Hijackthis, Spybot S + D wont run

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Page 1 of 1

You cannot start a new topic
This topic is locked

Hijackthis, Spybot S + D wont run PC infected too but can't clean it

#1 darkchild101

Member

Group: Members
Posts: 108
Joined: 02-October 09

Posted 07 October 2009 - 03:34 PM

Hi chaps
Newbie here. My computer had been running perfectly until last week when Windows Defender alerted me to the detection of a tron rnos or something of that nature. Tried deleting/quaranting it and eventually Defender said this had been done. Immiditiately after i couldnt run Hijackthis. When try to run it comes back saying windows cannot access the specified device, path or file. You may not have approriate permissions to access the item. Tried installed Sbybod S +D and when tried run it it too came back saying the same. I am the only user on this computer and automatically run it as administrator so it cannot be admin issues

Have already run the following on advice of a mate

Combofix and here is the log

ComboFix 09-10-05.01 - user1 06/10/2009 18:54.1.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1917.1132 [GMT 1:00]
Running from: c:\users\user1\Documents\Ulead DVD MovieFactory\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\$recycle.bin\S-1-5-21-2393766080-3187394018-3383541026-500
c:\$recycle.bin\S-1-5-21-899496415-1834721142-2599837188-500
c:\program files\Common Files\System\Uninstall
c:\users\user1\AppData\Local\{0F714ABA-74F2-40FA-9D7C-5BA031B1883F}
c:\users\user1\AppData\Local\{0F714ABA-74F2-40FA-9D7C-5BA031B1883F}\chrome.manifest
c:\users\user1\AppData\Local\{0F714ABA-74F2-40FA-9D7C-5BA031B1883F}\chrome\content\_cfg.js
c:\users\user1\AppData\Local\{0F714ABA-74F2-40FA-9D7C-5BA031B1883F}\chrome\content\overlay.xul
c:\users\user1\AppData\Local\{0F714ABA-74F2-40FA-9D7C-5BA031B1883F}\install.rdf
c:\users\user1\AppData\Roaming\02000000e71caa19530C.manifest
c:\users\user1\AppData\Roaming\02000000e71caa19530O.manifest
c:\users\user1\AppData\Roaming\02000000e71caa19530P.manifest
c:\users\user1\AppData\Roaming\02000000e71caa19530S.manifest
c:\users\user1\AppData\Roaming\Desktopicon
c:\users\user1\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\drivers\Sonyhcp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2009-09-06 to 2009-10-06 )))))))))))))))))))))))))))))))
.

2009-10-06 18:02 . 2009-10-06 18:06 -------- d-----w- c:\users\user1\AppData\Local\temp
2009-10-06 18:02 . 2009-10-06 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-03 01:54 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-03 01:54 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-03 01:54 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-03 01:54 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-03 01:53 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-03 01:53 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-03 01:53 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-03 01:53 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-03 01:53 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-03 00:42 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 23:16 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-01 23:16 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-01 23:16 . 2009-10-01 23:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-30 22:51 . 2009-09-30 22:51 0 ----a-w- c:\windows\system32\wmtog32.dat
2009-09-30 22:34 . 2009-10-02 21:54 0 ----a-w- c:\windows\win32k.sys
2009-09-30 21:41 . 2009-09-30 21:47 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-09-30 21:41 . 2009-09-30 21:47 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-09-30 21:38 . 2009-09-30 22:28 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-09-30 21:38 . 2009-09-30 21:38 -------- d-----w- c:\windows\Replay Media Catcher
2009-09-30 17:50 . 2009-10-03 21:15 -------- d-----w- c:\users\user1\AppData\Roaming\DVD Flick
2009-09-30 17:50 . 2003-01-26 12:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2009-09-30 17:50 . 2009-09-30 17:50 -------- d-----w- c:\program files\DVD Flick
2009-09-30 13:38 . 2009-10-05 20:55 -------- d-----w- C:\YouTubeVideos
2009-09-30 13:35 . 2009-09-30 13:35 -------- d-----w- c:\program files\4U Computing
2009-09-29 21:06 . 2009-09-29 21:07 -------- d-----w- c:\program files\Ask.com
2009-09-29 21:05 . 2009-09-29 21:05 -------- d-----w- c:\program files\uTorrent
2009-09-29 21:05 . 2009-10-06 18:03 -------- d-----w- c:\users\user1\AppData\Roaming\uTorrent
2009-09-26 15:53 . 2009-09-26 15:53 -------- d-----w- c:\program files\iPod
2009-09-26 15:53 . 2009-09-26 15:55 -------- d-----w- c:\program files\iTunes
2009-09-22 17:30 . 2009-09-22 17:30 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2009-09-22 17:29 . 2009-09-22 17:29 -------- d-----w- c:\users\user1\AppData\Local\Downloaded Installations
2009-09-22 17:28 . 2009-09-22 17:38 -------- d-----w- c:\users\user1\AppData\Roaming\GetRightToGo
2009-09-22 16:17 . 2009-09-22 17:05 -------- d-----w- c:\users\user1\AppData\Local\ElevatedDiagnostics
2009-09-22 16:13 . 2009-09-22 16:13 -------- d-----w- c:\program files\Microsoft ATS
2009-09-21 21:28 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-21 21:28 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-21 21:28 . 2009-09-21 21:28 -------- d-----w- c:\programdata\Avira
2009-09-21 21:28 . 2009-09-21 21:28 -------- d-----w- c:\program files\Avira
2009-09-21 14:14 . 2009-09-21 14:14 -------- d-----w- c:\program files\ERUNT
2009-09-21 02:23 . 2009-09-21 02:23 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-09-21 02:05 . 2009-09-21 02:06 -------- d-----w- c:\windows\system32\ca-ES
2009-09-21 02:05 . 2009-09-21 02:06 -------- d-----w- c:\windows\system32\eu-ES
2009-09-21 02:05 . 2009-09-21 02:06 -------- d-----w- c:\windows\system32\vi-VN
2009-09-21 00:52 . 2009-09-21 00:52 -------- d-----w- c:\windows\system32\EventProviders
2009-09-21 00:49 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-09-21 00:47 . 2009-04-11 06:28 327168 ----a-w- c:\windows\system32\P2PGraph.dll
2009-09-21 00:46 . 2009-04-11 06:28 443392 ----a-w- c:\windows\system32\win32spl.dll
2009-09-21 00:45 . 2009-04-11 06:28 449024 ----a-w- c:\windows\system32\termsrv.dll
2009-09-21 00:44 . 2009-04-11 06:28 825856 ----a-w- c:\windows\system32\rasdlg.dll
2009-09-21 00:43 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-09-21 00:43 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-09-21 00:43 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-09-21 00:43 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-09-21 00:43 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-09-21 00:43 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-09-21 00:43 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-09-21 00:43 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-09-21 00:43 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-09-21 00:43 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-09-21 00:42 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-09-21 00:07 . 2009-07-31 14:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-17 18:29 . 2009-09-17 18:29 -------- d-----w- c:\windows\system32\SDA
2009-09-14 19:36 . 2009-09-11 12:15 2491192 ----a-w- c:\users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\m8qw4nsa.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-09-14 19:36 . 2006-10-16 17:44 196608 ----a-w- c:\users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\m8qw4nsa.default\extensions\firefox@tvunetworks.com\plugins\ssleay32.dll
2009-09-14 19:36 . 2008-03-04 17:52 286720 ----a-w- c:\users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\m8qw4nsa.default\extensions\firefox@tvunetworks.com\plugins\libcurl.dll
2009-09-14 19:36 . 2007-10-31 08:39 59904 ----a-w- c:\users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\m8qw4nsa.default\extensions\firefox@tvunetworks.com\plugins\zlib1.dll
2009-09-14 19:36 . 2007-05-17 12:58 143360 ----a-w- c:\users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\m8qw4nsa.default\extensions\firefox@tvunetworks.com\plugins\libexpatw.dll
2009-09-14 19:36 . 2006-10-18 16:32 499712 ----a-w- c:\users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\m8qw4nsa.default\extensions\firefox@tvunetworks.com\plugins\msvcp71.dll
2009-09-14 19:36 . 2006-10-18 16:32 348160 ----a-w- c:\users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\m8qw4nsa.default\extensions\firefox@tvunetworks.com\plugins\msvcr71.dll
2009-09-14 19:36 . 2006-10-16 17:44 1028096 ----a-w- c:\users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\m8qw4nsa.default\extensions\firefox@tvunetworks.com\plugins\libeay32.dll
2009-09-14 00:37 . 2009-09-26 09:56 -------- d-----w- c:\users\user1\AppData\Roaming\skypePM
2009-09-12 15:44 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-12 15:44 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-12 15:43 . 2009-09-12 15:44 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 15:39 . 2009-09-12 15:39 -------- d-----w- c:\program files\QuickTime
2009-09-12 00:39 . 2009-09-12 00:39 -------- d-----w- c:\users\user1\AppData\Local\WinZip
2009-09-12 00:38 . 2009-09-12 00:39 -------- d-----w- c:\programdata\WinZip
2009-09-12 00:31 . 2009-09-12 00:31 -------- d-----w- C:\USB_DRV
2009-09-07 11:37 . 2009-09-07 11:37 -------- d-----w- c:\program files\Veetle
2009-09-07 00:25 . 2009-09-07 00:25 -------- d-----w- c:\users\user1\AppData\Roaming\InstallShield
2009-09-07 00:14 . 2009-09-07 00:26 -------- d-----w- c:\program files\Sony
2009-09-06 23:25 . 2009-09-06 23:26 -------- d-----w- c:\users\user1\AppData\Roaming\Sony Corporation
2009-09-06 23:16 . 2006-07-28 08:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2009-09-06 23:16 . 2006-07-28 08:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2009-09-06 23:13 . 2009-09-06 23:13 -------- d-----w- C:\Drivers
2009-09-06 23:13 . 2006-10-30 12:46 6097 ----a-w- c:\windows\system32\drivers\sonyhcb.sys
2009-09-06 23:13 . 2006-10-30 12:46 53248 ----a-w- c:\windows\system32\SONYHCY.DLL
2009-09-06 23:13 . 2006-10-30 12:46 38739 ----a-w- c:\windows\system32\drivers\sonyhcc.sys
2009-09-06 23:13 . 2006-10-30 12:46 299923 ----a-w- c:\windows\system32\drivers\sonyhcs.sys
2009-09-06 23:13 . 2006-10-30 12:46 102220 ----a-w- c:\windows\system32\drivers\sonypvs1.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-06 17:51 . 2009-01-28 01:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-06 17:51 . 2009-01-28 01:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-02 02:37 . 2007-10-25 22:36 -------- d-----w- c:\program files\CCleaner
2009-10-01 21:45 . 2006-12-20 11:58 -------- d-----w- c:\program files\Java
2009-10-01 18:59 . 2009-08-20 19:29 -------- d-----w- c:\program files\Trend Micro
2009-09-30 20:54 . 2007-10-25 22:37 -------- d-----w- c:\program files\Yahoo!
2009-09-30 20:54 . 2009-01-29 18:14 -------- d--h--w- c:\programdata\yahoo!
2009-09-29 22:32 . 2009-08-20 01:25 -------- d-----w- c:\users\user1\AppData\Roaming\Skype
2009-09-26 15:53 . 2009-02-04 00:36 -------- d-----w- c:\program files\Common Files\Apple
2009-09-26 15:53 . 2009-02-14 16:36 -------- d-----w- c:\programdata\Apple Computer
2009-09-24 18:37 . 2008-08-15 01:19 -------- d-----w- c:\users\user1\AppData\Roaming\Ulead Systems
2009-09-22 21:23 . 2007-11-01 20:47 -------- d-----w- c:\users\user1\AppData\Roaming\Apple Computer
2009-09-22 18:47 . 2007-10-21 12:26 -------- d-----w- c:\program files\DigitalCamera
2009-09-22 17:38 . 2006-12-20 12:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-21 02:06 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-09-21 02:06 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-09-21 02:06 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-09-21 02:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-21 02:06 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-21 02:06 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-09-17 18:29 . 2006-12-20 11:29 -------- d-----w- c:\program files\TOSHIBA
2009-09-14 00:37 . 2009-09-14 00:37 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-09-10 20:12 . 2009-01-26 19:12 -------- d-----w- c:\program files\Common Files\Motive
2009-09-10 18:21 . 2009-01-26 14:01 -------- d-----w- c:\programdata\Motive
2009-09-10 18:14 . 2009-01-26 13:59 -------- d-----w- c:\program files\BT Broadband Desktop Help
2009-09-10 16:18 . 2009-02-04 12:17 61480 ----a-w- c:\users\user1\GoToAssistDownloadHelper.exe
2009-09-09 18:10 . 2009-02-09 17:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-03 17:44 . 2009-09-03 17:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-31 19:35 . 2009-05-08 16:19 -------- d-----w- c:\programdata\ScanSoft
2009-08-29 00:27 . 2009-09-04 01:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-04 01:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-25 18:05 . 2007-10-25 16:52 -------- d-----w- c:\users\user1\AppData\Roaming\LimeWire
2009-08-20 01:24 . 2009-08-20 01:24 -------- d-----r- c:\program files\Skype
2009-08-20 01:24 . 2009-08-20 01:24 -------- d-----w- c:\program files\Common Files\Skype
2009-08-20 01:24 . 2009-08-20 01:24 -------- d-----w- c:\programdata\Skype
2009-08-16 19:53 . 2007-11-17 01:41 -------- d-----w- c:\programdata\Lavasoft
2009-08-14 16:27 . 2009-09-09 07:20 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 07:20 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 07:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 07:20 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 07:20 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 07:20 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 07:20 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 07:20 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 07:20 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 07:20 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 07:20 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-08-02 17:49 . 2009-07-23 00:31 0 ----a-w- c:\users\user1\AppData\Local\prvlcl.dat
2009-07-21 21:52 . 2009-07-29 02:05 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 02:05 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 02:05 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 02:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-12 09:41 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-16 14:37 . 2009-08-03 02:42 1032192 ----a-w- c:\users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\m8qw4nsa.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash\components\IBitCometExtension.dll
2009-07-15 20:16 . 2009-01-28 00:24 1 ----a-w- c:\users\user1\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-15 12:40 . 2009-08-12 09:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 09:41 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 09:41 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 09:41 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-09 07:20 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-09 07:20 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-09 07:20 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-09 07:20 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-09 07:20 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-05-25 02:13 . 2009-05-24 19:17 10044192 --sha-w- c:\windows\System32\drivers\fidbox.dat
2009-05-25 02:13 . 2009-05-24 19:17 127776 --sha-w- c:\windows\System32\drivers\fidbox2.dat
.

------- Sigcheck -------

[7] 2006-11-02 . 7F15B4953378C8B5161D65C26D5FED4D . 11776 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

c:\windows\system32\cngaudit.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 13:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-09-29 289072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Volume Indicator"="c:\program files\Toshiba\Utilities\VolControl.exe" [2006-12-13 94208]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 577536]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]

c:\users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-10 525640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex( :thumbsup:

:7c,82,0f,02,62,3a,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{80BE1601-6551-449E-9CA6-878748AF1A76}"= UDP:c:\program files\LogMeIn\x86\LMIGuardian.exe:LMIGuardian
"{B3A3D5FD-FFD5-4425-B341-74002ED31BB7}"= TCP:c:\program files\LogMeIn\x86\LMIGuardian.exe:LMIGuardian
"{BDAB0203-C8EB-449C-B3A8-541D97621944}"= UDP:c:\program files\LogMeIn\x86\LogMeInSystray.exe:LogMeInSystray
"{B8F7BE44-0948-4214-A346-FEDBB032CE3F}"= TCP:c:\program files\LogMeIn\x86\LogMeInSystray.exe:LogMeInSystray
"{A794F050-2A5A-4F27-B01E-6323233C4DC5}"= UDP:c:\program files\LogMeIn\x86\LogMeIn.exe:LogMeIn
"{1EA79DCF-C5B9-491D-AAFF-196A8D154F37}"= TCP:c:\program files\LogMeIn\x86\LogMeIn.exe:LogMeIn
"{770E4F08-E579-4091-BAF3-838A857BE337}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{78B159E0-3778-454A-B2A2-E16BA0D7A11A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{848DECDE-5A75-4D6C-A7A4-05EF008C4A30}c:\\program files\\safari\\safari.exe"= UDP:c:\program files\safari\safari.exe:Safari Web Browser
"UDP Query User{FDB49948-3003-4D62-B020-1472A15189A9}c:\\program files\\safari\\safari.exe"= TCP:c:\program files\safari\safari.exe:Safari Web Browser
"{A33B109C-6B8F-4388-8808-03ECB7D69FBA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C8049DF9-7558-40E1-95D9-388B16FEACAA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{1572EFF6-C655-4FC2-AB15-BEF27B736011}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{B07AA5D6-E7E2-46A3-B4C0-E49260ADF842}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{C1FDA377-6506-4D80-8D36-7265F354190E}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{3328C8C2-6E63-4806-BC21-4EA966FFBE7D}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{78DBC0A9-F1CE-419B-B509-193937FA8345}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{43F5DA85-61E0-4509-8AF9-CD4AA4434BAD}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{C0C72D45-7F43-4C74-B4C2-4ECA7DEBFF3B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A0E9EAD2-D884-4D73-85C4-8F8F2C14B8CF}"= UDP:c:\users\user1\AppData\Local\Temp\7zSB42D.tmp\SymNRT.exe:Norton Removal Tool
"{57682660-C9FD-47F2-AD38-3CD139833A46}"= TCP:c:\users\user1\AppData\Local\Temp\7zSB42D.tmp\SymNRT.exe:Norton Removal Tool
"{D61E4AAB-841B-4D9D-A1B5-BB64ADB00FAB}"= UDP:c:\users\user1\AppData\Local\Temp\7zSC4E5.tmp\SymNRT.exe:Norton Removal Tool
"{F2202DB6-93E8-4297-9E0B-A8EE2F182B91}"= TCP:c:\users\user1\AppData\Local\Temp\7zSC4E5.tmp\SymNRT.exe:Norton Removal Tool
"{0815600B-85D4-447A-9B4E-B6EA7A8EA706}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{28344828-3B2D-441E-BD8B-D707E2841410}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{DF4CE634-7490-48B9-BEA7-822AA203B483}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{6D475C6F-076D-41EA-A781-70DB673D534C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [21/09/2009 22:28 108289]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-06 c:\windows\Tasks\User_Feed_Synchronization-{A3992335-F067-4B0F-ACDF-84ECC1497315}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\m8qw4nsa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-cclean&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\m8qw4nsa.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: keyword.enabled - true
FF - user.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4232574698-228105880-4154739431-1000\Software\ALWIL Software\Avast]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-4232574698-228105880-4154739431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop]
@DACL=(02 0000)
"Toolbars"=hex:11,00,00,00,00,00,00,00
"Upgrade"=dword:00000001
"TaskbarWinXP"=hex:0c,00,00,00,08,00,00,00,01,00,00,00,00,00,00,00,aa,4f,28,68,
48,6a,d0,11,8c,78,00,c0,4f,d9,18,b4,fd,03,00,00,40,0d,00,00,00,00,00,00,16,\

[HKEY_USERS\S-1-5-21-4232574698-228105880-4154739431-1000\Software\Microsoft\Windows\Shell\Bags\1]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\ALWIL Software\Avast]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\System32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2009-10-06 19:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-06 18:12

Pre-Run: 10,040,426,496 bytes free
Post-Run: 9,695,068,160 bytes free

418 --- E O F --- 2009-10-05 17:43

#2 darkchild101

Member

Group: Members
Posts: 108
Joined: 02-October 09

Posted 07 October 2009 - 03:42 PM

random's system information tool (RSIT)

Logfile of random's system information tool 1.06 (written by random/random)
Run by user1 at 2009-10-07 21:08:41
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 9 GB (16%) free of 56 GB
Total RAM: 1917 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:57, on 07/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TOSHIBA\Utilities\VolControl.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\user1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EU6ZSW61\RSIT[1].exe
C:\Program Files\trend micro\user1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [TOSHIBA Volume Indicator] "C:\Program Files\Toshiba\Utilities\VolControl.exe"
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\482\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7380 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{A3992335-F067-4B0F-ACDF-84ECC1497315}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-03-14 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-27 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-08-27 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-08-27 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-02 1175944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-27 256112]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-02 1175944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Volume Indicator"=C:\Program Files\Toshiba\Utilities\VolControl.exe [2006-12-13 94208]
"topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2006-12-15 577536]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-27 815104]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-31 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2009-09-29 289072]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2009-10-07 21:08:41 ----D---- C:\rsit
2009-10-07 20:53:39 ----D---- C:\Windows\Sun
2009-10-06 19:12:44 ----A---- C:\ComboFix.txt
2009-10-06 19:05:54 ----D---- C:\$RECYCLE.BIN
2009-10-06 19:02:28 ----D---- C:\Windows\temp
2009-10-06 18:52:33 ----A---- C:\Windows\NIRCMD.exe
2009-10-06 18:52:32 ----A---- C:\Windows\zip.exe
2009-10-06 18:52:32 ----A---- C:\Windows\SWXCACLS.exe
2009-10-06 18:52:32 ----A---- C:\Windows\SWSC.exe
2009-10-06 18:52:32 ----A---- C:\Windows\SWREG.exe
2009-10-06 18:52:32 ----A---- C:\Windows\sed.exe
2009-10-06 18:52:32 ----A---- C:\Windows\PEV.exe
2009-10-06 18:52:32 ----A---- C:\Windows\grep.exe
2009-10-06 18:48:58 ----D---- C:\Qoobox
2009-10-03 03:02:12 ----A---- C:\RootRepeal report 10-03-09 (03-02-12).txt
2009-10-03 02:54:02 ----A---- C:\Windows\system32\wups2.dll
2009-10-03 02:54:02 ----A---- C:\Windows\system32\wucltux.dll
2009-10-03 02:54:02 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-03 02:54:02 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-03 02:53:33 ----A---- C:\Windows\system32\wups.dll
2009-10-03 02:53:33 ----A---- C:\Windows\system32\wudriver.dll
2009-10-03 02:53:33 ----A---- C:\Windows\system32\wuapi.dll
2009-10-03 02:53:20 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-03 02:53:20 ----A---- C:\Windows\system32\wuapp.exe
2009-10-03 01:42:50 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-01 22:46:34 ----A---- C:\Windows\system32\javaws.exe
2009-10-01 22:46:34 ----A---- C:\Windows\system32\javaw.exe
2009-10-01 22:46:34 ----A---- C:\Windows\system32\java.exe
2009-09-30 22:41:21 ----A---- C:\Windows\system32\rmc_rtspdl.dll
2009-09-30 22:41:21 ----A---- C:\Windows\system32\rmc_fixasf.exe
2009-09-30 22:38:49 ----A---- C:\Windows\system32\AUDIOGENIE2.DLL
2009-09-30 22:38:29 ----D---- C:\Windows\Replay Media Catcher
2009-09-30 18:50:48 ----D---- C:\Users\user1\AppData\Roaming\DVD Flick
2009-09-30 18:50:08 ----A---- C:\Windows\system32\ssubtmr6.dll
2009-09-30 18:50:07 ----D---- C:\Program Files\DVD Flick
2009-09-30 14:38:44 ----D---- C:\YouTubeVideos
2009-09-30 14:35:39 ----D---- C:\Program Files\4U Computing
2009-09-29 22:21:10 ----D---- C:\Program Files\WinRAR
2009-09-29 22:06:53 ----D---- C:\Program Files\Ask.com
2009-09-29 22:05:40 ----D---- C:\Program Files\uTorrent
2009-09-29 22:05:16 ----D---- C:\Users\user1\AppData\Roaming\uTorrent
2009-09-26 16:53:51 ----D---- C:\Program Files\iPod
2009-09-26 16:53:47 ----D---- C:\Program Files\iTunes
2009-09-22 18:30:36 ----D---- C:\ProgramData\PC Drivers HeadQuarters
2009-09-22 18:28:45 ----D---- C:\Users\user1\AppData\Roaming\GetRightToGo
2009-09-22 17:16:06 ----D---- C:\Windows\system32\WindowsPowerShell
2009-09-22 17:13:17 ----D---- C:\Program Files\Microsoft ATS
2009-09-21 22:28:18 ----D---- C:\Program Files\Avira
2009-09-21 15:15:02 ----D---- C:\Windows\ERDNT
2009-09-21 15:14:13 ----D---- C:\Program Files\ERUNT
2009-09-21 03:23:05 ----D---- C:\ProgramData\Office Genuine Advantage
2009-09-21 03:05:34 ----D---- C:\Windows\system32\eu-ES
2009-09-21 03:05:34 ----D---- C:\Windows\system32\ca-ES
2009-09-21 03:05:30 ----D---- C:\Windows\system32\vi-VN
2009-09-21 01:52:24 ----D---- C:\Windows\system32\EventProviders
2009-09-21 01:49:05 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-09-21 01:48:57 ----A---- C:\Windows\system32\SLsvc.exe
2009-09-21 01:48:57 ----A---- C:\Windows\system32\SLCExt.dll
2009-09-21 01:48:53 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-09-21 01:48:53 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-09-21 01:48:50 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-09-21 01:48:47 ----A---- C:\Windows\system32\mssrch.dll
2009-09-21 01:48:44 ----A---- C:\Windows\system32\tquery.dll
2009-09-21 01:48:41 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-09-21 01:48:40 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-09-21 01:48:39 ----A---- C:\Windows\system32\scavenge.dll
2009-09-21 01:48:39 ----A---- C:\Windows\system32\RMActivate.exe
2009-09-21 01:48:37 ----A---- C:\Windows\system32\msi.dll
2009-09-21 01:48:35 ----A---- C:\Windows\system32\imapi2fs.dll
2009-09-21 01:48:34 ----A---- C:\Windows\system32\WscEapPr.dll
2009-09-21 01:48:34 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-09-21 01:48:34 ----A---- C:\Windows\system32\sysmain.dll
2009-09-21 01:48:34 ----A---- C:\Windows\system32\secproc_isv.dll
2009-09-21 01:48:33 ----A---- C:\Windows\system32\icardagt.exe
2009-09-21 01:48:32 ----A---- C:\Windows\system32\EhStorShell.dll
2009-09-21 01:48:30 ----A---- C:\Windows\system32\spreview.exe
2009-09-21 01:48:30 ----A---- C:\Windows\system32\spinstall.exe
2009-09-21 01:48:29 ----A---- C:\Windows\system32\drmv2clt.dll
2009-09-21 01:48:26 ----A---- C:\Windows\system32\spwizui.dll
2009-09-21 01:48:26 ----A---- C:\Windows\system32\secproc.dll
2009-09-21 01:48:26 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-09-21 01:48:25 ----A---- C:\Windows\system32\shell32.dll
2009-09-21 01:48:23 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-09-21 01:48:23 ----A---- C:\Windows\system32\p2psvc.dll
2009-09-21 01:48:22 ----A---- C:\Windows\system32\mssvp.dll
2009-09-21 01:48:21 ----A---- C:\Windows\system32\mssphtb.dll
2009-09-21 01:48:21 ----A---- C:\Windows\system32\mssph.dll
2009-09-21 01:48:21 ----A---- C:\Windows\system32\mscoree.dll
2009-09-21 01:48:20 ----A---- C:\Windows\system32\imapi2.dll
2009-09-21 01:48:18 ----A---- C:\Windows\system32\sdohlp.dll
2009-09-21 01:48:16 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-09-21 01:48:15 ----A---- C:\Windows\system32\esent.dll
2009-09-21 01:48:14 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-09-21 01:48:13 ----A---- C:\Windows\system32\DevicePairing.dll
2009-09-21 01:48:12 ----A---- C:\Windows\system32\sperror.dll
2009-09-21 01:48:12 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-09-21 01:48:11 ----A---- C:\Windows\system32\korwbrkr.dll
2009-09-21 01:48:10 ----A---- C:\Windows\system32\wevtsvc.dll
2009-09-21 01:48:10 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-09-21 01:48:09 ----A---- C:\Windows\system32\SLC.dll
2009-09-21 01:48:09 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-09-21 01:48:09 ----A---- C:\Windows\system32\msshsq.dll
2009-09-21 01:48:09 ----A---- C:\Windows\system32\IasMigReader.exe
2009-09-21 01:48:05 ----A---- C:\Windows\system32\msjet40.dll
2009-09-21 01:48:05 ----A---- C:\Windows\system32\MPSSVC.dll
2009-09-21 01:48:04 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-09-21 01:48:03 ----A---- C:\Windows\system32\msxml6.dll
2009-09-21 01:48:01 ----A---- C:\Windows\system32\Query.dll
2009-09-21 01:48:01 ----A---- C:\Windows\system32\qmgr.dll
2009-09-21 01:47:59 ----A---- C:\Windows\system32\P2PGraph.dll
2009-09-21 01:47:59 ----A---- C:\Windows\system32\msexch40.dll
2009-09-21 01:47:59 ----A---- C:\Windows\system32\diagperf.dll
2009-09-21 01:47:58 ----A---- C:\Windows\system32\ole32.dll
2009-09-21 01:47:57 ----A---- C:\Windows\system32\ntdll.dll
2009-09-21 01:47:56 ----A---- C:\Windows\system32\winload.exe
2009-09-21 01:47:56 ----A---- C:\Windows\system32\srchadmin.dll
2009-09-21 01:47:56 ----A---- C:\Windows\system32\msxml3.dll
2009-09-21 01:47:55 ----A---- C:\Windows\system32\mblctr.exe
2009-09-21 01:47:55 ----A---- C:\Windows\system32\EncDec.dll
2009-09-21 01:47:54 ----A---- C:\Windows\system32\uDWM.dll
2009-09-21 01:47:54 ----A---- C:\Windows\system32\mmc.exe
2009-09-21 01:47:53 ----A---- C:\Windows\system32\dfsr.exe
2009-09-21 01:47:52 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-09-21 01:47:51 ----A---- C:\Windows\system32\riched20.dll
2009-09-21 01:47:50 ----A---- C:\Windows\system32\fdBth.dll
2009-09-21 01:47:49 ----A---- C:\Windows\system32\RacEngn.dll
2009-09-21 01:47:46 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-09-21 01:47:46 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-09-21 01:47:46 ----A---- C:\Windows\system32\kernel32.dll
2009-09-21 01:47:45 ----A---- C:\Windows\system32\milcore.dll
2009-09-21 01:47:45 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-09-21 01:47:44 ----A---- C:\Windows\system32\spoolss.dll
2009-09-21 01:47:44 ----A---- C:\Windows\system32\CertEnroll.dll
2009-09-21 01:47:43 ----A---- C:\Windows\system32\schedsvc.dll
2009-09-21 01:47:43 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-09-21 01:47:39 ----A---- C:\Windows\system32\msvcp60.dll
2009-09-21 01:47:39 ----A---- C:\Windows\system32\msjtes40.dll
2009-09-21 01:47:39 ----A---- C:\Windows\system32\gpedit.dll
2009-09-21 01:47:38 ----A---- C:\Windows\system32\WinSAT.exe
2009-09-21 01:47:38 ----A---- C:\Windows\system32\infocardapi.dll
2009-09-21 01:47:37 ----A---- C:\Windows\system32\es.dll
2009-09-21 01:47:34 ----A---- C:\Windows\system32\Magnify.exe
2009-09-21 01:47:33 ----A---- C:\Windows\system32\mstext40.dll
2009-09-21 01:47:33 ----A---- C:\Windows\system32\advapi32.dll
2009-09-21 01:47:32 ----A---- C:\Windows\system32\WebClnt.dll
2009-09-21 01:47:31 ----A---- C:\Windows\system32\WMPhoto.dll
2009-09-21 01:47:31 ----A---- C:\Windows\system32\msexcl40.dll
2009-09-21 01:47:30 ----A---- C:\Windows\system32\slwmi.dll
2009-09-21 01:47:30 ----A---- C:\Windows\system32\comsvcs.dll
2009-09-21 01:47:29 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-09-21 01:47:29 ----A---- C:\Windows\system32\msxbde40.dll
2009-09-21 01:47:28 ----A---- C:\Windows\system32\vssapi.dll
2009-09-21 01:47:27 ----A---- C:\Windows\system32\authui.dll
2009-09-21 01:47:25 ----A---- C:\Windows\system32\msrepl40.dll
2009-09-21 01:47:24 ----A---- C:\Windows\system32\PresentationHost.exe
2009-09-21 01:47:23 ----A---- C:\Windows\system32\propsys.dll
2009-09-21 01:47:23 ----A---- C:\Windows\system32\newdev.dll
2009-09-21 01:47:22 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-09-21 01:47:22 ----A---- C:\Windows\system32\iasrecst.dll
2009-09-21 01:47:22 ----A---- C:\Windows\system32\gpsvc.dll
2009-09-21 01:47:22 ----A---- C:\Windows\system32\eudcedit.exe
2009-09-21 01:47:21 ----A---- C:\Windows\system32\crypt32.dll
2009-09-21 01:47:20 ----A---- C:\Windows\explorer.exe
2009-09-21 01:47:19 ----A---- C:\Windows\system32\rpcss.dll
2009-09-21 01:47:18 ----A---- C:\Windows\system32\setupapi.dll
2009-09-21 01:47:17 ----A---- C:\Windows\system32\mspbde40.dll
2009-09-21 01:47:16 ----A---- C:\Windows\system32\d3d9.dll
2009-09-21 01:47:15 ----A---- C:\Windows\system32\davclnt.dll
2009-09-21 01:47:14 ----A---- C:\Windows\system32\msltus40.dll
2009-09-21 01:47:13 ----A---- C:\Windows\system32\mfc42.dll
2009-09-21 01:47:12 ----A---- C:\Windows\system32\shlwapi.dll
2009-09-21 01:47:12 ----A---- C:\Windows\system32\msrd3x40.dll
2009-09-21 01:47:12 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-09-21 01:47:12 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-09-21 01:47:11 ----A---- C:\Windows\system32\msdtctm.dll
2009-09-21 01:47:10 ----A---- C:\Windows\system32\wevtapi.dll
2009-09-21 01:47:10 ----A---- C:\Windows\system32\browseui.dll
2009-09-21 01:47:09 ----A---- C:\Windows\system32\photowiz.dll
2009-09-21 01:47:08 ----A---- C:\Windows\system32\nlhtml.dll
2009-09-21 01:47:05 ----A---- C:\Windows\system32\user32.dll
2009-09-21 01:47:02 ----A---- C:\Windows\system32\samsrv.dll
2009-09-21 01:47:01 ----A---- C:\Windows\system32\quartz.dll
2009-09-21 01:47:01 ----A---- C:\Windows\system32\ci.dll
2009-09-21 01:46:59 ----A---- C:\Windows\system32\win32spl.dll
2009-09-21 01:46:58 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-09-21 01:46:58 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-09-21 01:46:58 ----A---- C:\Windows\system32\oleaut32.dll
2009-09-21 01:46:56 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-09-21 01:46:55 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-09-21 01:46:54 ----A---- C:\Windows\system32\netshell.dll
2009-09-21 01:46:53 ----A---- C:\Windows\system32\compcln.exe
2009-09-21 01:46:53 ----A---- C:\Windows\system32\apds.dll
2009-09-21 01:46:52 ----A---- C:\Windows\system32\winhttp.dll
2009-09-21 01:46:51 ----A---- C:\Windows\system32\mswstr10.dll
2009-09-21 01:46:51 ----A---- C:\Windows\system32\audiosrv.dll
2009-09-21 01:46:50 ----A---- C:\Windows\system32\xmlfilter.dll
2009-09-21 01:46:50 ----A---- C:\Windows\system32\emdmgmt.dll
2009-09-21 01:46:49 ----A---- C:\Windows\system32\msctf.dll
2009-09-21 01:46:47 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-09-21 01:46:47 ----A---- C:\Windows\system32\msvcrt.dll
2009-09-21 01:46:47 ----A---- C:\Windows\system32\gdi32.dll
2009-09-21 01:46:46 ----A---- C:\Windows\system32\VSSVC.exe
2009-09-21 01:46:45 ----A---- C:\Windows\system32\mfc42u.dll
2009-09-21 01:46:45 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-09-21 01:46:44 ----A---- C:\Windows\system32\SLUI.exe
2009-09-21 01:46:43 ----A---- C:\Windows\system32\msrd2x40.dll
2009-09-21 01:46:43 ----A---- C:\Windows\system32\eapphost.dll
2009-09-21 01:46:42 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-09-21 01:46:40 ----A---- C:\Windows\system32\winresume.exe
2009-09-21 01:46:40 ----A---- C:\Windows\system32\propdefs.dll
2009-09-21 01:46:40 ----A---- C:\Windows\system32\odbc32.dll
2009-09-21 01:46:38 ----A---- C:\Windows\system32\shdocvw.dll
2009-09-21 01:46:37 ----A---- C:\Windows\system32\dbgeng.dll
2009-09-21 01:46:36 ----A---- C:\Windows\system32\wevtutil.exe
2009-09-21 01:46:36 ----A---- C:\Windows\system32\mssitlb.dll
2009-09-21 01:46:33 ----A---- C:\Windows\system32\WsmSvc.dll
2009-09-21 01:46:33 ----A---- C:\Windows\system32\swprv.dll
2009-09-21 01:46:33 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-09-21 01:46:31 ----A---- C:\Windows\system32\usp10.dll
2009-09-21 01:46:30 ----A---- C:\Windows\system32\vds.exe
2009-09-21 01:46:28 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-09-21 01:46:28 ----A---- C:\Windows\system32\drvinst.exe
2009-09-21 01:46:28 ----A---- C:\Windows\system32\devmgr.dll
2009-09-21 01:46:27 ----A---- C:\Windows\system32\netlogon.dll
2009-09-21 01:46:27 ----A---- C:\Windows\system32\msscb.dll
2009-09-21 01:46:27 ----A---- C:\Windows\system32\msctfp.dll
2009-09-21 01:46:27 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-09-21 01:46:27 ----A---- C:\Windows\system32\BFE.DLL
2009-09-21 01:46:27 ----A---- C:\Windows\system32\adsldpc.dll
2009-09-21 01:46:26 ----A---- C:\Windows\system32\evr.dll
2009-09-21 01:46:24 ----A---- C:\Windows\system32\Wldap32.dll
2009-09-21 01:46:24 ----A---- C:\Windows\system32\wcnwiz.dll
2009-09-21 01:46:24 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-09-21 01:46:23 ----A---- C:\Windows\system32\WSDApi.dll
2009-09-21 01:46:23 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-09-21 01:46:22 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-09-21 01:46:21 ----A---- C:\Windows\system32\services.exe
2009-09-21 01:46:20 ----A---- C:\Windows\system32\wercon.exe
2009-09-21 01:46:19 ----A---- C:\Windows\system32\mimefilt.dll
2009-09-21 01:46:19 ----A---- C:\Windows\system32\comdlg32.dll
2009-09-21 01:46:19 ----A---- C:\Windows\system32\adtschema.dll
2009-09-21 01:46:17 ----A---- C:\Windows\system32\wcncsvc.dll
2009-09-21 01:46:17 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-09-21 01:46:16 ----A---- C:\Windows\system32\msdrm.dll
2009-09-21 01:46:16 ----A---- C:\Windows\system32\certcli.dll
2009-09-21 01:46:15 ----A---- C:\Windows\system32\msjter40.dll
2009-09-21 01:46:15 ----A---- C:\Windows\system32\msdtcprx.dll
2009-09-21 01:46:15 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-09-21 01:46:14 ----A---- C:\Windows\system32\taskeng.exe
2009-09-21 01:46:14 ----A---- C:\Windows\system32\reg.exe
2009-09-21 01:46:14 ----A---- C:\Windows\system32\mswdat10.dll
2009-09-21 01:46:13 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-09-21 01:46:13 ----A---- C:\Windows\system32\rtffilt.dll
2009-09-21 01:46:13 ----A---- C:\Windows\system32\dnsapi.dll
2009-09-21 01:46:12 ----A---- C:\Windows\system32\certutil.exe
2009-09-21 01:46:11 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-09-21 01:46:10 ----A---- C:\Windows\system32\w32time.dll
2009-09-21 01:46:09 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-09-21 01:46:06 ----A---- C:\Windows\system32\msshooks.dll
2009-09-21 01:46:06 ----A---- C:\Windows\system32\msscntrs.dll
2009-09-21 01:46:06 ----A---- C:\Windows\system32\bcrypt.dll
2009-09-21 01:46:04 ----A---- C:\Windows\system32\rsaenh.dll
2009-09-21 01:46:04 ----A---- C:\Windows\system32\bthserv.dll
2009-09-21 01:46:03 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-09-21 01:46:03 ----A---- C:\Windows\system32\msstrc.dll
2009-09-21 01:46:03 ----A---- C:\Windows\system32\msihnd.dll
2009-09-21 01:46:03 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-09-21 01:46:02 ----A---- C:\Windows\system32\netapi32.dll
2009-09-21 01:46:02 ----A---- C:\Windows\system32\inetpp.dll
2009-09-21 01:46:02 ----A---- C:\Windows\system32\inetcomm.dll
2009-09-21 01:46:02 ----A---- C:\Windows\system32\dfshim.dll
2009-09-21 01:46:01 ----A---- C:\Windows\system32\mtxclu.dll
2009-09-21 01:46:01 ----A---- C:\Windows\system32\mscories.dll
2009-09-21 01:46:01 ----A---- C:\Windows\system32\hidserv.dll
2009-09-21 01:46:01 ----A---- C:\Windows\system32\fundisc.dll
2009-09-21 01:46:01 ----A---- C:\Windows\system32\cryptsvc.dll
2009-09-21 01:46:00 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-09-21 01:46:00 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-09-21 01:45:59 ----A---- C:\Windows\system32\termsrv.dll
2009-09-21 01:45:59 ----A---- C:\Windows\system32\profsvc.dll
2009-09-21 01:45:56 ----A---- C:\Windows\system32\imapi.dll
2009-09-21 01:45:55 ----A---- C:\Windows\system32\shsvcs.dll
2009-09-21 01:45:55 ----A---- C:\Windows\system32\msiexec.exe
2009-09-21 01:45:54 ----A---- C:\Windows\system32\wdc.dll
2009-09-21 01:45:54 ----A---- C:\Windows\system32\chsbrkr.dll
2009-09-21 01:45:52 ----A---- C:\Windows\system32\iassdo.dll
2009-09-21 01:45:51 ----A---- C:\Windows\system32\rasmans.dll
2009-09-21 01:45:51 ----A---- C:\Windows\system32\pnidui.dll
2009-09-21 01:45:50 ----A---- C:\Windows\system32\spoolsv.exe
2009-09-21 01:45:50 ----A---- C:\Windows\system32\icardres.dll
2009-09-21 01:45:50 ----A---- C:\Windows\system32\autofmt.exe
2009-09-21 01:45:49 ----A---- C:\Windows\system32\wersvc.dll
2009-09-21 01:45:49 ----A---- C:\Windows\system32\scrrun.dll
2009-09-21 01:45:49 ----A---- C:\Windows\system32\PSHED.DLL
2009-09-21 01:45:48 ----A---- C:\Windows\system32\slmgr.vbs
2009-09-21 01:45:47 ----A---- C:\Windows\system32\pdh.dll
2009-09-21 01:45:47 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-09-21 01:45:47 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-09-21 01:45:47 ----A---- C:\Windows\system32\azroles.dll
2009-09-21 01:45:44 ----A---- C:\Windows\system32\pidgenx.dll
2009-09-21 01:45:42 ----A---- C:\Windows\system32\wmpmde.dll
2009-09-21 01:45:40 ----A---- C:\Windows\system32\winlogon.exe
2009-09-21 01:45:40 ----A---- C:\Windows\system32\SyncCenter.dll
2009-09-21 01:45:37 ----A---- C:\Windows\system32\SLUINotify.dll
2009-09-21 01:45:37 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-09-21 01:45:37 ----A---- C:\Windows\system32\comuid.dll
2009-09-21 01:45:36 ----A---- C:\Windows\system32\ncrypt.dll
2009-09-21 01:45:36 ----A---- C:\Windows\system32\certmgr.dll
2009-09-21 01:45:35 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-09-21 01:45:35 ----A---- C:\Windows\system32\sethc.exe
2009-09-21 01:45:35 ----A---- C:\Windows\system32\kd1394.dll
2009-09-21 01:45:34 ----A---- C:\Windows\system32\wisptis.exe
2009-09-21 01:45:34 ----A---- C:\Windows\system32\untfs.dll
2009-09-21 01:45:34 ----A---- C:\Windows\system32\spp.dll
2009-09-21 01:45:34 ----A---- C:\Windows\system32\scrobj.dll
2009-09-21 01:45:34 ----A---- C:\Windows\system32\rtutils.dll
2009-09-21 01:45:34 ----A---- C:\Windows\system32\iassam.dll
2009-09-21 01:45:33 ----A---- C:\Windows\system32\taskcomp.dll
2009-09-21 01:45:33 ----A---- C:\Windows\system32\dwm.exe
2009-09-21 01:45:33 ----A---- C:\Windows\system32\autochk.exe
2009-09-21 01:45:31 ----A---- C:\Windows\system32\printui.dll
2009-09-21 01:45:31 ----A---- C:\Windows\system32\iasnap.dll
2009-09-21 01:45:30 ----A---- C:\Windows\system32\autoconv.exe
2009-09-21 01:45:29 ----A---- C:\Windows\system32\winsrv.dll
2009-09-21 01:45:28 ----A---- C:\Windows\system32\onex.dll
2009-09-21 01:45:28 ----A---- C:\Windows\system32\kdcom.dll
2009-09-21 01:45:28 ----A---- C:\Windows\system32\cscript.exe
2009-09-21 01:45:28 ----A---- C:\Windows\system32\basecsp.dll
2009-09-21 01:45:27 ----A---- C:\Windows\system32\wow32.dll
2009-09-21 01:45:27 ----A---- C:\Windows\system32\userenv.dll
2009-09-21 01:45:27 ----A---- C:\Windows\system32\osk.exe
2009-09-21 01:45:27 ----A---- C:\Windows\system32\audiodg.exe
2009-09-21 01:45:26 ----A---- C:\Windows\system32\mswsock.dll
2009-09-21 01:45:25 ----A---- C:\Windows\system32\winmm.dll
2009-09-21 01:45:25 ----A---- C:\Windows\system32\spcmsg.dll
2009-09-21 01:45:25 ----A---- C:\Windows\system32\RelMon.dll
2009-09-21 01:45:25 ----A---- C:\Windows\system32\kdusb.dll
2009-09-21 01:45:24 ----A---- C:\Windows\system32\WinSCard.dll
2009-09-21 01:45:24 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-09-21 01:45:24 ----A---- C:\Windows\system32\rdpencom.dll
2009-09-21 01:45:24 ----A---- C:\Windows\system32\offfilt.dll
2009-09-21 01:45:24 ----A---- C:\Windows\system32\msftedit.dll
2009-09-21 01:45:23 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-09-21 01:45:21 ----A---- C:\Windows\system32\WerFault.exe
2009-09-21 01:45:21 ----A---- C:\Windows\system32\Utilman.exe
2009-09-21 01:45:21 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-09-21 01:45:21 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-09-21 01:45:19 ----A---- C:\Windows\system32\wsepno.dll
2009-09-21 01:45:19 ----A---- C:\Windows\system32\stobject.dll
2009-09-21 01:45:19 ----A---- C:\Windows\system32\mfplat.dll
2009-09-21 01:45:19 ----A---- C:\Windows\system32\diskraid.exe
2009-09-21 01:45:18 ----A---- C:\Windows\system32\wiaservc.dll
2009-09-21 01:45:18 ----A---- C:\Windows\system32\sysclass.dll
2009-09-21 01:45:18 ----A---- C:\Windows\system32\SndVol.exe
2009-09-21 01:45:18 ----A---- C:\Windows\system32\prnntfy.dll
2009-09-21 01:45:18 ----A---- C:\Windows\system32\msnetobj.dll
2009-09-21 01:45:18 ----A---- C:\Windows\system32\mscms.dll
2009-09-21 01:45:18 ----A---- C:\Windows\system32\apphelp.dll
2009-09-21 01:45:18 ----A---- C:\Windows\system32\adsmsext.dll
2009-09-21 01:45:17 ----A---- C:\Windows\system32\wscript.exe
2009-09-21 01:45:17 ----A---- C:\Windows\system32\ulib.dll
2009-09-21 01:45:17 ----A---- C:\Windows\system32\odbccp32.dll
2009-09-21 01:45:17 ----A---- C:\Windows\system32\iasdatastore.dll
2009-09-21 01:45:16 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-09-21 01:45:16 ----A---- C:\Windows\system32\dsound.dll
2009-09-21 01:45:16 ----A---- C:\Windows\system32\cryptui.dll
2009-09-21 01:45:15 ----A---- C:\Windows\system32\wscntfy.dll
2009-09-21 01:45:15 ----A---- C:\Windows\system32\rastapi.dll
2009-09-21 01:45:15 ----A---- C:\Windows\system32\pnpsetup.dll
2009-09-21 01:45:15 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-09-21 01:45:15 ----A---- C:\Windows\system32\fdProxy.dll
2009-09-21 01:45:14 ----A---- C:\Windows\system32\wscsvc.dll
2009-09-21 01:45:14 ----A---- C:\Windows\system32\wlangpui.dll
2009-09-21 01:45:14 ----A---- C:\Windows\system32\vdsdyn.dll
2009-09-21 01:45:14 ----A---- C:\Windows\system32\rastls.dll
2009-09-21 01:45:14 ----A---- C:\Windows\system32\iashlpr.dll
2009-09-21 01:45:14 ----A---- C:\Windows\system32\gpapi.dll
2009-09-21 01:45:14 ----A---- C:\Windows\system32\diskpart.exe
2009-09-21 01:45:14 ----A---- C:\Windows\system32\brcpl.dll
2009-09-21 01:45:13 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-09-21 01:45:13 ----A---- C:\Windows\system32\rasapi32.dll
2009-09-21 01:45:13 ----A---- C:\Windows\system32\logman.exe
2009-09-21 01:45:11 ----A---- C:\Windows\system32\ntprint.dll
2009-09-21 01:45:10 ----A---- C:\Windows\system32\regsvc.dll
2009-09-21 01:45:09 ----A---- C:\Windows\system32\mscorier.dll
2009-09-21 01:45:08 ----A---- C:\Windows\system32\wusa.exe
2009-09-21 01:45:06 ----A---- C:\Windows\system32\iasrad.dll
2009-09-21 01:45:06 ----A---- C:\Windows\system32\findstr.exe
2009-09-21 01:45:05 ----A---- C:\Windows\system32\zipfldr.dll
2009-09-21 01:45:03 ----A---- C:\Windows\system32\wshext.dll
2009-09-21 01:45:02 ----A---- C:\Windows\system32\wpccpl.dll
2009-09-21 01:45:00 ----A---- C:\Windows\system32\netcenter.dll
2009-09-21 01:44:59 ----A---- C:\Windows\system32\rasdlg.dll
2009-09-21 01:44:59 ----A---- C:\Windows\system32\iassvcs.dll
2009-09-21 01:44:58 ----A---- C:\Windows\system32\wsnmp32.dll
2009-09-21 01:44:58 ----A---- C:\Windows\system32\wer.dll
2009-09-21 01:44:57 ----A---- C:\Windows\system32\themecpl.dll
2009-09-21 01:44:56 ----A---- C:\Windows\system32\uxsms.dll
2009-09-21 01:44:56 ----A---- C:\Windows\system32\srvsvc.dll
2009-09-21 01:44:56 ----A---- C:\Windows\system32\mssprxy.dll
2009-09-21 01:44:55 ----A---- C:\Windows\system32\tsbyuv.dll
2009-09-21 01:44:55 ----A---- C:\Windows\system32\ntmarta.dll
2009-09-21 01:44:54 ----A---- C:\Windows\system32\scansetting.dll
2009-09-21 01:44:54 ----A---- C:\Windows\system32\iasads.dll
2009-09-21 01:44:53 ----A---- C:\Windows\system32\msutb.dll
2009-09-21 01:44:52 ----A---- C:\Windows\system32\slcc.dll
2009-09-21 01:44:52 ----A---- C:\Windows\system32\mstlsapi.dll
2009-09-21 01:44:50 ----A---- C:\Windows\system32\powrprof.dll
2009-09-21 01:44:49 ----A---- C:\Windows\system32\mstsc.exe
2009-09-21 01:44:48 ----A---- C:\Windows\system32\iasacct.dll
2009-09-21 01:44:47 ----A---- C:\Windows\system32\powercpl.dll
2009-09-21 01:44:47 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-09-21 01:44:47 ----A---- C:\Windows\system32\networkmap.dll
2009-09-21 01:44:46 ----A---- C:\Windows\system32\newdev.exe
2009-09-21 01:44:46 ----A---- C:\Windows\system32\connect.dll
2009-09-21 01:44:46 ----A---- C:\Windows\system32\authz.dll
2009-09-21 01:44:45 ----A---- C:\Windows\system32\sud.dll
2009-09-21 01:44:45 ----A---- C:\Windows\system32\dot3svc.dll
2009-09-21 01:44:44 ----A---- C:\Windows\system32\themeui.dll
2009-09-21 01:44:44 ----A---- C:\Windows\system32\systemcpl.dll
2009-09-21 01:44:44 ----A---- C:\Windows\system32\pcaui.dll
2009-09-21 01:44:43 ----A---- C:\Windows\system32\usercpl.dll
2009-09-21 01:44:43 ----A---- C:\Windows\system32\samlib.dll
2009-09-21 01:44:43 ----A---- C:\Windows\system32\mmci.dll
2009-09-21 01:44:43 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-09-21 01:44:42 ----A---- C:\Windows\system32\wlanpref.dll
2009-09-21 01:44:42 ----A---- C:\Windows\system32\rpchttp.dll
2009-09-21 01:44:42 ----A---- C:\Windows\system32\qdvd.dll
2009-09-21 01:44:42 ----A---- C:\Windows\system32\autoplay.dll
2009-09-21 01:44:41 ----A---- C:\Windows\system32\wpcao.dll
2009-09-21 01:44:41 ----A---- C:\Windows\system32\vdsutil.dll
2009-09-21 01:44:41 ----A---- C:\Windows\system32\tapisrv.dll
2009-09-21 01:44:41 ----A---- C:\Windows\system32\regapi.dll
2009-09-21 01:44:41 ----A---- C:\Windows\system32\msinfo32.exe
2009-09-21 01:44:40 ----A---- C:\Windows\system32\scksp.dll
2009-09-21 01:44:40 ----A---- C:\Windows\system32\scesrv.dll
2009-09-21 01:44:40 ----A---- C:\Windows\system32\psisdecd.dll
2009-09-21 01:44:40 ----A---- C:\Windows\system32\oleprn.dll
2009-09-21 01:44:40 ----A---- C:\Windows\system32\mpr.dll
2009-09-21 01:44:40 ----A---- C:\Windows\system32\imm32.dll
2009-09-21 01:44:40 ----A---- C:\Windows\system32\feclient.dll
2009-09-21 01:44:40 ----A---- C:\Windows\system32\AudioSes.dll
2009-09-21 01:44:39 ----A---- C:\Windows\system32\wscisvif.dll
2009-09-21 01:44:39 ----A---- C:\Windows\system32\sdclt.exe
2009-09-21 01:44:39 ----A---- C:\Windows\system32\rekeywiz.exe
2009-09-21 01:44:39 ----A---- C:\Windows\system32\iaspolcy.dll
2009-09-21 01:44:39 ----A---- C:\Windows\system32\Faultrep.dll
2009-09-21 01:44:39 ----A---- C:\Windows\system32\dpapimig.exe
2009-09-21 01:44:39 ----A---- C:\Windows\system32\dot3msm.dll
2009-09-21 01:44:39 ----A---- C:\Windows\system32\DeviceEject.exe
2009-09-21 01:44:38 ----A---- C:\Windows\system32\rasgcw.dll
2009-09-21 01:44:38 ----A---- C:\Windows\system32\qedit.dll
2009-09-21 01:44:38 ----A---- C:\Windows\system32\pnpui.dll
2009-09-21 01:44:38 ----A---- C:\Windows\system32\perfdisk.dll
2009-09-21 01:44:38 ----A---- C:\Windows\system32\ncryptui.dll
2009-09-21 01:44:38 ----A---- C:\Windows\system32\hdwwiz.exe
2009-09-21 01:44:38 ----A---- C:\Windows\system32\certreq.exe
2009-09-21 01:44:37 ----A---- C:\Windows\system32\TSTheme.exe
2009-09-21 01:44:37 ----A---- C:\Windows\system32\spwinsat.dll
2009-09-21 01:44:37 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-09-21 01:44:37 ----A---- C:\Windows\system32\scecli.dll
2009-09-21 01:44:37 ----A---- C:\Windows\system32\rasplap.dll
2009-09-21 01:44:37 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-09-21 01:44:36 ----A---- C:\Windows\system32\whealogr.dll
2009-09-21 01:44:36 ----A---- C:\Windows\system32\tcpmon.dll
2009-09-21 01:44:36 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-09-21 01:44:36 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-09-21 01:44:36 ----A---- C:\Windows\system32\fdWSD.dll
2009-09-21 01:44:36 ----A---- C:\Windows\system32\cmmon32.exe
2009-09-21 01:44:35 ----A---- C:\Windows\system32\srcore.dll
2009-09-21 01:44:35 ----A---- C:\Windows\system32\SCardSvr.dll
2009-09-21 01:44:35 ----A---- C:\Windows\system32\raschap.dll
2009-09-21 01:44:35 ----A---- C:\Windows\system32\fontext.dll
2009-09-21 01:44:35 ----A---- C:\Windows\system32\conime.exe
2009-09-21 01:44:35 ----A---- C:\Windows\system32\cmdial32.dll
2009-09-21 01:44:34 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-09-21 01:44:34 ----A---- C:\Windows\system32\wlanui.dll
2009-09-21 01:44:34 ----A---- C:\Windows\system32\wiaaut.dll
2009-09-21 01:44:34 ----A---- C:\Windows\system32\rasppp.dll
2009-09-21 01:44:34 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-09-21 01:44:33 ----A---- C:\Windows\system32\shwebsvc.dll
2009-09-21 01:44:33 ----A---- C:\Windows\system32\PnPutil.exe
2009-09-21 01:44:33 ----A---- C:\Windows\system32\dsprop.dll
2009-09-21 01:44:33 ----A---- C:\Windows\system32\dimsroam.dll
2009-09-21 01:44:32 ----A---- C:\Windows\system32\oobefldr.dll
2009-09-21 01:44:29 ----A---- C:\Windows\system32\shsetup.dll
2009-09-21 01:44:28 ----A---- C:\Windows\system32\rasmontr.dll
2009-09-21 01:44:28 ----A---- C:\Windows\system32\mscandui.dll
2009-09-21 01:44:28 ----A---- C:\Windows\system32\modemui.dll
2009-09-21 01:44:28 ----A---- C:\Windows\system32\chtbrkr.dll
2009-09-21 01:44:27 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-09-21 01:44:27 ----A---- C:\Windows\system32\dataclen.dll
2009-09-21 01:44:26 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-09-21 01:44:26 ----A---- C:\Windows\system32\rdpwsx.dll
2009-09-21 01:44:26 ----A---- C:\Windows\system32\blackbox.dll
2009-09-21 01:44:25 ----A---- C:\Windows\system32\WSDMon.dll
2009-09-21 01:44:25 ----A---- C:\Windows\system32\wmpeffects.dll
2009-09-21 01:44:25 ----A---- C:\Windows\system32\smss.exe
2009-09-21 01:44:25 ----A---- C:\Windows\system32\netplwiz.dll
2009-09-21 01:44:25 ----A---- C:\Windows\system32\credui.dll
2009-09-21 01:44:24 ----A---- C:\Windows\system32\networkexplorer.dll
2009-09-21 01:44:24 ----A---- C:\Windows\system32\certprop.dll
2009-09-21 01:44:23 ----A---- C:\Windows\system32\wscapi.dll
2009-09-21 01:44:23 ----A---- C:\Windows\system32\wpcsvc.dll
2009-09-21 01:44:23 ----A---- C:\Windows\system32\msscp.dll
2009-09-21 01:44:23 ----A---- C:\Windows\system32\msimtf.dll
2009-09-21 01:44:23 ----A---- C:\Windows\system32\logagent.exe
2009-09-21 01:44:23 ----A---- C:\Windows\system32\InkEd.dll
2009-09-21 01:44:23 ----A---- C:\Windows\system32\ifmon.dll
2009-09-21 01:44:23 ----A---- C:\Windows\system32\gpresult.exe
2009-09-21 01:44:23 ----A---- C:\Windows\system32\cipher.exe
2009-09-21 01:44:22 ----A---- C:\Windows\system32\thawbrkr.dll
2009-09-21 01:44:22 ----A---- C:\Windows\system32\softkbd.dll
2009-09-21 01:44:22 ----A---- C:\Windows\system32\sendmail.dll
2009-09-21 01:44:22 ----A---- C:\Windows\system32\msctfui.dll
2009-09-21 01:44:22 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-09-21 01:44:21 ----A---- C:\Windows\system32\olepro32.dll
2009-09-21 01:44:20 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-09-21 01:44:20 ----A---- C:\Windows\system32\dmsynth.dll
2009-09-21 01:44:19 ----A---- C:\Windows\system32\puiapi.dll
2009-09-21 01:44:19 ----A---- C:\Windows\system32\input.dll
2009-09-21 01:44:19 ----A---- C:\Windows\system32\cdd.dll
2009-09-21 01:44:18 ----A---- C:\Windows\system32\wshbth.dll
2009-09-21 01:44:18 ----A---- C:\Windows\system32\version.dll
2009-09-21 01:44:18 ----A---- C:\Windows\system32\SLLUA.exe
2009-09-21 01:44:18 ----A---- C:\Windows\system32\msisip.dll
2009-09-21 01:44:18 ----A---- C:\Windows\system32\mprapi.dll
2009-09-21 01:44:18 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-09-21 01:44:17 ----A---- C:\Windows\system32\fc.exe
2009-09-21 01:44:16 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-09-21 01:44:16 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-09-21 01:44:16 ----A---- C:\Windows\system32\fdSSDP.dll
2009-09-21 01:44:16 ----A---- C:\Windows\system32\dmusic.dll
2009-09-21 01:44:16 ----A---- C:\Windows\system32\cscapi.dll
2009-09-21 01:44:15 ----A---- C:\Windows\system32\wsdchngr.dll
2009-09-21 01:44:15 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-09-21 01:44:15 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-09-21 01:44:15 ----A---- C:\Windows\system32\msjint40.dll
2009-09-21 01:44:15 ----A---- C:\Windows\system32\l2nacp.dll
2009-09-21 01:44:15 ----A---- C:\Windows\system32\ftp.exe
2009-09-21 01:44:15 ----A---- C:\Windows\system32\eapp3hst.dll
2009-09-21 01:44:15 ----A---- C:\Windows\system32\cscdll.dll
2009-09-21 01:44:14 ----A---- C:\Windows\system32\Storprop.dll
2009-09-21 01:44:14 ----A---- C:\Windows\system32\rasdial.exe
2009-09-21 01:44:14 ----A---- C:\Windows\system32\rasdiag.dll
2009-09-21 01:44:14 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-09-21 01:44:14 ----A---- C:\Windows\system32\fdWCN.dll
2009-09-21 01:44:14 ----A---- C:\Windows\system32\eappcfg.dll
2009-09-21 01:44:14 ----A---- C:\Windows\system32\dot3cfg.dll
2009-09-21 01:44:14 ----A---- C:\Windows\system32\bthudtask.exe
2009-09-21 01:44:14 ----A---- C:\Windows\system32\bthci.dll
2009-09-21 01:44:13 ----A---- C:\Windows\system32\tscupgrd.exe
2009-09-21 01:44:13 ----A---- C:\Windows\system32\slcinst.dll
2009-09-21 01:44:13 ----A---- C:\Windows\system32\ocsetup.exe
2009-09-21 01:44:13 ----A---- C:\Windows\system32\nslookup.exe
2009-09-21 01:44:13 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-09-21 01:44:13 ----A---- C:\Windows\system32\ipconfig.exe
2009-09-21 01:44:13 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-09-21 01:44:13 ----A---- C:\Windows\system32\eappgnui.dll
2009-09-21 01:44:13 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-09-21 01:44:12 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-09-21 01:44:12 ----A---- C:\Windows\system32\mmcico.dll
2009-09-21 01:44:12 ----A---- C:\Windows\system32\hbaapi.dll
2009-09-21 01:44:12 ----A---- C:\Windows\system32\fdeploy.dll
2009-09-21 01:44:11 ----A---- C:\Windows\system32\gpupdate.exe
2009-09-21 01:44:11 ----A---- C:\Windows\system32\csrstub.exe
2009-09-21 01:44:11 ----A---- C:\Windows\system32\cbsra.exe
2009-09-21 01:44:10 ----A---- C:\Windows\system32\NcdProp.dll
2009-09-21 01:44:10 ----A---- C:\Windows\system32\iscsilog.dll
2009-09-21 01:44:10 ----A---- C:\Windows\system32\bitsigd.dll
2009-09-21 01:44:09 ----A---- C:\Windows\system32\winrnr.dll
2009-09-21 01:44:09 ----A---- C:\Windows\system32\vdmdbg.dll
2009-09-21 01:44:09 ----A---- C:\Windows\system32\slwga.dll
2009-09-21 01:44:09 ----A---- C:\Windows\system32\odbcconf.dll
2009-09-21 01:44:09 ----A---- C:\Windows\system32\inetppui.dll
2009-09-21 01:44:08 ----A---- C:\Windows\system32\midimap.dll
2009-09-21 01:44:04 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-09-21 01:44:03 ----A---- C:\Windows\system32\msimsg.dll
2009-09-21 01:43:29 ----A---- C:\Windows\system32\SmiEngine.dll
2009-09-21 01:43:20 ----A---- C:\Windows\system32\wdscore.dll
2009-09-21 01:43:20 ----A---- C:\Windows\system32\PkgMgr.exe
2009-09-21 01:42:54 ----A---- C:\Windows\system32\drvstore.dll
2009-09-21 01:07:35 ----A---- C:\Windows\system32\deploytk.dll
2009-09-17 19:29:41 ----D---- C:\Windows\system32\SDA
2009-09-14 01:37:39 ----D---- C:\Users\user1\AppData\Roaming\skypePM
2009-09-12 16:44:54 ----A---- C:\Windows\system32\GEARAspi.dll
2009-09-12 16:43:11 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 16:39:08 ----D---- C:\Program Files\QuickTime
2009-09-12 01:38:08 ----D---- C:\ProgramData\WinZip
2009-09-12 01:38:04 ----D---- C:\Program Files\WinZip
2009-09-12 01:31:03 ----D---- C:\USB_DRV
2009-09-09 08:21:15 ----A---- C:\Windows\system32\jscript.dll
2009-09-09 08:20:48 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-09 08:20:48 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-09 08:20:48 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-09 08:20:48 ----A---- C:\Windows\system32\ARP.EXE
2009-09-09 08:20:47 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-09 08:20:47 ----A---- C:\Windows\system32\netevent.dll
2009-09-09 08:20:47 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-09 08:20:47 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-09 08:20:47 ----A---- C:\Windows\system32\finger.exe
2009-09-09 08:20:28 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-09 08:20:28 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-09 08:20:28 ----A---- C:\Windows\system32\wlanhlp.dll
2009-09-09 08:20:27 ----A---- C:\Windows\system32\wlansec.dll
2009-09-09 08:20:27 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-09 08:20:27 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-09 08:20:24 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-09 08:20:23 ----A---- C:\Windows\system32\mf.dll
2009-09-09 08:20:22 ----A---- C:\Windows\system32\rrinstaller.exe
2009-09-09 08:20:22 ----A---- C:\Windows\system32\mfps.dll
2009-09-09 08:20:22 ----A---- C:\Windows\system32\mfpmp.exe
2009-09-09 08:20:21 ----A---- C:\Windows\system32\mferror.dll

======List of files/folders modified in the last 1 months======

2009-10-07 21:08:56 ----D---- C:\Program Files\Trend Micro
2009-10-07 20:53:39 ----D---- C:\Windows
2009-10-07 20:37:36 ----RD---- C:\Program Files
2009-10-07 20:37:36 ----D---- C:\Windows\system32\drivers
2009-10-06 19:37:51 ----D---- C:\ProgramData
2009-10-06 19:36:56 ----SHD---- C:\System Volume Information
2009-10-06 19:12:50 ----D---- C:\Windows\system32\en-US
2009-10-06 19:12:50 ----D---- C:\Windows\System32
2009-10-06 19:12:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-06 19:12:01 ----D---- C:\Windows\inf
2009-10-06 19:10:27 ----D---- C:\Windows\Tasks
2009-10-06 19:06:00 ----A---- C:\Windows\system.ini
2009-10-06 19:03:01 ----D---- C:\Windows\system32\config
2009-10-06 19:01:51 ----D---- C:\Program Files\Common Files\System
2009-10-06 19:01:50 ----SHD---- C:\Windows\Installer
2009-10-06 18:59:38 ----D---- C:\Windows\AppPatch
2009-10-06 18:59:36 ----D---- C:\Program Files\Common Files
2009-10-06 18:52:24 ----D---- C:\Windows\Prefetch
2009-10-06 18:51:45 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-10-06 18:51:42 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-10-05 19:26:17 ----D---- C:\Windows\Debug
2009-10-03 16:38:32 ----D---- C:\Windows\rescache
2009-10-03 16:20:19 ----D---- C:\Windows\winsxs
2009-10-03 02:54:28 ----D---- C:\Windows\system32\catroot
2009-10-03 02:54:26 ----D---- C:\Windows\system32\catroot2
2009-10-02 22:44:23 ----D---- C:\Program Files\Mozilla Firefox
2009-10-02 03:42:19 ----D---- C:\Windows\system32\wbem
2009-10-02 03:37:59 ----D---- C:\Windows\system32\Tasks
2009-10-02 03:37:59 ----D---- C:\Windows\system32\spool
2009-10-02 03:37:59 ----D---- C:\Windows\system32\CodeIntegrity
2009-10-02 03:37:58 ----D---- C:\Program Files\CCleaner
2009-10-02 03:37:57 ----D---- C:\Windows\registration
2009-10-01 22:45:49 ----D---- C:\Program Files\Java
2009-10-01 20:28:32 ----SD---- C:\Windows\Downloaded Program Files
2009-10-01 19:44:34 ----RD---- C:\Users
2009-09-30 23:35:03 ----D---- C:\Windows\tracing
2009-09-30 23:34:39 ----D---- C:\Windows\SchCache
2009-09-30 23:34:38 ----HD---- C:\Windows\msdownld.tmp
2009-09-30 23:34:38 ----D---- C:\Windows\Minidump
2009-09-30 23:34:37 ----D---- C:\Windows\LiveKernelReports
2009-09-30 23:34:35 ----D---- C:\Windows\Globalization
2009-09-30 21:54:40 ----D---- C:\Program Files\Yahoo!
2009-09-30 21:54:37 ----HD---- C:\ProgramData\yahoo!
2009-09-29 23:32:42 ----D---- C:\Users\user1\AppData\Roaming\Skype
2009-09-29 22:21:35 ----D---- C:\Users\user1\AppData\Roaming\WinRAR
2009-09-26 16:53:49 ----D---- C:\Program Files\Common Files\Apple
2009-09-26 16:53:47 ----D---- C:\ProgramData\Apple Computer
2009-09-24 19:37:03 ----D---- C:\Users\user1\AppData\Roaming\Ulead Systems
2009-09-22 22:23:40 ----D---- C:\Users\user1\AppData\Roaming\Apple Computer
2009-09-22 19:47:26 ----D---- C:\Program Files\DigitalCamera
2009-09-22 18:38:14 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-22 18:34:10 ----RSD---- C:\Windows\assembly
2009-09-22 18:34:10 ----D---- C:\Windows\Microsoft.NET
2009-09-21 21:07:28 ----D---- C:\Windows\pss
2009-09-21 03:20:27 ----D---- C:\Boot
2009-09-21 03:06:29 ----D---- C:\Program Files\Windows Sidebar
2009-09-21 03:06:29 ----D---- C:\Program Files\Windows Media Player
2009-09-21 03:06:29 ----D---- C:\Program Files\Windows Mail
2009-09-21 03:06:29 ----D---- C:\Program Files\Windows Collaboration
2009-09-21 03:06:29 ----D---- C:\Program Files\Windows Calendar
2009-09-21 03:06:29 ----D---- C:\Program Files\Movie Maker
2009-09-21 03:06:29 ----D---- C:\Program Files\Internet Explorer
2009-09-21 03:06:28 ----D---- C:\Program Files\Windows Photo Gallery
2009-09-21 03:06:26 ----D---- C:\Windows\servicing
2009-09-21 03:06:26 ----D---- C:\Program Files\Windows Defender
2009-09-21 03:06:21 ----D---- C:\Windows\system32\XPSViewer
2009-09-21 03:06:21 ----D---- C:\Windows\system32\sk-SK
2009-09-21 03:06:21 ----D---- C:\Windows\system32\lv-LV
2009-09-21 03:06:21 ----D---- C:\Windows\system32\ko-KR
2009-09-21 03:06:21 ----D---- C:\Windows\system32\hr-HR
2009-09-21 03:06:21 ----D---- C:\Windows\system32\et-EE
2009-09-21 03:06:21 ----D---- C:\Windows\system32\da-DK
2009-09-21 03:06:21 ----D---- C:\Windows\IME
2009-09-21 03:06:19 ----D---- C:\Windows\system32\oobe
2009-09-21 03:06:19 ----D---- C:\Windows\system32\migration
2009-09-21 03:06:19 ----D---- C:\Windows\system32\it-IT
2009-09-21 03:06:19 ----D---- C:\Windows\system32\el-GR
2009-09-21 03:06:19 ----D---- C:\Windows\system32\de-DE
2009-09-21 03:06:18 ----D---- C:\Windows\system32\sv-SE
2009-09-21 03:06:18 ----D---- C:\Windows\system32\SLUI
2009-09-21 03:06:18 ----D---- C:\Windows\system32\setup
2009-09-21 03:06:18 ----D---- C:\Windows\system32\ru-RU
2009-09-21 03:06:18 ----D---- C:\Windows\system32\pt-PT
2009-09-21 03:06:18 ----D---- C:\Windows\system32\hu-HU
2009-09-21 03:06:18 ----D---- C:\Windows\system32\he-IL
2009-09-21 03:06:18 ----D---- C:\Windows\system32\fr-FR
2009-09-21 03:06:18 ----D---- C:\Windows\system32\fi-FI
2009-09-21 03:06:18 ----D---- C:\Windows\system32\cs-CZ
2009-09-21 03:06:18 ----D---- C:\Windows\system32\AdvancedInstallers
2009-09-21 03:06:17 ----D---- C:\Windows\system32\zh-CN
2009-09-21 03:06:17 ----D---- C:\Windows\system32\sr-Latn-CS
2009-09-21 03:06:17 ----D---- C:\Windows\system32\manifeststore
2009-09-21 03:06:17 ----D---- C:\Windows\system32\en
2009-09-21 03:06:16 ----D---- C:\Windows\system32\zh-TW
2009-09-21 03:06:16 ----D---- C:\Windows\system32\uk-UA
2009-09-21 03:06:16 ----D---- C:\Windows\system32\th-TH
2009-09-21 03:06:16 ----D---- C:\Windows\system32\sl-SI
2009-09-21 03:06:16 ----D---- C:\Windows\system32\ro-RO
2009-09-21 03:06:16 ----D---- C:\Windows\system32\pl-PL
2009-09-21 03:06:16 ----D---- C:\Windows\system32\ja-JP
2009-09-21 03:06:16 ----D---- C:\Windows\system32\es-ES
2009-09-21 03:06:16 ----D---- C:\Windows\system32\bg-BG
2009-09-21 03:06:15 ----D---- C:\Windows\system32\tr-TR
2009-09-21 03:06:13 ----D---- C:\Windows\system32\nl-NL
2009-09-21 03:06:13 ----D---- C:\Windows\system32\nb-NO
2009-09-21 03:06:13 ----D---- C:\Windows\system32\lt-LT
2009-09-21 03:06:13 ----D---- C:\Windows\system32\ar-SA
2009-09-21 03:06:12 ----D---- C:\Windows\system32\pt-BR
2009-09-21 03:06:12 ----D---- C:\Windows\system32\migwiz
2009-09-21 03:05:48 ----RSD---- C:\Windows\Fonts
2009-09-21 03:05:30 ----D---- C:\Windows\system32\Boot
2009-09-21 00:59:15 ----D---- C:\Windows\system32\zh-HK
2009-09-17 19:29:40 ----D---- C:\Program Files\TOSHIBA
2009-09-12 16:44:54 ----DC---- C:\Windows\system32\DRVSTORE
2009-09-10 21:12:55 ----D---- C:\Program Files\Common Files\Motive
2009-09-10 19:21:01 ----D---- C:\ProgramData\Motive
2009-09-10 19:14:57 ----D---- C:\Program Files\BT Broadband Desktop Help
2009-09-09 19:10:41 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Aspi32;Aspi32; C:\Windows\system32\drivers\Aspi32.sys [1999-09-10 25244]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-08-31 1161152]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-07-14 742400]
R3 BoiHwsetup;Access 32bits INT15 routine; C:\Windows\system32\drivers\BoiHwSetup.sys [2006-10-12 7680]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 qkbfiltr;Keyboard Filter Driver; C:\Windows\system32\DRIVERS\qkbfiltr.sys [2006-11-20 33792]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-24 2085888]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-07-22 51200]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-27 179896]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R4 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
S1 uedhdwlh;uedhdwlh; \??\C:\Windows\system32\drivers\uedhdwlh.sys []
S1 xbkvceay;xbkvceay; \??\C:\Windows\system32\drivers\xbkvceay.sys []
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2008-01-19 45696]
S3 Avc;AVC Device; C:\Windows\system32\DRIVERS\avc.sys [2008-01-19 40448]
S3 CoachUsb;Coach Digital Camera on USB; C:\Windows\system32\DRIVERS\CoachUsb.sys [2009-04-06 51392]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
S3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2009-05-11 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2009-05-11 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-19 52608]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2006-02-14 216320]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2006-02-14 208256]
S4 vsdatant;vsdatant; C:\Windows\system32\drivers\vsdatant.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-09-12 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2006-11-24 557056]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2008-12-18 303104]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2006-12-14 428152]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\482\g2aservice.exe [2009-09-10 16936]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-25 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-10-07 21:09:08

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D173DC5-4AE5-4B3F-9819-3977DD11B1D0}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
4U Download YouTube Video (version 2.6.9)-->"C:\Program Files\4U Computing\Download YouTube Video\unins000.exe"
7-Zip 4.64-->"C:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\Setup.exe" -l0x9 -removeonly
ATI Catalyst Control Center Ex-->MsiExec.exe /I{44FEBA8C-2C89-E2A9-1423-AE5E5A42F472}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BT Broadband Desktop Help-->C:\Program Files\BT Broadband Desktop Help\btbb\unBTBDH.exe
BT Wireless Connection Manager-->C:\Program Files\Common Files\Motive\InstallHelper.exe /dir=C:\Program Files\Common Files\Motive /uninstallvendor=btbb_wcm /uninstallkey=BT Wireless Connection Manager
BT Yahoo! Applications-->C:\Program Files\Yahoo!\Common\uninstall.exe
BTHomeHub-->C:\Program Files.\BTHomeHub.\Uninstall.exe BTHomeHub2.0
Canon MP Navigator 3.1-->"C:\Program Files\Canon\MP Navigator 3.1\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.1\uninst.ini
Canon MP140 series User Registration-->C:\Program Files\Canon\IJEREG\MP140 series\UNINST.EXE
Canon MP140 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series /L0x0009
Canon Utilities Easy-LayoutPrint-->C:\Program Files\Canon\Easy-LayoutPrint\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x9
Digital Camera Device Driver-->C:\PROGRA~1\DIGITA~1\UNWISE.EXE C:\PROGRA~1\DIGITA~1\INSTALL.LOG
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Flick 1.3.0.7-->"C:\Program Files\DVD Flick\unins000.exe"
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
getPlus® for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
GoToAssist 8.0.0.482-->C:\Program Files\Citrix\GoToAssist\482\G2AUninstaller.exe /uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Java™ 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Automated Troubleshooting Services Shim-->%windir%\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 /removeonly uninstall -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe -runfromtemp -l0x0009uninstall -removeonly
TOSHIBA Disc Creator-->MsiExec.exe /I{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{617C36FD-0CBE-4600-84B2-441CEB12FADF} /l1033
TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EB0B41B1-E84F-483C-91FF-BB83019EE127} /l1033
TOSHIBA Manuals-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0F4F4815-76AD-4B26-8763-72F3344041C2}\setup.exe" -l0x9 -removeonly
Toshiba Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Supervisor Password-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{BE998F99-4CEB-4E64-B717-493A2E9797F4} /l1033
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
TOSHIBA Volume Indicator-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{98708E86-46E1-479D-B897-9802E591E762} /l1033
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Veetle TV 0.9.15-->C:\Program Files\Veetle\UninstallVeetleTV.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinDVD for TOSHIBA-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 12.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}

======Security center information======

AV: Kaspersky Anti-Virus (disabled) (outdated)
FW: Kaspersky Anti-Virus (disabled)
AS: AVG Anti-Spyware (disabled) (outdated)

======System event log======

Computer Name: user1-PC
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {57BA9816-A14F-4F75-88CF-985F7081C7C4}
User: user1-PC\user1
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: driver:{79007602-0CDB-4405-9DBF-1257BB3226EE}
Alert Type: Unclassified software
Detection Type:
Record Number: 227723
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090930223436.000000-000
Event Type: Warning
User:

Computer Name: user1-PC
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {1E272BD2-66F8-48E4-A7B6-661C1628FED1}
User: user1-PC\user1
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: service:{79007602-0CDB-4405-9DBF-1257BB3226EE}
Alert Type: Unclassified software
Detection Type:
Record Number: 227722
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090930223436.000000-000
Event Type: Warning
User:

Computer Name: user1-PC
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=370...threatid=142938
Scan ID: {C4E346BA-C0FC-4128-9577-A957A87DD521}
User: user1-PC\user1
Name: Trojan:Win32/Renos.N
ID: 142938
Severity ID: 4
Category ID: 8
Path Found: process:pid:1896
Alert Type: Spyware or other potentially unwanted software
Detection Type: Concrete
Record Number: 227721
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090930223436.000000-000
Event Type: Warning
User:

Computer Name: user1-PC
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {0312C471-24F6-4E4D-BF9B-7D328F2C3804}
User: user1-PC\user1
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: file:C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job;file:C:\Users\user1\AppData\Local\Temp\b.exe;taskscheduler:C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
Alert Type: Unclassified software
Detection Type:
Record Number: 227720
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090930223432.000000-000
Event Type: Warning
User:

Computer Name: user1-PC
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {9CCD790E-44FE-462D-80E8-3C75DA0A6F01}
User: user1-PC\user1
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: regkey:HKCU@S-1-5-21-4232574698-228105880-4154739431-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PopRock;runkey:HKCU@S-1-5-21-4232574698-228105880-4154739431-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PopRock;file:C:\Users\user1\AppData\Local\Temp\b.exe
Alert Type: Unclassified software
Detection Type:
Record Number: 227719
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090930223432.000000-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: user1-PC
Event Code: 4354
Message: The COM+ Event System failed to fire the DisplayUnlock method on subscription {0751205A-760F-483C-B58A-1170AFEB7877}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80010114.
Record Number: 809
Source Name: Microsoft-Windows-EventSystem
Time Written: 20071019131607.000000-000
Event Type: Warning
User:

Computer Name: user1-PC
Event Code: 4354
Message: The COM+ Event System failed to fire the DisplayLock method on subscription {0751205A-760F-483C-B58A-1170AFEB7877}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80010114.
Record Number: 808
Source Name: Microsoft-Windows-EventSystem
Time Written: 20071019130245.000000-000
Event Type: Warning
User:

Computer Name: user1-PC
Event Code: 3086
Message: The system locale has changed. Existing data will be deleted and the index must be recreated.

Context: Windows Application, SystemIndex Catalog

Record Number: 786
Source Name: Microsoft-Windows-Search
Time Written: 20070917121142.000000-000
Event Type: Warning
User:

Computer Name: user1-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 749
Source Name: Microsoft-Windows-Search
Time Written: 20070917123548.000000-000
Event Type: Warning
User:

Computer Name: LH-BZ5CXKOU1365
Event Code: 1036
Message: InitializePrintProvider failed for provider inetpp.dll. This can occur because of system instability or a lack of system resources.
Record Number: 732
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20070917122314.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: user1-PC
Event Code: 5061
Message: Cryptographic operation.

Subject:
Security ID: S-1-5-18
Account Name: USER1-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: RSA
Key Name: A1 Client Cert key container
Key Type: Machine key.

Cryptographic Operation:
Operation: Open Key.
Return Code: 0x0
Record Number: 41279
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090520155739.540940-000
Event Type: Audit Success
User:

Computer Name: user1-PC
Event Code: 5058
Message: Key file operation.

Subject:
Security ID: S-1-5-18
Account Name: USER1-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: Not Available.
Key Name: A1 Client Cert key container
Key Type: Machine key.

Key File Operation Information:
File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9c4d85b87d7ce4e2266e3ad33d98e11e_34d1f042-5832-4f8c-8d8c-b00c70101d25
Operation: Read persisted key from file.
Return Code: 0x0
Record Number: 41278
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090520155739.538987-000
Event Type: Audit Success
User:

Computer Name: user1-PC
Event Code: 5061
Message: Cryptographic operation.

Subject:
Security ID: S-1-5-18
Account Name: USER1-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: RSA
Key Name: A1 Client Cert key container
Key Type: Machine key.

Cryptographic Operation:
Operation: Open Key.
Return Code: 0x0
Record Number: 41277
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090520155739.535080-000
Event Type: Audit Success
User:

Computer Name: user1-PC
Event Code: 5058
Message: Key file operation.

Subject:
Security ID: S-1-5-18
Account Name: USER1-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: Not Available.
Key Name: A1 Client Cert key container
Key Type: Machine key.

Key File Operation Information:
File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9c4d85b87d7ce4e2266e3ad33d98e11e_34d1f042-5832-4f8c-8d8c-b00c70101d25
Operation: Read persisted key from file.
Return Code: 0x0
Record Number: 41276
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090520155739.535080-000
Event Type: Audit Success
User:

Computer Name: user1-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\PROGRA~1\COMMON~1\Motive\MRESP50.sys
Record Number: 41275
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090520152712.357271-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=1
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------

#3 darkchild101

Member

Group: Members
Posts: 108
Joined: 02-October 09

Posted 07 October 2009 - 03:45 PM

Kaspersky's online scanner wont run keeps coming back saying interrupted and to establish internet coonection when i already have

Desperate :thumbsup:

#4 boopme

To Insanity and Beyond

Group: Global Moderator
Posts: 46,303
Joined: 10-September 04
Gender:Male
Location:NJ USA

Posted 07 October 2009 - 03:50 PM

Please go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post those complete logs.

Let me know if it went OK.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook

#5 garmanma

Computer Masochist

Group: Staff Emeritus
Posts: 27,809
Joined: 27-January 07
Location:Cleveland, Ohio

Posted 07 October 2009 - 03:59 PM

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM me or another Moderator.
The BC Staff

This post has been edited by garmanma: 07 October 2009 - 04:00 PM

Mark

why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter