTorrent
2009-06-27 19:34:28 ----DC---- C:\Windows\system32\WDI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2009-08-24 23832]
S1 avgio;avgio; \??\D:\Avira\AntiVir Desktop\avgio.sys []
S1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
S2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
S2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
S3 2WIREPCP;2Wire USB; C:\Windows\system32\DRIVERS\2WirePCP.sys [2007-03-23 60768]
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-06-24 34312]
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2007-06-24 27656]
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-06-24 38920]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 DM9102; CNet PRO200 PCI Fast Ethernet NT Driver ; C:\Windows\system32\DRIVERS\DM9PCI5.SYS [2002-10-29 33280]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2008-11-14 36608]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2008-07-22 15600]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-19 1959832]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-02-18 7765504]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
S3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-03-31 51200]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; D:\Avira\AntiVir Desktop\sched.exe []
S2 AntiVirService;Avira AntiVir Guard; D:\Avira\AntiVir Desktop\avguard.exe []
S2 BlueSoleil Hid Service;BlueSoleil Hid Service; E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2007-12-27 166520]
S2 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2008-11-14 233472]
S2 gupdate1c9a391f4bedba5;Google Update Service (gupdate1c9a391f4bedba5); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-13 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-02-18 207392]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
S2 Start BT in service;Start BT in service; E:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
S2 szserver;STOPzilla Service; C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe [2009-07-20 57344]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 NBService;NBService; D:\Program Files\Nero 7\Nero BackItUp\NBService.exe []
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2009-06-27 1245064]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]

-----------------EOF-----------------
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Wingman » September 24th, 2009, 8:02 am

Hi Trigger,

Rootkit - Backdoor Warning
I'm sorry to have to give you bad news. Your computer has multiple infections, including a rootkit/backdoor infection.

A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.
A backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge.

This type of infection, compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user. Typically it's installed without user interaction through security exploits, and can severely compromise system security.
Such infections may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These backdoor infections may also collect and transmit personally identifiable information, without your consent and severely degrade the performance and stability of your computer.
A backdoor infection can give intruders complete control of your computer, logs your keystrokes, obtain passwords, steal personal information, etc.

You are strongly advised to do the following:
  1. Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  2. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
    If you don't mind the hassle, change all your account numbers.
  3. From a clean computer, change all your passwords
    (Internet login, your email address(es), financial accounts, PayPal, eBay, Amazon...any online activities you carry out which require a username and password).
    Do NOT change your passwords from this computer, the attacker can still get all the new passwords and transaction records.
  4. Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.

Due to its rootkit - backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again.
Many experts in the security community believe that once infected with this type of Trojan,
the best course of action would be to do a reformat and re-installation of the operating system (OS).
This decision will have to be made by you...

To help you understand more, please take some time to read the following articles:
When should I re-format and reinstall my OS
What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

We can attempt to clean this machine, it could be a long and tedious process and we could not guarantee that it won't still be compromised, afterwards.

Please let me know how you wish to proceed.
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: cant run hijackthis

Unread postby Trigger » September 24th, 2009, 2:34 pm

ok thanks for your advice, lets try and clean this machine. if we cant get it clean theres always a reformat and install option.
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Wingman » September 25th, 2009, 4:40 pm

Hi Trigger,

OK, we can try to clean this machine...remember there are no guarantees, it won't still be compromised. Absence of symptoms does not mean the machine is clean.

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Please note the changes in the RSIT execution (Step 3.)... a folder needs to be deleted first!

Step 1.
Disable Windows Defender
Windows Defender's Real Time Protection may interfere with the fix, so we need to temporarily disable it.
  1. Open Windows Defender
  2. Click Tools ... Under the "Settings" section...click "Option"
  3. Under the "Automatic scanning" section ...uncheck the "Automatically scan my computer (recommended)" box.
  4. Scroll down to "Real Time Protection Options" section.
  5. Uncheck the "Turn on Real Time Protection (recommended)" box.
  6. Close Windows Defender


Step 2.
ComboFix - Rename
This program is a powerful tool, intended by its creator, to be "used under the guidance and supervision of trained malware removers", NOT for general public use. Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!

You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.
  1. Please download ComboFix.exe... © Copyrighted to sUBs. Alternate download sites: here or here.
    You must rename it before saving it... Rename it: FixTrig.exe . See images below. Save it to your desktop.

    Image

    Image
    --------------------------------------------------------------------
  2. Please disable any Antivirus and Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 2) have been taken care of...
  3. Double click on FixTrig.exe & follow the prompts. (For Vista ...you may need to right-click and run as Administrator)
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!

    ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.
    When finished... Notepad will open ... ComboxFix will produce a log file called "log.txt".
  4. Please copy/paste the contents of log.txt... in your next reply.
** Enable your Antivirus and Firewall, before connecting to the Internet again! **

Step 3.
RSIT (Random's System Information Tool)
You should still have this program on your desktop. If so, just ignore the download instructions.
Please download RSIT by random/random... save it to your desktop.

In order for both info and log files to be produced again, I need you to delete the existing RSIT folder:
  1. C:\RSIT <-- delete this entire folder , then...
  2. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  3. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... 2 (Notepad) text files...will be produced.
    The first one, "C:\RSIT\log.txt", will be maximized... the second one, "C:\RSIT\info.txt", will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.
    (These logs can be lengthy, so post 1 log per reply please.)

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. ComboFix log contents
  3. RSIT log.txt and info.txt files contents
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: cant run hijackthis

Unread postby Trigger » September 26th, 2009, 12:43 am

Hello Wingman
here are the logs you requested


ComboFix 09-09-25.01 - User 09/26/2009 13:55.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.893.331 [GMT 10:00]
Running from: c:\users\User\Desktop\FixTrig.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\User\Documents\cc_20090915_212433.reg
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Installer\1420e5c.msi
c:\windows\Installer\41a545b.msi
c:\windows\system32\1059parse2145z.ocx
c:\windows\system32\10640tr5z396.bin
c:\windows\system32\108895azse3270.cpl
c:\windows\system32\11005worm395z.ocx
c:\windows\system32\1108hackzoo9159.dll
c:\windows\system32\1139zddware5692.bin
c:\windows\system32\11431not-a5virz92ff.dll
c:\windows\system32\11923not-a-virus51z.bin
c:\windows\system32\11940v5rusz03.cpl
c:\windows\system32\119z9t5oj51.exe
c:\windows\system32\11a5downlozd9r1164.cpl
c:\windows\system32\1206spamb5t4d9z.ocx
c:\windows\system32\12119no9-a-virus51z.cpl
c:\windows\system32\12825hacztool529.dll
c:\windows\system32\1283d95nlozder1711.dll
c:\windows\system32\12858not-a-vizu54149.exe
c:\windows\system32\129z75py697.ocx
c:\windows\system32\13401vir9z7d5.cpl
c:\windows\system32\135a5pywzre2991.dll
c:\windows\system32\135z3wo9m70a.ocx
c:\windows\system32\13728ha9kzoo5311.dll
c:\windows\system32\1393downloader81z5.bin
c:\windows\system32\13960zpamb9t556.ocx
c:\windows\system32\13bdth9eat5122z.cpl
c:\windows\system32\15008no9-a-virus6az.dll
c:\windows\system32\15174s9y5z5.dll
c:\windows\system32\151fbackdooz595.dll
c:\windows\system32\15377not-a-vi9us15z.dll
c:\windows\system32\15591not-a-viruz6ac.cpl
c:\windows\system32\15598szambot389.cpl
c:\windows\system32\155steaz18329.dll
c:\windows\system32\15692hac9toolz59.cpl
c:\windows\system32\15759pamboz15.dll
c:\windows\system32\1584z9irusbe5.ocx
c:\windows\system32\15903wzrm9b6.bin
c:\windows\system32\15990szy7c09.ocx
c:\windows\system32\159z09roj3d9.bin
c:\windows\system32\1619vzr1375.bin
c:\windows\system32\16219ha9kto5l65z.ocx
c:\windows\system32\178579pambotz8c.cpl
c:\windows\system32\1785zvi59s702.cpl
c:\windows\system32\1796vz95047.cpl
c:\windows\system32\17e6bzckd9or2955.dll
c:\windows\system32\1847zv5rus699.bin
c:\windows\system32\18866w95m1z0.cpl
c:\windows\system32\1890addwarz2559.cpl
c:\windows\system32\18b5azd9are949.ocx
c:\windows\system32\18e9vir159z.ocx
c:\windows\system32\1909ztro5e8.dll
c:\windows\system32\19163hazkt5ol1099.cpl
c:\windows\system32\19199hacktz5l788.ocx
c:\windows\system32\19541spamb9t205z.ocx
c:\windows\system32\1979sparse81z5.cpl
c:\windows\system32\19890vi5us52z.dll
c:\windows\system32\19desteal5z28.cpl
c:\windows\system32\19z12h5cktool9f5.ocx
c:\windows\system32\19z43s5y18a.bin
c:\windows\system32\1b3backd95r158z.dll
c:\windows\system32\1cc0zp5ware892.bin
c:\windows\system32\1d41threzt91509.bin
c:\windows\system32\1e62thizf2945.bin
c:\windows\system32\1eb5threz97035.dll
c:\windows\system32\1faaszywa9e515.bin
c:\windows\system32\1fd9z5ief922.bin
c:\windows\system32\1z023hackt9ol10a5.exe
c:\windows\system32\1zd3v9r5949.ocx
c:\windows\system32\20127n9t5a-virzs413.bin
c:\windows\system32\2020195zj74b.bin
c:\windows\system32\2025threat10999z.ocx
c:\windows\system32\21749t5oz493.bin
c:\windows\system32\21797vi5uz59b.cpl
c:\windows\system32\218edo9nlozder5776.exe
c:\windows\system32\21966spazbot2a95.ocx
c:\windows\system32\225espzr9e2154.cpl
c:\windows\system32\229z0troj5f2.dll
c:\windows\system32\23785w9r51z9.exe
c:\windows\system32\24100zpy25b9.ocx
c:\windows\system32\2414zi5us2469.exe
c:\windows\system32\24254spamzot1129.ocx
c:\windows\system32\249679iruz55.cpl
c:\windows\system32\24998spyz6c5.bin
c:\windows\system32\25039ackzoor180.cpl
c:\windows\system32\25094notz9-virus46.cpl
c:\windows\system32\25227troz2399.ocx
c:\windows\system32\253975pa9bot5zb.ocx
c:\windows\system32\2540zhackt9ol45f.ocx
c:\windows\system32\25529notza-virus602.exe
c:\windows\system32\25699wozm663.dll
c:\windows\system32\257859cktooz3b4.bin
c:\windows\system32\25819spambot3faz.ocx
c:\windows\system32\25952t5ojz9.exe
c:\windows\system32\25980spy1zd5.bin
c:\windows\system32\259bth5ef94z.ocx
c:\windows\system32\25b9szy5are1976.dll
c:\windows\system32\25d0thre5t9z975.bin
c:\windows\system32\26361w9rz695.ocx
c:\windows\system32\26503spy59z.bin
c:\windows\system32\26999ozm7995.exe
c:\windows\system32\271bdzwnloa59r115.exe
c:\windows\system32\27649no5za-virus790.cpl
c:\windows\system32\27z53not-a-virus1209.ocx
c:\windows\system32\28324zot-5-virus7439.exe
c:\windows\system32\28995spy1az.cpl
c:\windows\system32\2955thre9t25360z.bin
c:\windows\system32\29585not95zvirus35c.ocx
c:\windows\system32\29628wo9m529z.dll
c:\windows\system32\29958wzrm5d9.exe
c:\windows\system32\2c4dbzckd9or1255.dll
c:\windows\system32\2c9zb5ckdoor2063.cpl
c:\windows\system32\2e97thief2z175.cpl
c:\windows\system32\2ea5te9z2339.cpl
c:\windows\system32\2f35threzt207379.dll
c:\windows\system32\2z112vir9s35.ocx
c:\windows\system32\2z1339py54.ocx
c:\windows\system32\2z299tro5391.cpl
c:\windows\system32\2z489viru95e.ocx
c:\windows\system32\2z967troj5129.dll
c:\windows\system32\30404tzoj559.dll
c:\windows\system32\311265zrus199.exe
c:\windows\system32\313849iz5s6e8.exe
c:\windows\system32\315z6t5oj169.ocx
c:\windows\system32\31z65spy1999.exe
c:\windows\system32\32043v9r5s7z4.bin
c:\windows\system32\3215z9ro574a.dll
c:\windows\system32\326fsp9r5z3008.ocx
c:\windows\system32\330za9dware11265.dll
c:\windows\system32\3333no5-azvirus79b.exe
c:\windows\system32\35071zp92ae.exe
c:\windows\system32\3531w95m63z.cpl
c:\windows\system32\35z5spyware1796.dll
c:\windows\system32\361ezackd5o91621.exe
c:\windows\system32\3683s5azbo9690.exe
c:\windows\system32\36c59iz304.dll
c:\windows\system32\392zthief1597.bin
c:\windows\system32\39c0vir85z.cpl
c:\windows\system32\39c9dzwnloa5er938.ocx
c:\windows\system32\3a23spywar5251z9.exe
c:\windows\system32\3a8eztea522759.ocx
c:\windows\system32\3az6addware3539.dll
c:\windows\system32\3c30do5nloazer1898.bin
c:\windows\system32\3cd69tezl3955.bin
c:\windows\system32\3cddt9r5at1210z.exe
c:\windows\system32\3dcb5p9rse1z95.bin
c:\windows\system32\3e48spar9ez1195.exe
c:\windows\system32\3e99spz59re2256.ocx
c:\windows\system32\3f6b5zkdoor2960.exe
c:\windows\system32\4041thiz51979.exe
c:\windows\system32\4109spa9se2z52.bin
c:\windows\system32\4139dzwnloader21625.cpl
c:\windows\system32\43bzthief9215.cpl
c:\windows\system32\449ddownlzader352.cpl
c:\windows\system32\44a0downlo5zer139.ocx
c:\windows\system32\455sparsez905.dll
c:\windows\system32\456cthrea97947z.cpl
c:\windows\system32\4584z9y5are2989.ocx
c:\windows\system32\4595vz5159.bin
c:\windows\system32\459bbazkdoor3156.exe
c:\windows\system32\45z9sparse1389.cpl
c:\windows\system32\4753v5r69z.dll
c:\windows\system32\47z49pa5se1650.exe
c:\windows\system32\4835backdzo51961.bin
c:\windows\system32\485badz59re1764.bin
c:\windows\system32\498dzownloa5er240.cpl
c:\windows\system32\498wz59342.ocx
c:\windows\system32\4994troz2155.ocx
c:\windows\system32\4b32s9y5aze298.bin
c:\windows\system32\4b79bzck5oor2044.bin
c:\windows\system32\4c5bza5kdoor1390.exe
c:\windows\system32\4ce5s9arse1596z.cpl
c:\windows\system32\4dc1ba5zdoor2957.dll
c:\windows\system32\4e2cszyware95155.cpl
c:\windows\system32\4ef75pyware395z.cpl
c:\windows\system32\4f0s5azse249.dll
c:\windows\system32\4z36thr5a93519.exe
c:\windows\system32\4zc1stea51799.exe
c:\windows\system32\505bzddw9re361.dll
c:\windows\system32\505czhreat15989.ocx
c:\windows\system32\5077stez91494.bin
c:\windows\system32\5096zot-a-viru955.dll
c:\windows\system32\51145ackd9zr879.exe
c:\windows\system32\5121zworm79d.bin
c:\windows\system32\514e9teal5002z.cpl
c:\windows\system32\51c9v9r1052z.ocx
c:\windows\system32\51d4d9wnlozder595.cpl
c:\windows\system32\522z4worm951.dll
c:\windows\system32\5259threat15395z.cpl
c:\windows\system32\52798spamboz6e1.bin
c:\windows\system32\52f4adzware18909.exe
c:\windows\system32\535ethi9f3z3.ocx
c:\windows\system32\5414downloadz53979.ocx
c:\windows\system32\5469addware6z2.ocx
c:\windows\system32\546dz952852.cpl
c:\windows\system32\5539sparsz5179.bin
c:\windows\system32\5558spyware9z16.dll
c:\windows\system32\55935orm665z.bin
c:\windows\system32\55c9spyware9z1.bin
c:\windows\system32\5626tzie51395.ocx
c:\windows\system32\5627szy59re2680.bin
c:\windows\system32\5636zownlo9der1856.bin
c:\windows\system32\57369spambz961.cpl
c:\windows\system32\59469acktool5e7z.dll
c:\windows\system32\5964ba9kdozr2365.dll
c:\windows\system32\59764szy126.exe
c:\windows\system32\59z95py733.exe
c:\windows\system32\5afzthi9f2085.exe
c:\windows\system32\5cedspars91z79.exe
c:\windows\system32\5d79viz605.exe
c:\windows\system32\5dd5sp9rse596z.bin
c:\windows\system32\5ddfdowz5oader1925.bin
c:\windows\system32\5e50spywa9e208z.ocx
c:\windows\system32\5e54spzrse2495.exe
c:\windows\system32\5f84backdoor7z9.exe
c:\windows\system32\5f96zteal8655.ocx
c:\windows\system32\5fc7baz95oor1069.ocx
c:\windows\system32\5z0esteal1950.dll
c:\windows\system32\5z19teal1136.exe
c:\windows\system32\5z79s9yware1655.exe
c:\windows\system32\5z84th9eat15207.exe
c:\windows\system32\609ad5ware566z.cpl
c:\windows\system32\6161zparse5669.dll
c:\windows\system32\61695hief30z8.bin
c:\windows\system32\6200tzoj295.dll
c:\windows\system32\62acdown5ozder2908.exe
c:\windows\system32\62z6backdoor9755.exe
c:\windows\system32\62z7thre5t94499.exe
c:\windows\system32\639s597acz.ocx
c:\windows\system32\6510trojz4f9.dll
c:\windows\system32\6551st9al2z87.ocx
c:\windows\system32\6558backdoor194z.bin
