Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:37 PM, on 5/1/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\conime.exe
c:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\SRN Micro\SOLOSENT.EXE
C:\SRN Micro\SOLOCFG.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\sttray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Steam\steam.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://rr.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe
O4 - HKLM\..\Run: [SoloSentry] C:\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\SRNMIC~1\SOLOCFG.EXE
O4 - HKLM\..\Run: [SoloSysCheck] C:\SRNMIC~1\SYSCHECK.COM
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [AnVir Task Manager Free] "C:\Program Files\AnVir Task Manager Free\AnVir.exe" Minimized
O4 - HKUS\S-1-5-21-873202033-3301692320-1648292914-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-873202033-3301692320-1648292914-1002\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-873202033-3301692320-1648292914-1002\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-873202033-3301692320-1648292914-1002\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-873202033-3301692320-1648292914-1002\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'IUSR_NMPR')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Append to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/200 ... oader5.cabO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
http://www.srtest.com/srl_bin/sysreqlab_srl.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader1006.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 1570590451O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) -
https://play.battlefield-heroes.com/sta ... 0.15.0.cabO16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -
http://support.f-secure.com/ols/fscax.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} -
http://3dlifeplayer.dl.3dvia.com/player ... taller.exeO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12229 bytes
ComboFix 09-05-02.4 - Owner 05/01/2009 22:40.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2029.645 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Spyware Cease
c:\program files\Spyware Cease\AnalysisReport.txt
c:\program files\Spyware Cease\AutoUpdate.exe
c:\program files\Spyware Cease\DefendLog.txt
c:\program files\Spyware Cease\hrdb.hrl
c:\program files\Spyware Cease\ls.dat
c:\program files\Spyware Cease\LSR.lsr
c:\program files\Spyware Cease\md5.dll
c:\program files\Spyware Cease\networkdll.dll
c:\program files\Spyware Cease\opfile.dll
c:\program files\Spyware Cease\rgp.tmp
c:\program files\Spyware Cease\RKHit.sys
c:\program files\Spyware Cease\RkHitApi.dll
c:\program files\Spyware Cease\spkdll.dll
c:\program files\Spyware Cease\SpywareCease.chm
c:\program files\Spyware Cease\SpywareCease.exe
c:\program files\Spyware Cease\SpywareCease.url
c:\program files\Spyware Cease\swdb.ssk
c:\program files\Spyware Cease\unins000.dat
c:\program files\Spyware Cease\unins000.exe
c:\program files\Spyware Cease\update\hrdb.hrl
c:\program files\Spyware Cease\update\md5.dll
c:\program files\Spyware Cease\update\opfile.dll
c:\program files\Spyware Cease\update\RKHit.sys
c:\program files\Spyware Cease\update\RkHitApi.dll
c:\program files\Spyware Cease\update\spkdll.dll
c:\program files\Spyware Cease\update\swdb.ssk
c:\program files\Spyware Cease\update\Update.ini
c:\program files\Spyware Cease\zlib1.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware Cease
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware Cease\Spyware Cease on the Web.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware Cease\Spyware Cease.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware Cease\Uninstall Spyware Cease.lnk
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\ovfsthxoerxbqie.sys
c:\windows\system32\drivers\RKHit.sys
c:\windows\system32\lmppcsetup.exe
c:\windows\system32\ovfsthxcunxpfcn.dat
c:\windows\system32\ovfsthxddbwflox.dat
c:\windows\system32\ovfsthxlog.dat
c:\windows\system32\ovfsthxmxqkprpt.dll
c:\windows\system32\ovfsthxohesyvir.dll
c:\windows\system32\ovfsthxohesyvir.dll.vir
c:\windows\system32\ovfsthxtcnwcmbq.dll
c:\windows\system32\winglsetup.exe
D:\Autorun.inf
L:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ovfsthxpbjhkdik
-------\Legacy_RKHIT
-------\Service_RkHit
((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.
2009-05-02 02:17 . 2009-05-02 02:17 -------- d-----w c:\users\Owner\AppData\Roaming\DragonicaSCB
2009-04-26 02:54 . 2009-04-26 02:54 -------- d-----w c:\users\Owner\AppData\Local\Symantec
2009-04-25 06:59 . 2009-04-29 02:34 -------- d-----w c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-04-25 06:59 . 2009-04-29 02:34 -------- d-----w c:\users\All Users\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-04-25 06:58 . 2009-04-29 02:34 -------- d-----w c:\programdata\Symantec
2009-04-25 06:58 . 2009-04-29 02:34 -------- d-----w c:\users\All Users\Symantec
2009-04-25 06:58 . 2009-04-29 02:34 -------- d-----w c:\programdata\Norton
2009-04-25 06:58 . 2009-04-29 02:34 -------- d-----w c:\users\All Users\Norton
2009-04-25 06:57 . 2009-04-25 06:57 -------- d-----w c:\programdata\NortonInstaller
2009-04-25 06:57 . 2009-04-25 06:57 -------- d-----w c:\users\All Users\NortonInstaller
2009-04-25 06:35 . 2009-04-25 06:35 -------- d-----w c:\program files\AnVir Task Manager Free
2009-04-25 06:35 . 2009-04-28 02:43 -------- d-----w c:\users\Owner\AppData\Local\AnVir
2009-04-25 06:33 . 2009-04-25 06:33 -------- d-----w c:\program files\Trend Micro
2009-04-25 05:32 . 2009-04-25 05:32 84992 ----a-w c:\windows\system32\drivers\ovfsthxoerxbqie.sys.vir
2009-04-25 03:00 . 2009-04-25 03:00 -------- d-----w C:\b5b60667d2f9b86c8d353b9d8784
2009-04-25 02:54 . 2009-04-25 02:54 -------- d-----w c:\programdata\Simply Super Software
2009-04-25 02:54 . 2009-04-25 02:54 -------- d-----w c:\users\All Users\Simply Super Software
2009-04-25 02:11 . 2009-04-25 02:11 -------- d-----w C:\GAMESAVE
2009-04-25 01:53 . 2009-04-25 02:11 -------- d-----w C:\NDSSAVE
2009-04-24 17:32 . 2009-04-24 17:32 -------- d-----w c:\programdata\Malwarebytes
2009-04-24 17:32 . 2009-04-24 17:32 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-24 07:15 . 2009-04-24 07:15 1340797 ----a-w C:\MGtools.exe
2009-04-24 07:09 . 2009-04-24 07:09 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-24 06:35 . 2009-04-24 06:35 -------- d-----w C:\fsaua.data
2009-04-24 06:30 . 2009-04-24 06:30 -------- d-----w c:\programdata\SUPERAntiSpyware.com
2009-04-24 06:30 . 2009-04-24 06:30 -------- d-----w c:\users\All Users\SUPERAntiSpyware.com
2009-04-24 06:29 . 2009-04-29 02:33 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-24 06:29 . 2009-04-29 02:33 -------- d-----w c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2009-04-24 05:43 . 2007-02-08 13:45 29184 ----a-w c:\windows\system32\drivers\ActionReplayDS.sys
2009-04-22 01:24 . 2009-04-22 01:24 -------- d-----w c:\users\Owner\AppData\Roaming\NBOS
2009-04-20 00:45 . 2009-04-20 00:45 -------- d-----w c:\program files\The Weather Channel FW
2009-04-20 00:44 . 2009-04-20 00:44 -------- d-----w c:\users\Owner\AppData\Local\The Weather Channel
2009-04-20 00:44 . 2009-04-22 01:28 -------- d-----w c:\program files\Trillian
2009-04-18 22:03 . 2005-07-15 19:21 3863040 ----a-w c:\windows\system\MSystem.dll
2009-04-18 16:53 . 2009-04-18 16:54 -------- d-----w c:\programdata\Tages
2009-04-18 16:53 . 2009-04-18 16:54 -------- d-----w c:\users\All Users\Tages
2009-04-18 05:38 . 2009-04-23 21:03 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-18 04:31 . 2009-04-18 04:31 -------- d-----w c:\users\Owner\AppData\Roaming\The Creative Assembly
2009-04-18 04:30 . 2008-10-10 08:52 2036576 ----a-w c:\windows\system32\D3DCompiler_40.dll
2009-04-18 04:30 . 2008-10-10 08:52 452440 ----a-w c:\windows\system32\d3dx10_40.dll
2009-04-18 04:30 . 2008-10-10 08:52 4379984 ----a-w c:\windows\system32\D3DX9_40.dll
2009-04-18 04:30 . 2008-10-27 14:04 70992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2009-04-18 04:30 . 2008-10-27 14:04 514384 ----a-w c:\windows\system32\XAudio2_3.dll
2009-04-18 04:30 . 2008-10-27 14:04 235856 ----a-w c:\windows\system32\xactengine3_3.dll
2009-04-18 04:30 . 2008-10-27 14:04 23376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2009-04-16 20:27 . 2009-04-16 20:27 -------- d-----w c:\program files\Common Files\ASign
2009-04-16 03:57 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-16 03:57 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-16 03:57 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-16 03:57 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-16 03:57 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-16 03:57 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-16 03:57 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-16 03:52 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-16 03:52 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-16 03:52 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-16 03:52 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-16 03:52 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll
2009-04-15 22:50 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-15 22:50 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-15 22:50 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-15 22:50 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-15 22:50 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-15 22:50 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-04-15 22:50 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-04-15 22:50 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-15 22:50 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll
2009-04-15 22:50 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-15 22:47 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 22:47 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 22:47 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-15 22:41 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-15 22:41 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-15 22:41 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-15 22:41 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w c:\windows\system32\DivX.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 02:50 . 2007-11-05 04:19 -------- d-----w c:\program files\Steam
2009-05-02 02:49 . 2006-11-02 13:01 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-01 18:46 . 2008-12-24 18:47 422 ---ha-w c:\windows\Tasks\User_Feed_Synchronization-{04883EBB-4A02-4FA2-BBD9-E025FFA6E953}.job
2009-05-01 06:59 . 2009-04-25 02:53 560 ----a-w c:\windows\Tasks\AntiVirus360Remover Scheduled Scan.job
2009-04-29 13:09 . 2007-10-15 19:09 151424 ----a-w c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-29 02:34 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-29 02:34 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-29 02:34 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-29 02:33 . 2007-11-10 01:36 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-29 02:31 . 2007-11-05 01:48 129876 ----a-w c:\windows\HPHins13.dat
2009-04-28 18:54 . 2007-10-15 19:08 2032 ----a-w c:\users\Owner\AppData\Local\d3d9caps.dat
2009-04-27 01:17 . 2008-09-10 19:24 -------- d-----w c:\program files\MagicISO
2009-04-25 02:13 . 2008-01-28 20:48 -------- d-----w c:\program files\M3 GAME Manager
2009-04-24 07:09 . 2007-11-05 20:04 -------- d-----w c:\program files\Java
2009-04-24 07:07 . 2008-12-31 05:36 -------- d-----w c:\program files\Left 4 Dead
2009-04-24 05:38 . 2007-11-04 18:23 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-24 05:35 . 2007-12-12 03:05 -------- d-----w c:\program files\Datel
2009-04-24 04:10 . 2007-10-16 11:52 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-23 21:03 . 2007-11-04 18:52 -------- d-----w c:\program files\DivX
2009-04-19 05:50 . 2007-11-05 04:20 -------- d-----w c:\program files\Common Files\Steam
2009-04-18 16:01 . 2007-11-08 20:37 279712 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-04-18 16:01 . 2007-11-08 20:37 25888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-04-16 07:00 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-13 06:11 . 2008-04-12 01:57 848 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-04-05 05:31 . 2008-02-01 00:14 81968 ----a-w c:\users\Owner\AppData\Roaming\GDIPFONTCACHEV1.DAT
2009-04-04 18:54 . 2007-11-04 20:32 -------- d-----w c:\program files\Common Files\Adobe
2009-03-26 00:17 . 2009-03-25 22:21 -------- d-----w c:\program files\Granado Espada
2009-03-24 19:32 . 2008-11-08 17:48 -------- d-----w c:\program files\Activision
2009-03-24 19:13 . 2007-11-09 20:43 -------- d-----w c:\program files\Electronic Arts
2009-03-19 04:12 . 2009-03-19 04:06 -------- d-----w c:\program files\PicaLoader
2009-03-17 03:38 . 2009-04-15 22:41 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-03 04:40 . 2009-04-15 22:48 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:37 . 2009-04-15 22:48 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 02:28 . 2009-04-15 22:48 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-09 03:10 . 2009-03-11 01:32 2033152 ----a-w c:\windows\system32\win32k.sys
2008-05-23 22:22 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-11 1410296]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-03-19 801904]
"AnVir Task Manager Free"="c:\program files\AnVir Task Manager Free\AnVir.exe" [2009-03-09 1563360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-04-06 439768]
"SoloSentry"="c:\srnmic~1\SOLOSENT.EXE" [2007-10-14 77824]
"SoloSchedule"="c:\srnmic~1\SOLOCFG.EXE" [2008-12-29 303104]
"SoloSysCheck"="c:\srnmic~1\SYSCHECK.COM" [2007-10-14 237568]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-21 155648]
"atwtusb"="atwtusb.exe" - c:\windows\System32\ATWTUSB.EXE [2007-03-20 315392]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-03-01 303104]
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{EEAA6B3E-5932-4691-86EE-7436A6271593}c:\\srn micro\\soloscan.exe"= UDP:c:\srn micro\soloscan.exe:Solo Antivirus Scanner
"UDP Query User{0641DC6F-E2CF-4360-9A60-B8696A346BF6}c:\\srn micro\\soloscan.exe"= TCP:c:\srn micro\soloscan.exe:Solo Antivirus Scanner
"{DDC9AA2E-755E-4C98-8AA8-F185F4E89921}"= UDP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{5DE3C8E4-3BC1-4F6A-894F-32A71BAAC337}"= TCP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{E51339CF-1FD5-47B0-880E-5215A908FD1C}"= UDP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{F851D42B-8730-465D-B5AE-A953BE15F1D6}"= TCP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{0A783BB4-00C0-4C76-96A9-550485DFE3BB}"= UDP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{E29F892E-9C32-4A20-A5D1-D2ABD161D853}"= TCP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{B93B3B25-93A3-45C1-9ECC-5127B8740469}"= UDP:c:\program files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:PMSManager
"{9ED25898-9C7F-4478-8688-048D3ED6EE90}"= TCP:c:\program files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:PMSManager
"{ED00B6BE-B2D9-4531-863D-D551A16D8665}"= UDP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"{223EF904-704C-45C7-B565-6D2A16B35164}"= TCP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"TCP Query User{884358E5-7BFD-4CB5-8407-A3B1C0CE58A5}l:\\world of warcraft\\backgrounddownloader.exe"= UDP:l:\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{EE69A8B2-9BD3-4661-B5DC-78E446C500D0}l:\\world of warcraft\\backgrounddownloader.exe"= TCP:l:\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"{253C67EC-A0D6-4B98-B749-4CBF3731432E}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{2B5877A1-EB38-42CC-8AAF-9FE6C949FA0E}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{AC0B5AE9-E973-458F-B1A6-B0672DD657DE}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{4AA248E7-79D1-4B72-9DD0-3EC365A144B3}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{CDEA2512-BC52-45FF-A4EC-720ED6A17F9A}c:\\srn micro\\solocfg.exe"= UDP:c:\srn micro\solocfg.exe:Solo Scheduler
"UDP Query User{11262B00-EFB9-417C-924E-2891A53B17F4}c:\\srn micro\\solocfg.exe"= TCP:c:\srn micro\solocfg.exe:Solo Scheduler
"TCP Query User{B44E61FE-7A47-42AF-9CAC-A1C59E2CBFED}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{BD1196C9-9FC7-4027-A9FE-1C59C176A891}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{D0248AC6-FBC5-4028-B92D-8970986C069B}c:\\program files\\steam\\steamapps\\lightrail\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\lightrail\team fortress 2\hl2.exe:hl2
"UDP Query User{B905930F-DF9C-4BA1-8B6B-6EF7F56C9738}c:\\program files\\steam\\steamapps\\lightrail\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\lightrail\team fortress 2\hl2.exe:hl2
"TCP Query User{8330772C-C7DD-4977-9021-1A09D5F3C411}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0096E18E-C078-457D-A408-EAEC1CC1F2E9}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{444AEF35-AC90-46F4-B2A8-9A98FB63F23C}l:\\mirc\\mirc.exe"= UDP:l:\mirc\mirc.exe:mIRC
"UDP Query User{947840F5-1D9F-4E35-B529-928FDF03EB26}l:\\mirc\\mirc.exe"= TCP:l:\mirc\mirc.exe:mIRC
"{098EDD32-1DED-40D4-8016-4CF3168D9F54}"= UDP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{3D9FF602-3B41-4A02-91FB-D8A1BF50B46F}"= TCP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{274C1220-90C0-47BF-BD9B-7812C6BF3648}"= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{130E417E-F396-4BB5-B7A0-5D9F2117D989}"= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{9514CD32-7CB6-439B-80E9-4A19107AD501}"= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{B4595F2D-C4CF-41C9-9ECE-95C30A0687AE}"= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{A1EE312A-2064-4428-95E5-E2B4CD486E7C}"= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{F74FDFE3-BA06-4375-AD47-6F4D1FEC97FF}"= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"TCP Query User{0C7EB7AB-B64E-448B-9F3B-7B94F5D354AB}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{52698632-C21D-4766-964D-DFB6E39C1285}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{06EF0674-FB8E-4C92-B5CA-72DD1A8FB08C}c:\\program files\\pinnacle\\studio 10\\programs\\studio.exe"= UDP:c:\program files\pinnacle\studio 10\programs\studio.exe:Studio program file
"UDP Query User{06AC896D-17FA-42D1-B744-471392690601}c:\\program files\\pinnacle\\studio 10\\programs\\studio.exe"= TCP:c:\program files\pinnacle\studio 10\programs\studio.exe:Studio program file
"TCP Query User{B714FA3F-8E90-4676-8E82-D8592598B79F}c:\\program files\\e frontier\\poser 7\\poser.exe"= UDP:c:\program files\e frontier\poser 7\poser.exe:Poser executable file
"UDP Query User{1BF02CCD-DF1E-4F94-816B-42DD5034CA7B}c:\\program files\\e frontier\\poser 7\\poser.exe"= TCP:c:\program files\e frontier\poser 7\poser.exe:Poser executable file
"TCP Query User{36BE491D-ACEC-4828-9A0B-64665D091FC6}l:\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe"= UDP:l:\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe:Blizzard Downloader
"UDP Query User{5114B52F-BBDD-4951-B3DA-F4507FB99ED1}l:\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe"= TCP:l:\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe:Blizzard Downloader
"TCP Query User{7D829BCC-4469-4F78-BA8C-A3556E21560C}c:\\program files\\steam\\steamapps\\lightrail\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\lightrail\team fortress 2\hl2.exe:hl2
"UDP Query User{F195E66D-DCBD-45AA-88A5-B6731BE85964}c:\\program files\\steam\\steamapps\\lightrail\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\lightrail\team fortress 2\hl2.exe:hl2
"TCP Query User{6B6815DF-6309-497E-A112-F203FD39DBA1}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{292D9FDA-7AF3-4037-B9D7-040905A2147A}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{01F1D35E-903C-44CD-941F-7AB4E0851492}c:\\srn micro\\solocfg.exe"= UDP:c:\srn micro\solocfg.exe:Solo Scheduler
"UDP Query User{81CF6921-21BE-4434-B613-616FF714E9B5}c:\\srn micro\\solocfg.exe"= TCP:c:\srn micro\solocfg.exe:Solo Scheduler
"{060F1553-1C5A-4580-8C3E-8027B06E3EF8}"= UDP:c:\program files\WiFiConnector\NintendoWFCReg.exe:Nintendo Wi-Fi USB Connector
"TCP Query User{ACB7ECE6-EE37-452D-AF61-C09369A4E688}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{6D6EFB15-47E5-4599-8012-14643C5ACF02}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{E5A126F9-4626-4F18-9EA1-E9B2444F615A}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{0129DA72-62B8-4452-8656-06A32F569608}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"TCP Query User{515A630E-7999-4B56-87B3-A8F2AD0323E2}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3BD167BB-119E-4EAC-AA9B-65331AF1A94C}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{25B70309-923B-4C28-BBCC-5B1C613D7D8C}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{55E29E6C-9F94-4215-8AAE-9A7DCA21E3E1}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{AF1D872B-79C4-4263-A3B7-231B385A522C}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{9F6D9274-FCA7-42F4-AF56-2058C764DDD1}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{4F05CB32-AA0E-4788-87C4-C3BFE8F6DAFD}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7353B9CB-50E8-413D-B9E2-4CB8A8840EDC}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{41E9EB5B-145D-4042-B973-D88589F512EF}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{C90CED45-33C0-47CB-B372-3DC2266B7548}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{71C7FDE1-51F0-47EA-B8D1-AC8FB1FC5E78}"= TCP:67:DHCP Discovery Service
"TCP Query User{73C43AF8-3E84-4E07-AEA0-C6583B23D57B}c:\\users\\owner\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\owner\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{BCED7255-F7A1-4AAF-AC4B-0912A869C6E6}c:\\users\\owner\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\owner\program files\utorrent\utorrent.exe:utorrent.exe
"{F0FE9609-A7E7-44F1-B91A-9AD1425F9134}"= UDP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{662CD182-E373-4327-8722-DDAA9C26A77B}"= TCP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"TCP Query User{94FEC822-0CC3-4CD2-8089-267A7AC4CDFD}c:\\users\\owner\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\owner\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{57E37506-BE58-4BEC-A523-B57D0D689BA4}c:\\users\\owner\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\owner\program files\utorrent\utorrent.exe:utorrent.exe
"{6699E800-2FBF-41E9-A224-FD02F6E5527E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F98C6533-F84A-4F98-B963-D80D39310A0D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{B719D131-DDBC-4DA1-B60F-B729EB29F360}c:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{7B232311-7B6E-45BF-88D5-F2BDB66CA1DA}c:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime
"TCP Query User{57C04569-1978-44C5-98AF-28974B18D443}c:\\program files\\yahoo!\\messenger\\yserver.exe"= UDP:c:\program files\yahoo!\messenger\yserver.exe:YServer Module
"UDP Query User{B7200BC3-678A-4BC5-B9D4-D19732EF2934}c:\\program files\\yahoo!\\messenger\\yserver.exe"= TCP:c:\program files\yahoo!\messenger\yserver.exe:YServer Module
"TCP Query User{43FDD766-79C3-421E-853D-66BF2DFDE949}c:\\program files\\anti-leech\\alie_1.0.2.3\\alhlp.exe"= UDP:c:\program files\anti-leech\alie_1.0.2.3\alhlp.exe:Anti-Leech plugin helper program
"UDP Query User{E69D86E1-4F0F-410E-B25B-181C675BD644}c:\\program files\\anti-leech\\alie_1.0.2.3\\alhlp.exe"= TCP:c:\program files\anti-leech\alie_1.0.2.3\alhlp.exe:Anti-Leech plugin helper program
"TCP Query User{3B66F48D-A756-46D0-8152-BA4B4D74A63D}c:\\program files\\microsoft games\\gears of war\\binaries\\wargame-g4wlive.exe"= UDP:c:\program files\microsoft games\gears of war\binaries\wargame-g4wlive.exe:Gears Of War
"UDP Query User{47D92609-9104-418E-A7DD-C935473CC930}c:\\program files\\microsoft games\\gears of war\\binaries\\wargame-g4wlive.exe"= TCP:c:\program files\microsoft games\gears of war\binaries\wargame-g4wlive.exe:Gears Of War
"TCP Query User{90AEFB6D-2BAA-4035-84FB-120466934827}c:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= UDP:c:\program files\unreal tournament 3\binaries\ut3.exe:UT3
"UDP Query User{6DC456F9-C597-4797-87CD-9556486D5EE3}c:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= TCP:c:\program files\unreal tournament 3\binaries\ut3.exe:UT3
"TCP Query User{A70D5DDF-7380-4973-B2AE-1D007D23A5FC}c:\\program files\\onwind\\zu-online\\zuonline.exe"= UDP:c:\program files\onwind\zu-online\zuonline.exe:ZuOnline
"UDP Query User{C96EF9C0-4608-4CB9-8A5F-31252B646CBF}c:\\program files\\onwind\\zu-online\\zuonline.exe"= TCP:c:\program files\onwind\zu-online\zuonline.exe:ZuOnline
"TCP Query User{A52741C5-0770-462A-A4F4-CB4EE282915B}c:\\users\\owner\\documents\\downloads\\melty_blood_-_act_cadenza_-_version_b\\mbcaster-beta-070912b\\exe\\mbcaster.exe"= UDP:c:\users\owner\documents\downloads\melty_blood_-_act_cadenza_-_version_b\mbcaster-beta-070912b\exe\mbcaster.exe:mbcaster.exe
"UDP Query User{C14F2EC6-655F-4443-B628-7358005CD248}c:\\users\\owner\\documents\\downloads\\melty_blood_-_act_cadenza_-_version_b\\mbcaster-beta-070912b\\exe\\mbcaster.exe"= TCP:c:\users\owner\documents\downloads\melty_blood_-_act_cadenza_-_version_b\mbcaster-beta-070912b\exe\mbcaster.exe:mbcaster.exe
"TCP Query User{5486571B-EBCB-498C-8531-F95F2211D740}c:\\program files\\steam\\steamapps\\lightrail\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\lightrail\source sdk base\hl2.exe:hl2
"UDP Query User{DCD3BAE9-1361-4ACB-8BB2-82F9897B7C50}c:\\program files\\steam\\steamapps\\lightrail\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\lightrail\source sdk base\hl2.exe:hl2
"{65C35FAD-0B09-4F39-A91C-9FCBDF18A8F7}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{8126028E-0720-458D-A9D5-E630E4CA05E5}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{66A3B321-7480-4F2B-A4D7-293576BF684B}c:\\program files\\e frontier\\poser figure artist\\poser figure artist.exe"= UDP:c:\program files\e frontier\poser figure artist\poser figure artist.exe:Poser Figure Artist executable file
"UDP Query User{76224506-F807-440F-9671-622574E56D91}c:\\program files\\e frontier\\poser figure artist\\poser figure artist.exe"= TCP:c:\program files\e frontier\poser figure artist\poser figure artist.exe:Poser Figure Artist executable file
"{13787350-9AA1-44F1-9CF7-B21B8E8ED648}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{4D5BDEFA-85DC-4712-83C4-EF96703F63EB}"= UDP:c:\users\Owner\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{F2C9C73B-72E4-4654-8BFC-006742C2C9C9}"= TCP:c:\users\Owner\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{6C5FA884-BC0E-4EC9-84BD-B27DD32F39FE}c:\\program files\\steam\\steamapps\\lightrail\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\lightrail\garrysmod\hl2.exe:hl2
"UDP Query User{285C21CC-C41F-4A73-AB4F-756C5CB91698}c:\\program files\\steam\\steamapps\\lightrail\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\lightrail\garrysmod\hl2.exe:hl2
"{136BBF22-A69A-48DC-B58B-6C0EDB581B43}"= UDP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{E1176A9C-7930-4818-B541-E4D75259F853}"= TCP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{BD3B6C96-43BD-441A-8A16-1CE8DB8C2DEF}"= UDP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{0C2DE950-C293-479A-AA48-7816DE81F9FA}"= TCP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{F6DDFF11-C396-45EA-BDC6-A8FBA2709280}"= UDP:c:\program files\Spark Unlimited\Legendary\Binaries\Legendary.exe:Legendary
"{4359A6C8-8FD4-427D-B47E-E594F63E54DF}"= TCP:c:\program files\Spark Unlimited\Legendary\Binaries\Legendary.exe:Legendary
"TCP Query User{69C91645-3207-4CA3-B8A6-C1CF3A12A0AA}c:\\program files\\lucasarts\\star wars jedi knight jedi academy\\gamedata\\jamp.exe"= UDP:c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe:Jedi Academy MultiPlayer
"UDP Query User{3A05A368-8BE3-4CB7-A94E-43438267D56F}c:\\program files\\lucasarts\\star wars jedi knight jedi academy\\gamedata\\jamp.exe"= TCP:c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe:Jedi Academy MultiPlayer
"TCP Query User{6E1C5104-D8DC-4201-8CE8-C933F7747DDA}c:\\program files\\bethesda softworks\\fallout 3\\fallout3.exe"= UDP:c:\program files\bethesda softworks\fallout 3\fallout3.exe:Fallout3
"UDP Query User{31D2849B-F125-49B3-94BD-2EB76178ECE0}c:\\program files\\bethesda softworks\\fallout 3\\fallout3.exe"= TCP:c:\program files\bethesda softworks\fallout 3\fallout3.exe:Fallout3
"TCP Query User{11D2154E-68B2-47AF-850E-304D69C17961}c:\\cyberstep\\splashfighters\\amped.exe"= UDP:c:\cyberstep\splashfighters\amped.exe:amped
"UDP Query User{B106B34A-A6D5-445B-8CE0-F60C74FDC52A}c:\\cyberstep\\splashfighters\\amped.exe"= TCP:c:\cyberstep\splashfighters\amped.exe:amped
"TCP Query User{1B5996BA-69EC-4CFA-A5C9-EAD0F3273115}c:\\program files\\left 4 dead\\left4dead.exe"= UDP:c:\program files\left 4 dead\left4dead.exe:left4dead
"UDP Query User{803C298B-722F-4849-AB3F-24D7D27A1354}c:\\program files\\left 4 dead\\left4dead.exe"= TCP:c:\program files\left 4 dead\left4dead.exe:left4dead
"TCP Query User{99B8C1F1-36A6-4925-859C-13AABD5F29C0}c:\\program files\\codemasters\\rise of the argonauts\\binaries\\riseoftheargonauts.exe"= UDP:c:\program files\codemasters\rise of the argonauts\binaries\riseoftheargonauts.exe:RiseOfTheArgonauts
"UDP Query User{E03779C0-DCEF-4052-A843-96B67A7F3701}c:\\program files\\codemasters\\rise of the argonauts\\binaries\\riseoftheargonauts.exe"= TCP:c:\program files\codemasters\rise of the argonauts\binaries\riseoftheargonauts.exe:RiseOfTheArgonauts
"{B531C615-2203-4976-B6C8-27A439349590}"= UDP:c:\program files\Steam\steam.exe:Steam
"{B096F40E-955E-4DB1-8FA6-C6E1614D2C3C}"= TCP:c:\program files\Steam\steam.exe:Steam
"TCP Query User{EC00E800-6D96-4AB9-9EAA-6D299D82EB05}c:\\users\\owner\\appdata\\local\\temp\\blizzard launcher temporary - 92002db0\\launcher.exe"= UDP:c:\users\owner\appdata\local\temp\blizzard launcher temporary - 92002db0\launcher.exe:launcher.exe
"UDP Query User{18B3CB21-299C-438F-8089-AAFA1C3ACC65}c:\\users\\owner\\appdata\\local\\temp\\blizzard launcher temporary - 92002db0\\launcher.exe"= TCP:c:\users\owner\appdata\local\temp\blizzard launcher temporary - 92002db0\launcher.exe:launcher.exe
"TCP Query User{75BA243E-D934-40F5-A9D4-12E4092EAE06}c:\\users\\owner\\desktop\\files\\pokemon game.exe"= UDP:c:\users\owner\desktop\files\pokemon game.exe:pokemon game.exe
"UDP Query User{2D83209A-582B-49FF-AA05-930A426A1AE1}c:\\users\\owner\\desktop\\files\\pokemon game.exe"= TCP:c:\users\owner\desktop\files\pokemon game.exe:pokemon game.exe
"TCP Query User{2B7C6B1C-9366-423B-B21B-46554EBDEE62}l:\\world of warcraft\\launcher.exe"= UDP:l:\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{B815E3B0-4672-4CD4-89ED-42331EC75A21}l:\\world of warcraft\\launcher.exe"= TCP:l:\world of warcraft\launcher.exe:Blizzard Launcher
"{EC864E70-4E7A-40FA-A8B7-06B07C9BBD13}"= UDP:3724:Blizzard Downloader: 3724
"{63C648E6-C304-4DDB-9B2D-19603C3A9D91}"= UDP:c:\program files\Steam\SteamApps\common\left 4 dead\srcds.exe:Left 4 Dead Dedicated Server
"{F7A40054-928D-418C-864F-C4810A9FC4A8}"= TCP:c:\program files\Steam\SteamApps\common\left 4 dead\srcds.exe:Left 4 Dead Dedicated Server
R1 aiptektp;Pen Pad;c:\windows\system32\DRIVERS\aiptektp.sys [2006-06-06 22528]
R1 SASKUTIL;SASKUTIL; [x]
R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS.sys [2007-02-08 29184]
R3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-04-06 39896]
R3 MBAMSwissArmy;MBAMSwissArmy; [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-04-23 15656]
R3 XDva234;XDva234; [x]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
S2 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-04-06 313816]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-19 5376]
S2 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-04-06 272856]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2008-06-06 3406120]
S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
S3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD.sys [2007-04-09 401408]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-10-16 5504]
--- Other Services/Drivers In Memory ---
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - K:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81971987-7b53-11dc-9468-f4928cc3e20f}]
\shell\AutoRun\command - K:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbe76615-8a56-11dc-be05-0019d181968a}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-05-01 c:\windows\Tasks\User_Feed_Synchronization-{04883EBB-4A02-4FA2-BBD9-E025FFA6E953}.job
- c:\windows\system32\msfeedssync.exe [2008-05-23 03:33]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-SpywareCease.exe - c:\program files\Spyware Cease\SpywareCease.exe
HKU-Default-Run-A00F378929.exe - c:\windows\TEMP\_A00F378929.exe
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://rr.com/mSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/def ... earch.htmluInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} -
hxxps://play.battlefield-heroes.com/sta ... 0.15.0.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-01 22:50
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-873202033-3301692320-1648292914-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4b,6a,1f,c3,c0,4a,67,e4,76,02,d5,e1,da,62,c6,fa,6a,00,d7,a9,c0,02,4d,
c9,99,0a,fe,c3,a4,ba,a2,a5,61,54,3a,a0,c4,4e,45,bf,2a,42,e8,15,cb,1e,a0,69,\
"??"=hex:8c,94,f9,41,31,76,1c,bd,50,a5,2d,ef,c8,50,2e,22
[HKEY_USERS\S-1-5-21-873202033-3301692320-1648292914-1000\Software\SecuROM\License information*]
"datasecu"=hex:ff,e8,e6,f0,39,a0,2d,82,a0,e7,04,33,0a,b0,f6,1d,fc,61,c8,73,f1,
7e,d5,b2,e4,c8,e3,f6,11,59,c6,d6,b7,5a,7c,68,1d,f3,12,c7,92,1b,17,1d,59,6e,\
"rkeysecu"=hex:31,8f,e5,02,fb,14,ec,67,9f,eb,5b,7c,7b,4c,9b,d7
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(416)
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
c:\program files\HP\HP Share-to-Web\HPGS2WNS.DLL
c:\program files\HP\HP Share-to-Web\S2WNSRES.DLL
c:\program files\HP\HP Share-to-Web\hpgs2wnfps.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wisptis.exe
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\System32\wisptis.exe
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\System32\conime.exe
c:\program files\HP\HP Share-to-Web\hpgs2wnf.exe
c:\srn micro\SOLOSENT.EXE
c:\srn micro\SOLOCFG.EXE
c:\program files\Intel\IntelDH\CCU\AlertService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\nexon\Mabinogi\npkcmsvc.exe
c:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\System32\WTablet\Wacom_TabletUser.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Common Files\Steam\SteamService.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Common Files\microsoft shared\ink\InputPersonalization.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehrecvr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-05-02 22:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-02 02:56
Pre-Run: 242,160,889,856 bytes free
Post-Run: 241,699,086,336 bytes free
Current=4 Default=4 Failed=2 LastKnownGood=3 Sets=1,2,3,4
483 --- E O F --- 2009-04-27 16:51