c:\windows\system32\655zb9ckdoor2849.dll
c:\windows\system32\6564not-a9vi5us6z0.bin
c:\windows\system32\65ee9pars5189z.dll
c:\windows\system32\6725adz95re1205.ocx
c:\windows\system32\6816hzckt5ol3e9.dll
c:\windows\system32\68735roj33z9.exe
c:\windows\system32\68z5v9r1972.ocx
c:\windows\system32\6904downloader15z3.bin
c:\windows\system32\691v5r49z.dll
c:\windows\system32\6956spazse2913.bin
c:\windows\system32\6969vir262z5.dll
c:\windows\system32\6a75bazkdoor5109.ocx
c:\windows\system32\6bc2dow5lozder16209.cpl
c:\windows\system32\6c31backdoz51921.exe
c:\windows\system32\6c4evzr19115.bin
c:\windows\system32\6ccdzwnl9ader2495.ocx
c:\windows\system32\6d5cvir2z69.cpl
c:\windows\system32\6ed9spyware5z97.bin
c:\windows\system32\6z509ddware2225.exe
c:\windows\system32\705cspazse9724.cpl
c:\windows\system32\70c6backdoorz592.bin
c:\windows\system32\70f4downloa5er4z9.ocx
c:\windows\system32\725caddwzr95199.bin
c:\windows\system32\73305a9ktool2z4.dll
c:\windows\system32\73ees5zw9re575.cpl
c:\windows\system32\7443steal9z95.ocx
c:\windows\system32\7458not-a-ziru529f.dll
c:\windows\system32\74acvi93554z.ocx
c:\windows\system32\75549pzmbot315.ocx
c:\windows\system32\756fthi5f25z9.bin
c:\windows\system32\7947vi5536z.dll
c:\windows\system32\79zeaddware5032.dll
c:\windows\system32\79zestea519479.dll
c:\windows\system32\7a8avir15z9.exe
c:\windows\system32\7adzteal9695.cpl
c:\windows\system32\7b3f5ir2997z.cpl
c:\windows\system32\7b4zsparse8539.ocx
c:\windows\system32\7bb4thiez9175.ocx
c:\windows\system32\7c59vir303z.ocx
c:\windows\system32\7ed0do5zloade967.dll
c:\windows\system32\7ffd9tez52425.cpl
c:\windows\system32\7z505ownloa9er877.exe
c:\windows\system32\7zedadd59re2101.cpl
c:\windows\system32\801stza532559.cpl
c:\windows\system32\8392zi5us6d9.cpl
c:\windows\system32\8712tr9z6d45.cpl
c:\windows\system32\8953hzcktool163.exe
c:\windows\system32\898zworm6905.exe
c:\windows\system32\8d6thze5t154349.exe
c:\windows\system32\8f3sparze5339.cpl
c:\windows\system32\91518zor53cf.bin
c:\windows\system32\91fzvir535.cpl
c:\windows\system32\9236stea52735z.bin
c:\windows\system32\92d4st5zl1423.ocx
c:\windows\system32\93z97not-a-v5rus269.cpl
c:\windows\system32\93zt59j49d.cpl
c:\windows\system32\945evirz53.ocx
c:\windows\system32\94z1th5ef224.ocx
c:\windows\system32\94z35worm1be.ocx
c:\windows\system32\950z8troj2db.bin
c:\windows\system32\9528vi5z985.ocx
c:\windows\system32\9536sparsz3159.bin
c:\windows\system32\9536wo9m50z.exe
c:\windows\system32\95390worm5az.bin
c:\windows\system32\95495spy2z7.ocx
c:\windows\system32\9556s9yz1c.dll
c:\windows\system32\95599worm2z.exe
c:\windows\system32\95897spa5zot63.exe
c:\windows\system32\9589spambot9bz.exe
c:\windows\system32\9595not-a-9izus7ed.cpl
c:\windows\system32\95a1zackdoor390.bin
c:\windows\system32\95z1spywar53088.cpl
c:\windows\system32\962atzreat25232.exe
c:\windows\system32\969zsparse5625.exe
c:\windows\system32\9755szy2a2.exe
c:\windows\system32\9762spamzot5349.ocx
c:\windows\system32\9783viruz15c.dll
c:\windows\system32\9852downloader2184z.cpl
c:\windows\system32\9856szeal2048.dll
c:\windows\system32\98ebzckdoor5513.ocx
c:\windows\system32\9904wo5m146z.dll
c:\windows\system32\99359izus5bf.dll
c:\windows\system32\9cb5sparze2106.exe
c:\windows\system32\9e99dowz5oader536.cpl
c:\windows\system32\9z37tro95fa.cpl
c:\windows\system32\9z425orm1c6.exe
c:\windows\system32\a5athzef5279.cpl
c:\windows\system32\a8d5teal269z.cpl
c:\windows\system32\c56st9alz140.exe
c:\windows\system32\c7zspa5s91587.ocx
c:\windows\system32\drivers\MSIVXmevwscqsornsixincigrkqvltqxnvcqp.sys
c:\windows\system32\fd9spzware851.ocx
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXguibutqjrbxndcwfdfxubecfctifiosh.dll
c:\windows\system32\MSIVXwlrkxumevofxxqfmisbpnpnprtrcppxi.dll
c:\windows\system32\z01695ckdoor1814.cpl
c:\windows\system32\z0b59hief473.ocx
c:\windows\system32\z127v9r2055.ocx
c:\windows\system32\z2093spamb5t70f.dll
c:\windows\system32\z3136s5ambot569.cpl
c:\windows\system32\z342v59us463.exe
c:\windows\system32\z3c9v5r2995.ocx
c:\windows\system32\z437wo9m5be.ocx
c:\windows\system32\z4421spy2095.exe
c:\windows\system32\z5534virus5989.ocx
c:\windows\system32\z7125sp9mbot31f.ocx
c:\windows\system32\z7580spy7859.cpl
c:\windows\system32\z79855p939.dll
c:\windows\system32\z7c9thr9at30591.bin
c:\windows\system32\z8759ief850.exe
c:\windows\system32\z9064troj2e45.ocx
c:\windows\system32\z9697troj595.bin
c:\windows\system32\za4cspywa5e409.cpl
c:\windows\system32\zad2backdoor26595.dll
c:\windows\system32\zaeathrea925855.exe
c:\windows\system32\zc4thief1359.exe
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys
-------\Legacy_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-08-26 to 2009-09-26 )))))))))))))))))))))))))))))))
.

2009-09-23 21:33 . 2009-09-23 21:33 0 -c--a-w- c:\windows\system32\settings.dat
2009-09-21 03:34 . 2009-09-21 03:35 -------- dc----w- C:\rsit
2009-09-20 06:54 . 2009-09-23 22:00 -------- dc----w- c:\program files\Trend Micro
2009-09-19 05:07 . 2009-09-19 05:07 2381322 -c--a-w- C:\MGtools.exe
2009-09-15 23:04 . 2009-09-26 04:07 -------- dc----w- c:\progra~2\STOPzilla!
2009-09-15 23:04 . 2009-09-15 23:04 -------- dc----w- c:\program files\Common Files\iS3
2009-09-15 22:29 . 2009-09-15 23:00 -------- dc----w- c:\progra~2\Lavasoft
2009-09-13 10:07 . 2009-09-13 10:07 -------- dc----w- c:\program files\BinaryBiz
2009-09-08 10:06 . 2009-08-03 03:36 38160 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 10:06 . 2009-09-08 10:06 -------- dc----w- c:\progra~2\Malwarebytes
2009-09-08 10:06 . 2009-08-03 03:36 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-09-06 12:26 . 2009-09-06 12:27 -------- dc----w- c:\windows\BDOSCAN8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-25 20:33 . 2009-03-13 04:11 -------- dc----w- c:\progra~2\Google Updater
2009-09-23 22:10 . 2008-07-21 23:58 1356 -c--a-w- c:\users\User\AppData\Local\d3d9caps.dat
2009-09-15 22:33 . 2009-06-26 14:01 -------- dc----w- c:\program files\Common Files\Symantec Shared
2009-09-15 11:32 . 2009-02-20 07:46 -------- dc----w- c:\progra~2\Symantec
2009-09-08 09:55 . 2008-08-01 00:27 -------- dc----w- c:\progra~2\Spybot - Search & Destroy
2009-08-25 03:03 . 2009-08-25 03:03 -------- dc----w- c:\users\User\AppData\Roaming\KodakCredentialStore
2009-08-25 03:01 . 2009-08-25 03:01 0 -c-ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-25 02:59 . 2009-08-25 02:59 -------- dc----w- c:\users\User\AppData\Roaming\Skinux
2009-08-25 02:59 . 2009-08-25 02:40 -------- dc----w- c:\progra~2\Kodak
2009-08-25 02:59 . 2008-07-22 00:06 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-08-25 02:58 . 2009-08-25 02:58 -------- dc----w- c:\program files\QuickTime
2009-08-25 02:58 . 2009-08-25 02:58 -------- dc----w- c:\progra~2\Apple Computer
2009-08-25 02:57 . 2009-08-25 02:57 -------- dc----w- c:\progra~2\ArcSoft
2009-08-25 02:57 . 2009-08-25 02:57 -------- dc----w- c:\users\User\AppData\Roaming\ArcSoft
2009-08-25 02:57 . 2009-08-25 02:55 -------- dc----w- c:\program files\Common Files\ArcSoft
2009-08-25 02:55 . 2009-08-25 02:55 -------- dc----w- c:\program files\ArcSoft
2009-08-25 02:55 . 2009-08-25 02:55 -------- dc----w- c:\program files\Kodak
2009-08-25 02:54 . 2009-08-25 02:52 -------- dc----w- c:\program files\Common Files\Kodak
2009-08-24 13:14 . 2009-08-24 13:14 -------- dc----w- c:\progra~2\Avira
2009-08-24 12:39 . 2009-08-24 12:39 -------- dc----w- c:\program files\AVG
2009-08-24 12:21 . 2009-08-24 12:21 -------- dc----w- c:\users\User\AppData\Roaming\AVG8
2009-08-24 10:50 . 2009-08-24 10:50 23832 -c--a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-08-08 11:22 . 2009-08-08 11:22 -------- dc----w- c:\program files\MarkAnyContentSAFER
2009-08-08 11:20 . 2007-10-25 07:26 5632 -c--a-w- c:\windows\system32\drivers\StarOpen.sys
2009-08-08 11:03 . 2009-08-08 11:03 -------- dc----w- c:\users\User\AppData\Roaming\Samsung
2009-08-07 05:05 . 2009-08-07 05:05 -------- dc----w- c:\progra~2\Bluetooth
2009-08-07 04:41 . 2009-08-07 04:28 1567 ----a-w- c:\windows\bthservsdp.dat
2009-07-28 06:33 . 2009-08-24 13:14 55656 -c--a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-22 23:39 . 2008-07-21 23:58 52968 -c--a-w- c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-20 04:57 . 2009-07-20 04:57 17408 -c--a-r- c:\windows\system32\SZIO5.dll
2009-07-20 04:56 . 2009-07-20 04:56 311296 -c--a-r- c:\windows\system32\SZBase5.dll
2009-07-20 04:56 . 2009-07-20 04:56 540672 -c--a-r- c:\windows\system32\SZComp5.dll
2009-07-09 05:52 . 2009-07-09 05:52 126976 -c--a-r- c:\windows\system32\IS3HTUI5.dll
2009-07-09 05:52 . 2009-07-09 05:52 393216 -c--a-r- c:\windows\system32\IS3DBA5.dll
2009-07-09 05:51 . 2009-07-09 05:51 385024 -c--a-r- c:\windows\system32\IS3UI5.dll
2009-07-09 05:51 . 2009-07-09 05:51 61440 -c--a-r- c:\windows\system32\IS3Hks5.dll
2009-07-09 05:51 . 2009-07-09 05:51 23040 -c--a-r- c:\windows\system32\IS3XDat5.dll
2009-07-09 05:50 . 2009-07-09 05:50 225280 -c--a-r- c:\windows\system32\IS3Win325.dll
2009-07-09 05:50 . 2009-07-09 05:50 94208 -c--a-r- c:\windows\system32\IS3Inet5.dll
2009-07-09 05:50 . 2009-07-09 05:50 90112 -c--a-r- c:\windows\system32\IS3Svc5.dll
2009-07-09 05:47 . 2009-07-09 05:47 724992 -c--a-r- c:\windows\system32\IS3Base5.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"AutoStartNPSAgent"="e:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-08-08 98304]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"HP Software Update"="e:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-19 4702208]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - e:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{2B4AECCF-1146-4148-8E73-D4E0CB03ACA7}d:\\bitcomet\\bitcomet.exe"= UDP:d:\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{7CAFAF91-757D-43C4-9D91-22AD9DA42FA2}d:\\bitcomet\\bitcomet.exe"= TCP:d:\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{6CD1DD9F-10AF-49BF-AEE5-A48DDD7950AA}d:\\program files\\team17\\worms armageddon\\wa.exe"= UDP:d:\program files\team17\worms armageddon\wa.exe:Worms Armageddon
"UDP Query User{E0ED7815-01CE-4ED1-B1F2-DCCC38D9A7CC}d:\\program files\\team17\\worms armageddon\\wa.exe"= TCP:d:\program files\team17\worms armageddon\wa.exe:Worms Armageddon
"{66BEA3F7-FCEE-4BC9-9973-4D6951AB24F3}"= TCP:67:DHCP Discovery Service
"{5C516EA3-38A2-4B09-8DC5-3F7546695872}"= TCP:67:DHCP Discovery Service
"{8A4BE6D3-98DA-48E6-A65F-5881EA05720D}"= UDP:d:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{AA9B6E94-08A4-446A-89EB-1DAF008BF1ED}"= TCP:d:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{6B5B0FB9-706C-413A-89F6-EB008442C85A}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{3408F7FB-5F85-4E6A-BC6A-B6BA8267865A}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{FC5E6C6B-5ADB-441C-9F0D-CCBF4582272F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{2C24DF2E-0EF7-46CE-B940-7628C18B9815}"= UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{2DBF4358-8FE4-4AEF-AA2C-9F861CA13E85}"= TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{880F9E76-4C17-44D2-B0CD-6AFEDF0E4FAB}"= Disabled:UDP:e:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{13726704-B87A-4C9B-B09E-5A5693DD8FD8}"= Disabled:TCP:e:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{41B9FD20-4F5A-445B-B55B-15937BA6B345}"= Disabled:UDP:e:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{C2FDB47E-7343-4549-B1C7-8F4301C0A801}"= Disabled:TCP:e:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{03423962-6D49-4613-B238-E0D5471322D8}"= Disabled:UDP:e:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{06346108-78C2-4961-9CBC-ADA2B7D8C527}"= Disabled:TCP:e:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{AE68C8D3-1A86-4F30-8692-F4DCE5CD557C}"= Disabled:UDP:e:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{C8FA63F4-8638-4A9F-9F14-11E95ADCB4B3}"= Disabled:TCP:e:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{1263CCF8-E92C-4326-A9E7-FCFC3BED390A}"= Disabled:UDP:e:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{3F0C42B8-BA2D-427D-977B-E93A7496FE9C}"= Disabled:TCP:e:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{603FCB4A-84F0-4480-9708-93C2F703DF02}"= UDP:2869:xbox
"{B749CE4D-7D19-4146-ACE4-BB39001174BB}"= UDP:10243:xbox
"{8783E065-3EE6-431A-AEE2-7F97D39EFE1C}"= TCP:1900:xbox
"{AACA0069-C1E4-4EB9-88BA-5ACDB014EB7F}"= TCP:10284:xbox
"{E52B751F-B575-4F2B-AAF6-0FDA956C36D1}"= TCP:10283:xbox
"{5CC9C7D4-DD5F-413C-BAE4-70A00C52B92F}"= TCP:10282:xbox
"{F567F6A6-6C9D-4E0B-B3FF-826BFBA30AD8}"= TCP:10281:xbox
"{2885423B-F3A2-455A-B8D7-4B68D6A332D3}"= TCP:10280:xbox
"{A45E7523-AD0E-4F2D-A9AE-23F9CC6125EC}"= UDP:e:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{965424BA-8771-442E-8A85-452A092211FB}"= TCP:e:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{259C1BB8-0CD9-4693-B807-F467AD199767}"= UDP:e:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{73D569FE-88F5-44B1-968F-3DB3188905FE}"= TCP:e:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{1D88EEC2-01D5-4F05-BEAF-203E207C65E5}"= UDP:e:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{669E9A33-D0FE-4E74-B42B-B15C17CFE3EB}"= TCP:e:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Telstra\\unpw\\unpwclient.exe"= c:\program files\Telstra\unpw\unpwclient.exe:*:Enabled:BigPond Username/Password Tool

R0 szkg5;szkg;c:\windows\System32\drivers\SZKG.sys [5/12/2009 2:13 PM 61328]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [3/15/2009 10:58 AM 55280]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [8/8/2009 9:05 PM 233472]
R2 Start BT in service;Start BT in service;e:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [12/27/2007 3:39 PM 51816]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [8/8/2009 9:05 PM 36608]
S1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [8/24/2009 8:50 PM 23832]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"d:\avira\AntiVir Desktop\sched.exe" --> d:\avira\AntiVir Desktop\sched.exe [?]
S2 gupdate1c9a391f4bedba5;Google Update Service (gupdate1c9a391f4bedba5);c:\program files\Google\Update\GoogleUpdate.exe [3/13/2009 2:12 PM 133104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - FSUSBEXDISK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-13 07:14]

2009-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 04:12]

2009-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 04:12]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xq455mzv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-FBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-*CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SymLnch - c:\program files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe
HKLM-Run-NPSStartup - (no file)
AddRemove-SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D} - c:\program files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Setup.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
SystemRoot\System32\smss.exe [436]
c:\windows\system32\csrss.exe [504]
c:\windows\system32\wininit.exe [556]
c:\windows\system32\csrss.exe [568]
c:\windows\system32\services.exe [600]
c:\windows\system32\lsass.exe [612]
c:\windows\system32\lsm.exe [620]
c:\windows\system32\winlogon.exe [744]
c:\windows\system32\svchost.exe [824]
c:\windows\system32\nvvsvc.exe [888]
c:\windows\system32\svchost.exe [916]
c:\windows\System32\svchost.exe [972]
c:\windows\System32\svchost.exe [1064]
c:\windows\System32\svchost.exe [1208]
c:\windows\system32\svchost.exe [1220]
c:\windows\system32\svchost.exe [1300]
c:\windows\system32\SLsvc.exe [1324]
c:\windows\system32\svchost.exe [1364]
c:\windows\system32\svchost.exe [1488]
c:\windows\system32\rundll32.exe [1568]
c:\windows\System32\spoolsv.exe [1832]
c:\windows\system32\svchost.exe [1856]
c:\windows\system32\taskeng.exe [1936]
c:\windows\system32\Dwm.exe [192]
c:\windows\system32\taskeng.exe [252]
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [464]
c:\windows\system32\taskeng.exe [812]
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe [900]
e:\program files\IVT Corporation\BlueSoleil\BTNtService.exe [1192]
c:\program files\Windows Live\Family Safety\fsssvc.exe [1504]
c:\windows\system32\FsUsbExService.Exe [1976]
c:\windows\system32\svchost.exe [2152]
c:\windows\System32\svchost.exe [2184]
c:\windows\System32\svchost.exe [2228]
c:\windows\system32\svchost.exe [2288]
c:\windows\system32\svchost.exe [2328]
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2600]
e:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2648]
c:\windows\system32\svchost.exe [2660]
c:\windows\System32\svchost.exe [2692]
c:\windows\system32\SearchIndexer.exe [2716]
c:\windows\system32\WUDFHost.exe [2828]
c:\windows\system32\SearchProtocolHost.exe [3444]
c:\windows\system32\wbem\wmiprvse.exe [3680]
c:\windows\system32\wbem\wmiprvse.exe [2260]
c:\windows\system32\CF22273.exe [2680]
c:\program files\Windows Defender\MSASCui.exe [3076]
c:\windows\RtHDVCpl.exe [1344]
c:\program files\Windows Live\Family Safety\fsui.exe [2888]
c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [1692]
c:\windows\System32\rundll32.exe [1592]
c:\program files\Java\jre6\bin\jusched.exe [280]
e:\program files\HP\HP Software Update\hpwuSchd2.exe [2296]
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [1296]
c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [3060]
e:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe [1112]
c:\program files\Windows Media Player\wmpnscfg.exe [1012]
e:\program files\HP\Digital Imaging\bin\hpqtra08.exe [676]
c:\program files\Windows Media Player\wmpnetwk.exe [912]
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe [3052]
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [2416]
e:\program files\HP\Digital Imaging\bin\hpqSTE08.exe [2884]
e:\program files\HP\Digital Imaging\bin\hpqbam08.exe [3100]
c:\windows\Explorer.exe [2596]
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [216]
c:\fixtrig\catchme.cfxxe [2536]
.
**************************************************************************
.
Completion time: 2009-09-26 14:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-26 04:09

Pre-Run: 1,949,306,880 bytes free
Post-Run: 2,077,704,192 bytes free

647 --- E O F --- 2009-09-25 17:00
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Trigger » September 26th, 2009, 12:49 am

Rsit info.TXT

info.txt logfile of random's system information tool 1.06 2009-09-26 14:14:38

======Uninstall list======

-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
ArcSoft Print Creations - Album Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1AlbumPage
ArcSoft Print Creations - Funhouse-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Funhouse
ArcSoft Print Creations - Greeting Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1GreetingCard
ArcSoft Print Creations - Photo Book-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1PhotoBook
ArcSoft Print Creations - Photo Calendar-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Calendar
ArcSoft Print Creations - Scrapbook-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1ScrapBook
ArcSoft Print Creations - Slimline Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Slimline
ArcSoft Print Creations-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9
BigPond ADSL Password Tool-->MsiExec.exe /X{281E3A71-83B7-4862-8FF7-095BEC1882CF}
Bluesoleil2.7.0.13 VoIP Release 071227-->MsiExec.exe /X{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}
CCleaner (remove only)-->"e:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
DM9XInst-->c:\Program Files\DAVICOM\DM9XInst\uninst2k.exe {D9E09B07-6C95-11D5-AEBB-00606E910201} PCI\ Win2k
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
e-tax 2009-->MsiExec.exe /X{0A8C7880-F199-4807-ABD4-6E695B71A3D7}
fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3-->E:\Program Files\HP\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop
HP Imaging Device Functions 10.0-->E:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Smart Web Printing-->E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Kodak EasyShare software-->C:\ProgramData\Kodak\EasyShareSetup\$SETUP_140001_328bb14\Setup.exe /APR-REMOVE
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
Malwarebytes' Anti-Malware-->"e:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft IPsec Diagnostic Tool-->MsiExec.exe /X{931DCC98-DA00-4908-8356-FB822088E278}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.3)-->e:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Ultra Edition-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x0409 -removeonly
Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
STOPzilla-->MsiExec.exe /X{DB9ECBEC-F228-460D-8CF7-DCDCC872CBAB}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TestDrive Client-->MsiExec.exe /X{36C9E08A-BE2B-40A0-83C5-576748F7B777}
VirtualLab Client 5.7.3-->"C:\Program Files\BinaryBiz\VirtualLab5\unins000.exe"
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Driver Package - 2Wire (2WIREPCP) Net (03/22/2007 2.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\2wirepcp.inf_2b7726ce\2wirepcp.inf
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: User-PC
Event Code: 7000
Message: The Avira AntiVir Scheduler service failed to start due to the following error:
The system cannot find the path specified.
Record Number: 78034
Source Name: Service Control Manager
Time Written: 20090926040727.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 7000
Message: The Avira AntiVir Guard service failed to start due to the following error:
The system cannot find the path specified.
Record Number: 78041
Source Name: Service Control Manager
Time Written: 20090926040727.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.
Record Number: 78080
Source Name: Service Control Manager
Time Written: 20090926040727.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
Avgfwfd
avgio
Record Number: 78081
Source Name: Service Control Manager
Time Written: 20090926040727.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 7034
Message: The STOPzilla Service service terminated unexpectedly. It has done this 1 time(s).
Record Number: 78089
Source Name: Service Control Manager
Time Written: 20090926040731.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: User-PC
Event Code: 12290
Message: Volume Shadow Copy Service warning: ASR writer Error 0x80070565. hr = 0x00000000.

Operation:
PrepareForBackup event
PrepareForBackup event

Context:
Execution Context: ASR Writer
Execution Context: Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {aa351e9b-2c12-4ca0-b6d5-157cd65ad6c5}
Record Number: 29056
Source Name: VSS
Time Written: 20090926034152.000000-000
Event Type: Warning
User:

Computer Name: User-PC
Event Code: 16387
Message: Shadow copy creation failed because of error reported by ASR Writer. More info: The maximum number of secrets that may be stored in a single system has been exceeded. (0x80070565).
Record Number: 29057
Source Name: SPP
Time Written: 20090926034152.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 8193
Message: Failed to create restore point on volume (Process = C:\Windows\system32\wbem\wmiprvse.exe; Descripton = ComboFix created restore point; Hr = 0x800423f4).
Record Number: 29058
Source Name: System Restore
Time Written: 20090926034152.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 29079
Source Name: Microsoft-Windows-WMI
Time Written: 20090926035345.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 29111
Source Name: Microsoft-Windows-WMI
Time Written: 20090926040727.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 25638
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090926041436.179350-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 25639
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090926041436.203350-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 25640
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090926041436.226350-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 25641
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090926041436.249350-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 25642
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090926041436.272350-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Windows\Microsoft.NET\Framework\v2.0.50727;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Trigger » September 26th, 2009, 12:50 am

and log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-09-26 14:14:18
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 2 GB (13%) free of 15 GB
Total RAM: 893 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:37 PM, on 9/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\User\Desktop\RSIT.exe
C:\Program Files\trend micro\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - E:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - E:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - E:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AutoStartNPSAgent] E:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\Skype4COM.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - D:\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - D:\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate1c9a391f4bedba5) (gupdate1c9a391f4bedba5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Unknown owner - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Start BT in service - Unknown owner - E:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 9315 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1827766B-9F49-4854-8034-F6EE26FCB1EC}]
ZILLAbar Browser Helper Object - E:\Program Files\STOPzilla!\SZSG.dll [2009-08-18 259520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}]
STOPzilla Browser Helper Object - E:\Program Files\STOPzilla!\SZIEBHO.dll [2009-08-18 222656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{98828DED-A591-462F-83BA-D2F62A68B8B8} - STOPzilla - E:\Program Files\STOPzilla!\SZSG.dll [2009-08-18 259520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-09-19 4702208]
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-02-18 13683232]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-02-18 92704]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"HP Software Update"=E:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-07-10 195072]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"AutoStartNPSAgent"=E:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-08-08 98304]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Telstra\unpw\unpwclient.exe"="C:\Program Files\Telstra\unpw\unpwclient.exe:*:Enabled:BigPond Username/Password Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 3 months======

2009-09-26 14:14:18 ----DC---- C:\rsit
2009-09-26 14:14:18 ----DC---- \rsit
2009-09-26 14:09:40 ----DC---- C:\Windows\temp
2009-09-26 14:09:38 ----AC---- C:\ComboFix.txt
2009-09-26 14:09:38 ----AC---- \ComboFix.txt
2009-09-26 14:07:40 ----DC---- C:\$RECYCLE.BIN
2009-09-26 14:07:40 ----DC---- \$RECYCLE.BIN
2009-09-26 13:41:42 ----AC---- C:\Windows\zip.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\SWXCACLS.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\SWSC.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\SWREG.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\sed.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\PEV.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\NIRCMD.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\grep.exe
2009-09-26 13:41:39 ----DC---- C:\Windows\ERDNT
2009-09-26 13:41:03 ----DC---- C:\Qoobox
2009-09-26 13:41:03 ----DC---- \Qoobox
2009-09-24 07:54:46 ----AC---- C:\RootRepeal report 09-24-09 (07-54-46).txt
2009-09-24 07:54:46 ----AC---- \RootRepeal report 09-24-09 (07-54-46).txt
2009-09-20 16:54:16 ----DC---- C:\Program Files\Trend Micro
2009-09-19 15:07:37 ----AC---- C:\MGtools.exe
2009-09-19 15:07:37 ----AC---- \MGtools.exe
2009-09-16 10:12:42 ----AC---- C:\Windows\ntbtlog.txt
2009-09-16 09:04:13 ----DC---- C:\Program Files\Common Files\iS3
2009-09-13 20:07:34 ----DC---- C:\Program Files\BinaryBiz
2009-09-06 22:26:18 ----DC---- C:\Windows\BDOSCAN8
2009-09-05 21:32:40 ----AC---- C:\Windows\PhotoSnapViewer.INI
2009-08-26 04:23:34 ----DC---- C:\Windows\Sun
2009-08-25 13:03:00 ----DC---- C:\Users\User\AppData\Roaming\KodakCredentialStore
2009-08-25 12:59:43 ----DC---- C:\Users\User\AppData\Roaming\Skinux
2009-08-25 12:58:15 ----DC---- C:\Program Files\QuickTime
2009-08-25 12:58:10 ----ASHC---- C:\Users\User\AppData\Roaming\desktop.ini
2009-08-25 12:57:27 ----DC---- C:\Users\User\AppData\Roaming\ArcSoft
2009-08-25 12:55:54 ----DC---- C:\Program Files\Common Files\ArcSoft
2009-08-25 12:55:54 ----DC---- C:\Program Files\ArcSoft
2009-08-25 12:55:00 ----DC---- C:\Program Files\Kodak
2009-08-25 12:52:50 ----DC---- C:\Program Files\Common Files\Kodak
2009-08-25 12:51:30 ----DC---- C:\Program Files\Common Files\MSSoap
2009-08-25 09:31:05 ----AC---- C:\Windows\NeroDigital.ini
2009-08-24 22:39:29 ----DC---- C:\Program Files\AVG
2009-08-24 22:21:48 ----DC---- C:\Users\User\AppData\Roaming\AVG8
2009-08-08 21:22:08 ----DC---- C:\Program Files\MarkAnyContentSAFER
2009-08-08 21:06:31 ----DC---- C:\Windows\system32\Samsung_USB_Drivers
2009-08-08 21:05:07 ----AC---- C:\Windows\system32\FsUsbExDevice.Dll
2009-08-08 21:05:07 ----A---- C:\Windows\system32\FsUsbExService.Exe
2009-08-08 21:03:52 ----DC---- C:\Users\User\AppData\Roaming\Samsung
2009-07-20 14:57:28 ----RAC---- C:\Windows\system32\SZIO5.dll
2009-07-20 14:56:28 ----RAC---- C:\Windows\system32\SZBase5.dll
2009-07-20 14:56:04 ----RAC---- C:\Windows\system32\SZComp5.dll
2009-07-17 09:46:17 ----AC---- C:\Windows\ODBC.INI
2009-07-09 15:52:32 ----RAC---- C:\Windows\system32\IS3HTUI5.dll
2009-07-09 15:52:22 ----RAC---- C:\Windows\system32\IS3DBA5.dll
2009-07-09 15:51:40 ----RAC---- C:\Windows\system32\IS3UI5.dll
2009-07-09 15:51:24 ----RAC---- C:\Windows\system32\IS3Hks5.dll
2009-07-09 15:51:06 ----RAC---- C:\Windows\system32\IS3XDat5.dll
2009-07-09 15:50:48 ----RAC---- C:\Windows\system32\IS3Win325.dll
2009-07-09 15:50:28 ----RAC---- C:\Windows\system32\IS3Inet5.dll
2009-07-09 15:50:16 ----RAC---- C:\Windows\system32\IS3Svc5.dll
2009-07-09 15:47:06 ----RAC---- C:\Windows\system32\IS3Base5.dll
2009-06-27 19:13:09 ----DC---- C:\Users\User\AppData\Roaming\Symantec
2009-06-27 00:01:55 ----DC---- C:\Program Files\Common Files\Symantec Shared

======List of files/folders modified in the last 3 months======

2009-09-26 14:10:08 ----DC---- C:\Windows\System32
2009-09-26 14:10:08 ----DC---- C:\Windows\inf
2009-09-26 14:10:08 ----AC---- C:\Windows\system32\PerfStringBackup.INI
2009-09-26 14:09:41 ----DC---- C:\Windows\system32\en-US
2009-09-26 14:09:41 ----DC---- C:\Windows\system32\drivers
2009-09-26 14:09:40 ----DC---- C:\Windows
2009-09-26 14:09:40 ----DC---- \Windows
2009-09-26 14:09:35 ----DC---- C:\Windows\Tasks
2009-09-26 14:07:47 ----AC---- C:\Windows\system.ini
2009-09-26 14:04:35 ----DC---- C:\Windows\system32\config
2009-09-26 14:01:38 ----SHDC---- C:\Windows\Installer
2009-09-26 14:01:37 ----SDC---- C:\Windows\Downloaded Program Files
2009-09-26 14:00:00 ----DC---- C:\Windows\AppPatch
2009-09-26 13:59:59 ----DC---- C:\Program Files\Common Files
2009-09-26 13:54:14 ----SHD---- C:\System Volume Information
2009-09-26 13:54:14 ----SHD---- \System Volume Information
2009-09-26 13:37:14 ----DC---- C:\Windows\Prefetch
2009-09-25 04:12:07 ----DC---- C:\Windows\Logs
2009-09-23 07:12:18 ----DC---- C:\Config.Msi
2009-09-23 07:12:18 ----DC---- \Config.Msi
2009-09-23 07:12:13 ----RDC---- C:\Program Files
2009-09-23 07:12:13 ----RDC---- \Program Files
2009-09-23 07:12:13 ----DC---- C:\Program Files\Common Files\microsoft shared
2009-09-20 16:52:03 ----DC---- C:\Windows\system32\Tasks
2009-09-16 10:12:39 ----DC---- C:\ProgramData
2009-09-16 10:12:39 ----DC---- \ProgramData
2009-09-16 09:00:17 ----DC---- C:\Windows\system32\DRVSTORE
2009-09-16 08:30:25 ----DC---- C:\Windows\system32\catroot
2009-09-14 12:53:21 ----DC---- C:\Windows\system32\catroot2
2009-09-08 19:55:24 ----DC---- C:\Windows\Minidump
2009-09-08 19:55:24 ----DC---- C:\Windows\Debug
2009-08-25 12:59:02 ----HDC---- C:\Program Files\InstallShield Installation Information
2009-08-25 12:58:56 ----DC---- C:\Program Files\Internet Explorer
2009-08-25 12:55:00 ----DC---- C:\Windows\Help
2009-08-25 12:54:17 ----RSDC---- C:\Windows\assembly
2009-08-25 12:52:38 ----D---- C:\Windows\winsxs
2009-08-24 22:39:06 ----SDC---- C:\Users\User\AppData\Roaming\Microsoft
2009-07-17 09:47:23 ----RSDC---- C:\Windows\Fonts
2009-07-17 09:41:08 ----DC---- C:\Windows\system
2009-07-07 08:35:20 ----DC---- C:\Users\User\AppData\Roaming\uTorrent
2009-06-27 19:34:28 ----DC---- C:\Windows\system32\WDI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
R3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-06-24 34312]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2007-06-24 27656]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 catchme;catchme; \??\C:\FixTrig\catchme.sys []
R3 DM9102; CNet PRO200 PCI Fast Ethernet NT Driver ; C:\Windows\system32\DRIVERS\DM9PCI5.SYS [2002-10-29 33280]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2008-11-14 36608]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-19 1959832]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-02-18 7765504]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2009-08-24 23832]
S1 avgio;avgio; \??\D:\Avira\AntiVir Desktop\avgio.sys []
S3 2WIREPCP;2Wire USB; C:\Windows\system32\DRIVERS\2WirePCP.sys [2007-03-23 60768]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-06-24 38920]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2008-07-22 15600]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
S3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-03-31 51200]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2007-12-27 166520]
R2 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2008-11-14 233472]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-02-18 207392]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 Start BT in service;Start BT in service; E:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; D:\Avira\AntiVir Desktop\sched.exe []
S2 AntiVirService;Avira AntiVir Guard; D:\Avira\AntiVir Desktop\avguard.exe []
S2 gupdate1c9a391f4bedba5;Google Update Service (gupdate1c9a391f4bedba5); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-13 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 szserver;STOPzilla Service; C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe [2009-07-20 57344]
S3 NBService;NBService; D:\Program Files\Nero 7\Nero BackItUp\NBService.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2009-06-27 1245064]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]

-----------------EOF-----------------
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Trigger » September 26th, 2009, 6:02 am

windows is asking to be updated, is this advisable at this point in time or do i wait? cause it wasn't able to get updates and continuosly poping up saying that it cant be updated and now its found a stack of updates that are "important", please let me know ok.
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 483 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware