Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Qalkfxor/typelib/interface/clsid/tdss/zlob/rodqgpvlvnp/ebtg/pdoskegl/rvoelbxt/rqbmvpso & More


  • This topic is locked This topic is locked
30 replies to this topic

#1 Johannes1961

Johannes1961

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:21 PM

Posted 15 September 2008 - 11:23 AM

In the final phases of trying to ensure that my home machine is as clean as possible, prior to reloading XP from the hidden partition on my machine. From there I will have to reinstall my apps & data& reapply service Packs. But I'd rather do this than risk anything bad being left in the active partition on this machine.

Am still having problems with the user logon 'Carrie hamer' her login is unuseable. Mbam doesn't appear to be able to fix this. I note Hijack seems to have more entries for this logon. Anyhow for the background:

I had multiple infections as follows:

Initial Mbam scan:

Registry Keys Infected:
HKEY_CLASSES_ROOT\qalkfxor.btls (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{543c6090-cd1e-48f3-8814-aa3a42404e47} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{799a506e-49e6-4ce5-b1aa-7443abf39354} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{beb6b37a-bc8b-46b6-b59d-bf83429c7fc7} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qalkfxor.toolbar.1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2bb89980-ccf8-4d24-9745-332d348d217e} (Adware.Vapsup) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6fa7926-488d-4ead-a71e-8c848d867e07} (Adware.Vapsup) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf454f7a-8ab4-4f50-88c6-f22086662770} (Adware.Vapsup) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{14e1f47e-33ae-4a87-877c-91b58b3a2ce5} (Adware.Vapsup) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf454f7a-8ab4-4f50-88c6-f22086662770} (Adware.Vapsup) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7638711c-72e0-4c54-9480-8e7c3824f7e4} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{280869b4-b072-41ff-b764-74e34c012284} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{beb6b37a-bc8b-46b6-b59d-bf83429c7fc7} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pdoskegl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\rqbmvpso (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76477-OEM-0011903-00102) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\qalkfxor.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\rodqgpvlvnp.dll (Adware.Vapsup) -> Quarantined and deleted successfully.
C:\WINDOWS\ebtg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\pdoskegl.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\rvoelbxt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\rqbmvpso.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin.MR_NUMPTY\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin.MR_NUMPTY\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin.MR_NUMPTY\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Carrie Hamer\Local Settings\Temp\lwpwer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\David Hamer\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Carrie Hamer\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\David Hamer\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Carrie Hamer\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\David Hamer\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Carrie Hamer\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\David Hamer\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Carrie Hamer\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin.MR_NUMPTY\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\David Hamer\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Carrie Hamer\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin.MR_NUMPTY\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\David Hamer\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Carrie Hamer\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin.MR_NUMPTY\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.


Subsequent Mbam scan:

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.


HIJACK SCAN
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:50:46, on 15/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Icons\SetIcon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bleepingcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-1008\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Carrie Hamer')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Carrie Hamer')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-1008\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all (User 'Carrie Hamer')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-1009\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Gracie Hamer')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-1010\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Ava Hamer')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-1014\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Admin')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-500\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Administrator')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-501\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Guest')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-3921214351-744279095-824717259-1008 Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Carrie Hamer')
O4 - S-1-5-21-3921214351-744279095-824717259-1008 User Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Carrie Hamer')
O4 - S-1-5-21-3921214351-744279095-824717259-1009 Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Gracie Hamer')
O4 - S-1-5-21-3921214351-744279095-824717259-1009 User Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Gracie Hamer')
O4 - S-1-5-21-3921214351-744279095-824717259-1010 Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Ava Hamer')
O4 - S-1-5-21-3921214351-744279095-824717259-1010 User Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Ava Hamer')
O4 - S-1-5-21-3921214351-744279095-824717259-1014 Startup: BUFFALO EasyBackup.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe (User 'Admin')
O4 - Startup: BUFFALO Disk Backup Utility.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193003783740
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193003770833
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...003/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13562 bytes

Thanks. David

Sorry just noticed topic link - otherwise would have linked this in rather than pasting mbam logs...

BC AdBot (Login to Remove)

 


#2 Johannes1961

Johannes1961
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:21 PM

Posted 27 September 2008 - 03:27 AM

Hi, I have been using the computer whilst waiting for a response to the Hijack log. I've advised my wife NOT to allow any downloads/installations. However, I have just checked yesterdays virus scan and it picked up 'Download.Agent.cln'.

Is this a real threat? It didn't come up on previous virus checks?

Could it have been resident all the time and have AVG updated the signature file to identify it?

Should I be concerned? As I have changed my OLB details on another computer but accessed my banks online on this computer since.

It's been deleted by AVG.

Await your response.

Regards, David

#3 Johannes1961

Johannes1961
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:21 PM

Posted 28 September 2008 - 06:38 AM

Update since yesterday. My wife allowed a connection on the firewall in my absence yesterday. I got home & couldn't start programs or logout or shutdown. The mouse pointer moved and start menu opened but nothing more. Loads of disk activity too. so I had to pull the power to be safe. Rebooted and have gone throught the whole process of MBAM, SAS, Spybot etc again. Downloaded all utilities and installed a fresh.

SAS came up clean.
MBAM found some registry data items that it quarantined & deleted successfully as well as Trojan.Fakealert on my wife's login.
Spybot found Smitfraud-C and some cookies that I presume are just cookies? I did select to 'fix' the spybot items listed but it doesn't seem to have logged this?

I ran Hijack this morning and have listed below output from SAS, MBAM, Spybot & Hijack.

SAS
******

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/27/2008 at 06:46 PM

Application Version : 4.21.1004

Core Rules Database Version : 3581
Trace Rules Database Version: 1569

Scan type : Complete Scan
Total Scan Time : 02:16:56

Memory items scanned : 223
Memory threats detected : 0
Registry items scanned : 5806
Registry threats detected : 0
File items scanned : 147425
File threats detected : 0




MBAM
******

Malwarebytes' Anti-Malware 1.28
Database version: 1212
Windows 5.1.2600 Service Pack 3

27/09/2008 15:15:41
mbam-log-2008-09-27 (15-15-41).txt

Scan type: Quick Scan
Objects scanned: 74579
Time elapsed: 11 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Carrie Hamer\Local Settings\Temp\TDSSd27b.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.


Spybot
******

Smitfraud-C.: [SBI $89ACC2AB] Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3921214351-744279095-824717259-1008\Control Panel\International\sTimeFormat=...: Virus Alert!...

MediaPlex: Tracking cookie (Internet Explorer: David Hamer) (Cookie, nothing done)


MediaPlex: Tracking cookie (Internet Explorer: David Hamer) (Cookie, nothing done)


DoubleClick: Tracking cookie (Internet Explorer: David Hamer) (Cookie, nothing done)


HiJack
******

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:35, on 28/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Icons\SetIcon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bleepingcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-1008\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Carrie Hamer')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Carrie Hamer')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-1008\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all (User 'Carrie Hamer')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-1009\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Gracie Hamer')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-1010\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Ava Hamer')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-1014\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Admin')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-500\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Administrator')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-501\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Guest')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-3921214351-744279095-824717259-1008 Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Carrie Hamer')
O4 - S-1-5-21-3921214351-744279095-824717259-1008 User Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Carrie Hamer')
O4 - S-1-5-21-3921214351-744279095-824717259-1009 Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Gracie Hamer')
O4 - S-1-5-21-3921214351-744279095-824717259-1009 User Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Gracie Hamer')
O4 - S-1-5-21-3921214351-744279095-824717259-1010 Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Ava Hamer')
O4 - S-1-5-21-3921214351-744279095-824717259-1010 User Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Ava Hamer')
O4 - S-1-5-21-3921214351-744279095-824717259-1014 Startup: BUFFALO EasyBackup.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe (User 'Admin')
O4 - Startup: BUFFALO Disk Backup Utility.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193003783740
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193003770833
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...003/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13933 bytes

#4 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 28 September 2008 - 07:06 AM

Hello Johannes1961

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.


White Warrior

#5 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 28 September 2008 - 02:05 PM

Hello Johannes1961. Welcome to Bleeping Computer.

Your log looks clean, but let’s run an online scan to be sure.

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your Desktop.
  • Copy and Paste that information in your next post.
  • Download random's system information tool (RSIT) by random/random from
    here and save it to your Desktop.
  • Double click on RSIT.exe
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open.
  • Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

White Warrior

#6 Johannes1961

Johannes1961
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK

Posted 29 September 2008 - 04:24 PM

Hi, not sure that I'll get chance to do this today. But just wanted to get your feedback on a couple of entries in the Hijack log.

I took some time to review the Hijack tutorial and used the various databases to verify some (not all of the) line entries. The following I was concerned as suspect:

O2 - BHO Google Toolbar Notifier BHO { dodgy id } swg.dll

O3 - & Google {dodgy id) googletoolbar.dll

O4 - HKUS Googletoolbarnotifier

O23 - Service: Intel NetSvc.exe (program descriptor 'NetSvc.exe' does not match CAPS and lower case of valid program in Bleeping database. Could be irrelevant???)

Your views on these? The Google Toolbar Notifier looks like malware?

Be in touch tomorrow.

Thanks, David

#7 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 30 September 2008 - 08:39 AM

Hello Johannes1961

I understand your concerns, and I have tried to explain each entry.

O2 - BHO Google Toolbar Notifier BHO { dodgy id } swg.dll


BHO stands for browser helper object.
The CLSID {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} is correct.
The file name: swg.dll is correct.
It is in the correct position: In program Files.
Please see here: http://www.liutilities.com/products/wintas...dlllibrary/swg/

O3 - & Google {dodgy id) googletoolbar.dll


The CLSID is correct: {2318C2B1-4965-11d4-9B18-009027A5CD4F}
The file name is correct: googletoolbar1.dll
It is in the correct position: in Program Files
Please see here: http://www.spywaredata.com/spyware/malware...oolbar1.dll.php

O4 - HKUS Googletoolbarnotifier


The file name is correct: GoogleToolbarNotifier.exe
It is in the correct position: in program files
Please see here: http://www.bleepingcomputer.com/startups/G....exe-16278.html

O23 - Service: Intel NetSvc.exe (program descriptor 'NetSvc.exe' does not match CAPS and lower case of valid program in Bleeping database. Could be irrelevant???)


This is a service that is being run on the computer.
Intel NCS NetService is the display name
(NetSvc) is the service name.
It is being run by the Intel program.
The file name: 'NetSvc.exe' has the correct combination of capital and lower case letters.
Please see here: http://www.file.net/process/netsvc.exe.html

I hope this helps


White Warrior

#8 Johannes1961

Johannes1961
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK

Posted 30 September 2008 - 04:24 PM

Thanks for your detailed response. I'll double check my references on the toolbarnotifier - could well be that I mis read something.

Anyhow Kaperski found the following:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, September 30, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, September 30, 2008 19:11:12
Records in database: 1277442
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 100229
Threat name: 2
Infected objects: 1
Suspicious objects: 2
Duration of the scan: 01:45:18


File name / Threat name / Threats count
C:\Documents and Settings\Carrie Hamer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Java2SE.jar-29708241-3b5e41ce.zip Infected: Trojan-Downloader.Java.OpenConnection.ar 1
C:\Documents and Settings\David Hamer\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Ebay.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\David Hamer\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1

The selected area was scanned.

But I just realised that I didn't have my external J: drive switched on so i'll need to run again. However, the above maybe useful in the interim.

I'll do the RSIT now (with J: switched on...)

Thks, David

Edited by Johannes1961, 30 September 2008 - 04:24 PM.


#9 Johannes1961

Johannes1961
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:21 PM

Posted 30 September 2008 - 04:49 PM

Ok. Done RSIT as follows...



LOG.TXT
********

Logfile of random's system information tool 1.04 (written by random/random)
Run by David Hamer at 2008-09-30 22:42:12
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 106 GB (71%) free of 149 GB
Total RAM: 1022 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:42:14, on 30/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Icons\SetIcon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David Hamer\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\David Hamer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bleepingcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BUFFALO Disk Backup Utility.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193003783740
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193003770833
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...003/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11802 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Security Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{188E7BA6-D5CA-467B-8157-0BC7BA01C53B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 118844]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 323904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-05-11 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-09 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-05-11 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"CTSysVol"=C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"P17Helper"=Rundll32 P17.dll []
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-05-31 122941]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-09-01 180269]
"SetIcon"=C:\Program Files\Icons\SetIcon.exe [2002-12-16 39936]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-09-04 579584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-26 1207080]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-26 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 []
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe [2008-07-08 2828184]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-09-01 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^David Hamer^Start Menu^Programs^Startup^BUFFALO Disk Backup Utility.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^David Hamer^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe []

C:\Documents and Settings\David Hamer\Start Menu\Programs\Startup
BUFFALO Disk Backup Utility.lnk - C:\Program Files\BUFFALO\HDBackup\HDBackup.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgwlntf]
C:\WINDOWS\system32\avgwlntf.dll [2008-09-04 9216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"NoDispCPL"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoViewOnDrive"=0
"NoStartMenuMorePrograms"=0
"StartMenuLogOff"=0
"NoDrives"=0
"NoToolbarCustomize"=0
"NoSetFolders"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4"
"C:\Program Files\BUFFALO\HDBackup\HDBackup.exe"="C:\Program Files\BUFFALO\HDBackup\HDBackup.exe:*:Enabled:BUFFALO Easy Backup to HD"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:MSN Messenger 7.5"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Disabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

======File associations======

.reg - open - regedit.exe "%1" %*

======List of files/folders created in the last 1 months======

2008-09-30 22:25:38 ----D---- C:\rsit
2008-09-27 12:51:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-15 16:50:05 ----D---- C:\Program Files\Trend Micro
2008-09-13 11:06:35 ----D---- C:\WINDOWS\Prefetch
2008-09-13 10:57:58 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-13 10:51:44 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-07 16:37:03 ----D---- C:\WINDOWS\system32\scripting
2008-09-07 16:37:02 ----D---- C:\WINDOWS\system32\en
2008-09-07 16:37:02 ----D---- C:\WINDOWS\l2schemas
2008-09-07 16:37:01 ----D---- C:\WINDOWS\system32\bits
2008-09-07 16:28:26 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2008-09-07 16:28:26 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\printui.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\oleaut32.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\ntdll.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\lsasrv.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\locator.exe
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\localspl.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\imagehlp.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\ftp.exe
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\format.com
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\cmd.exe
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\cacls.exe
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\autochk.exe
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-09-07 16:27:43 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-09-07 16:27:43 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-09-07 16:27:43 ----A---- C:\WINDOWS\system32\services.exe
2008-09-07 16:27:43 ----A---- C:\WINDOWS\system32\schannel.dll
2008-09-07 16:27:43 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-09-07 16:27:43 ----A---- C:\WINDOWS\system32\savedump.exe
2008-09-07 16:27:43 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-09-07 16:27:43 ----A---- C:\WINDOWS\system32\samlib.dll
2008-09-07 16:27:43 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-09-07 16:27:43 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-09-07 16:27:43 ----A---- C:\WINDOWS\system32\rasman.dll
2008-09-07 16:27:42 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-09-07 16:27:42 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-09-07 16:27:42 ----A---- C:\WINDOWS\system32\smss.exe
2008-09-07 16:27:41 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-09-07 16:27:41 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-09-07 16:27:41 ----A---- C:\WINDOWS\system32\userinit.exe
2008-09-07 16:27:41 ----A---- C:\WINDOWS\system32\untfs.dll
2008-09-07 16:27:41 ----A---- C:\WINDOWS\system32\ulib.dll
2008-09-07 16:27:41 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-09-07 16:27:40 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-09-07 16:27:40 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-09-07 16:27:40 ----A---- C:\WINDOWS\system32\HAL.DLL
2008-09-07 16:27:17 ----D---- C:\WINDOWS\EHome
2008-09-07 09:48:34 ----A---- C:\WINDOWS\system32\wuauserv(5).dll
2008-09-07 09:48:34 ----A---- C:\WINDOWS\system32\wuauserv(2)(2).dll
2008-09-07 09:48:34 ----A---- C:\WINDOWS\system32\wscsvc(5).dll
2008-09-07 09:48:34 ----A---- C:\WINDOWS\system32\wscsvc(2)(2).dll
2008-09-07 09:48:34 ----A---- C:\WINDOWS\system32\winhttp(5).dll
2008-09-07 09:48:34 ----A---- C:\WINDOWS\system32\winhttp(2)(2).dll
2008-09-07 09:48:30 ----A---- C:\WINDOWS\system32\xpsp2res(2)(2).dll
2008-09-07 09:48:30 ----A---- C:\WINDOWS\system32\qmgr(2)(2).dll
2008-09-07 09:48:07 ----A---- C:\WINDOWS\explorer(5).exe
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\browser(5).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\browser(2)(2).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\basesrv(2)(2).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\authz(5).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\authz(2)(2).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\audiosrv(5).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\audiosrv(2)(2).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\atl(5).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\atl(2)(2).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\apphelp(2)(2).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\alrsvc(2)(2).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\alg(5).exe
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\alg(2)(2).exe
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\adsldpc(5).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\adsldpc(2)(2).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\actxprxy(5).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\activeds(5).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\activeds(2)(2).dll
2008-09-07 09:48:04 ----A---- C:\WINDOWS\system32\certcli(5).dll
2008-09-07 09:48:04 ----A---- C:\WINDOWS\system32\certcli(2)(2).dll
2008-09-07 09:48:04 ----A---- C:\WINDOWS\system32\catsrvut(2)(2).dll
2008-09-07 09:48:04 ----A---- C:\WINDOWS\system32\catsrv(2)(2).dll
2008-09-07 09:48:04 ----A---- C:\WINDOWS\system32\cabinet(5).dll
2008-09-07 09:48:04 ----A---- C:\WINDOWS\system32\cabinet(2)(2).dll
2008-09-07 09:48:04 ----A---- C:\WINDOWS\system32\browseui(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\davclnt(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\csrss(5).exe
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\csrss(2)(2).exe
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cscui(4).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cscdll(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cscdll(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cryptui(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cryptui(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cryptsvc(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cryptsvc(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cryptnet(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cryptdll(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cryptdll(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\crypt32(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\crypt32(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\credui(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\credui(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\comsvcs(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\comsvcs(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\comres(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\comres(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\colbact(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\colbact(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cnbjmon(4).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\clusapi(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\clusapi(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\clbcatq(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\clbcatq(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cfgmgr32(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cfgmgr32(2)(2).dll
2008-09-07 09:48:02 ----A---- C:\WINDOWS\system32\drprov(2)(2).dll
2008-09-07 09:48:02 ----A---- C:\WINDOWS\system32\dnsrslvr(5).dll
2008-09-07 09:48:02 ----A---- C:\WINDOWS\system32\dnsrslvr(2)(2).dll
2008-09-07 09:48:02 ----A---- C:\WINDOWS\system32\dnsapi(5).dll
2008-09-07 09:48:02 ----A---- C:\WINDOWS\system32\dnsapi(2)(2).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\hidserv(5).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\hidserv(2)(2).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\hid(5).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\hid(2)(2).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\gdi32(2)(2).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\fxsmon(4).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\fxsevent(4).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\eventlog(5).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\eventlog(2)(2).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\esent(5).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\esent(2)(2).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\es(5).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\es(2)(2).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\ersvc(5).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\ersvc(2)(2).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\duser(2)(2).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\dssenh(5).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\dssenh(2)(2).dll
2008-09-07 09:48:00 ----A---- C:\WINDOWS\system32\inetpp(4).dll
2008-09-07 09:48:00 ----A---- C:\WINDOWS\system32\imm32(2)(2).dll
2008-09-07 09:48:00 ----A---- C:\WINDOWS\system32\icaapi(5).dll
2008-09-07 09:48:00 ----A---- C:\WINDOWS\system32\icaapi(2)(2).dll
2008-09-07 09:48:00 ----A---- C:\WINDOWS\system32\hnetcfg(5).dll
2008-09-07 09:48:00 ----A---- C:\WINDOWS\system32\hnetcfg(2)(2).dll
2008-09-07 09:47:59 ----A---- C:\WINDOWS\system32\lsass(5).exe
2008-09-07 09:47:59 ----A---- C:\WINDOWS\system32\lsass(2)(2).exe
2008-09-07 09:47:59 ----A---- C:\WINDOWS\system32\logonui(2)(2).exe
2008-09-07 09:47:59 ----A---- C:\WINDOWS\system32\kerberos(5).dll
2008-09-07 09:47:59 ----A---- C:\WINDOWS\system32\kerberos(2)(2).dll
2008-09-07 09:47:59 ----A---- C:\WINDOWS\system32\itss(2)(2).dll
2008-09-07 09:47:59 ----A---- C:\WINDOWS\system32\ipsecsvc(4).dll
2008-09-07 09:47:59 ----A---- C:\WINDOWS\system32\ipnathlp(5).dll
2008-09-07 09:47:59 ----A---- C:\WINDOWS\system32\ipnathlp(2)(2).dll
2008-09-07 09:47:59 ----A---- C:\WINDOWS\system32\iphlpapi(5).dll
2008-09-07 09:47:59 ----A---- C:\WINDOWS\system32\iphlpapi(2)(2).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\msgina(2)(2).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\mscms(4).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\msasn1(5).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\msasn1(2)(2).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\msapsspc(2).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\msacm32(5).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\msacm32(2)(2).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\mprapi(5).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\mprapi(2)(2).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\mpr(5).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\mpr(2)(2).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\modemui(2)(2).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\mlang(2)(2).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\midimap(5).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\midimap(2)(2).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\mfcsubs(2)(2).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\mfc42(4).dll
2008-09-07 09:47:57 ----A---- C:\WINDOWS\system32\msimg32(5).dll
2008-09-07 09:47:57 ----A---- C:\WINDOWS\system32\msimg32(2)(2).dll
2008-09-07 09:47:57 ----A---- C:\WINDOWS\system32\msidle(5).dll
2008-09-07 09:47:57 ----A---- C:\WINDOWS\system32\msidle(2)(2).dll
2008-09-07 09:47:57 ----A---- C:\WINDOWS\system32\msi(2)(2).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\mswsock(5).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\mswsock(2)(2).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\msvcrt40(2).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\msvcrt(5).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\msvcrt(2)(2).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\msvcp60(5).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\msvcp60(2)(2).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\mstlsapi(5).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\mstlsapi(2)(2).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\msprivs(5).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\msprivs(2)(2).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\mspatcha(4).dll
2008-09-07 09:47:55 ----A---- C:\WINDOWS\system32\netcfgx(5).dll
2008-09-07 09:47:55 ----A---- C:\WINDOWS\system32\netcfgx(2)(2).dll
2008-09-07 09:47:55 ----A---- C:\WINDOWS\system32\netapi32(5).dll
2008-09-07 09:47:55 ----A---- C:\WINDOWS\system32\netapi32(2)(2).dll
2008-09-07 09:47:55 ----A---- C:\WINDOWS\system32\nddeapi(5).dll
2008-09-07 09:47:55 ----A---- C:\WINDOWS\system32\nddeapi(2)(2).dll
2008-09-07 09:47:55 ----A---- C:\WINDOWS\system32\ncobjapi(2)(2).dll
2008-09-07 09:47:55 ----A---- C:\WINDOWS\system32\mtxclu(5).dll
2008-09-07 09:47:55 ----A---- C:\WINDOWS\system32\mtxclu(2)(2).dll
2008-09-07 09:47:55 ----A---- C:\WINDOWS\system32\msxml3(4).dll
2008-09-07 09:47:55 ----A---- C:\WINDOWS\system32\msxml3(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\pjlmon(4).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\olecli32(5).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\olecli32(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\ole32(5).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\ole32(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\odbcint(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\odbc32(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\oakley(4).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\ntmarta(5).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\ntmarta(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\ntlanman(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\ntdsapi(5).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\ntdsapi(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\newdev(4).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\netui1(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\netui0(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\netshell(5).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\netshell(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\netrap(5).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\netrap(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\netman(5).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\netman(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\netlogon(5).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\netlogon(2)(2).dll
2008-09-07 09:47:53 ----A---- C:\WINDOWS\system32\psapi(5).dll
2008-09-07 09:47:53 ----A---- C:\WINDOWS\system32\psapi(2)(2).dll
2008-09-07 09:47:53 ----A---- C:\WINDOWS\system32\profmap(5).dll
2008-09-07 09:47:53 ----A---- C:\WINDOWS\system32\profmap(2)(2).dll
2008-09-07 09:47:53 ----A---- C:\WINDOWS\system32\powrprof(5).dll
2008-09-07 09:47:53 ----A---- C:\WINDOWS\system32\powrprof(2)(2).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\regapi(5).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\regapi(2)(2).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\rastls(5).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\rastls(2)(2).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\rasppp(5).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\rasppp(2)(2).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\rasmans(5).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\rasmans(2)(2).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\raschap(5).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\raschap(2)(2).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\rasadhlp(5).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\rasadhlp(2)(2).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\qmgrprxy(5).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\qmgrprxy(2)(2).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\pstorsvc(5).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\pstorsvc(2)(2).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\psbase(5).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\psbase(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\sfc_os(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\sfc_os(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\sfc(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\sfc(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\sensapi(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\sensapi(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\sens(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\sens(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\secur32(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\secur32(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\seclogon(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\seclogon(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\scrrun(3).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\sclgntfy(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\schedsvc(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\schedsvc(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\scesrv(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\scesrv(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\scecli(4).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\rtutils(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\rtutils(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\rsaenh(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\rsaenh(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\rpcss(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\rpcss(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\rpcrt4(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\rpcrt4(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\resutils(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\resutils(2)(2).dll
2008-09-07 09:47:50 ----A---- C:\WINDOWS\system32\shdocvw(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\tapi32(5).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\tapi32(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\sxs(5).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\sxs(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\svchost(5).exe
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\svchost(2)(2).exe
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\ssdpsrv(5).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\ssdpsrv(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\ssdpapi(5).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\ssdpapi(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\srsvc(5).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\srsvc(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\srrstr(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\srclient(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\spoolsv(4).exe
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\spoolss(4).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\shsvcs(5).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\shsvcs(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\shlwapi(6).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\shlwapi(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\shimeng(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\shgina(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\shfolder(5).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\shfolder(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\shell32(5).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\shell32(2)(2).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\uxtheme(5).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\uxtheme(2)(2).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\userenv(2)(2).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\user32(2)(2).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\usbmon(4).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\upnp(5).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\upnp(2)(2).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\uniplat(2)(2).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\unimdmat(2)(2).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\umpnpmgr(5).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\umpnpmgr(2)(2).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\trkwks(5).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\trkwks(2)(2).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\themeui(4).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\termsrv(5).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\termsrv(2)(2).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\tcpmon(4).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\tapisrv(5).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\tapisrv(2)(2).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\winlogon(2)(2).exe
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\winipsec(5).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\winipsec(2)(2).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\wiaservc(4).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\webclnt(5).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\webclnt(2)(2).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\wdigest(5).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\wdigest(2)(2).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\w32time(5).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\w32time(2)(2).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\vssapi(5).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\vssapi(2)(2).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\version(5).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\version(2)(2).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\vbscript(4).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wzcsvc(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wzcsvc(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wzcsapi(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wzcsapi(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wtsapi32(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wtsapi32(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wsock32(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wsock32(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wshtcpip(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wshtcpip(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\ws2help(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\ws2help(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\ws2_32(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\ws2_32(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wow32(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wow32(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wmi(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wmi(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wlnotify(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wlnotify(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wldap32(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wldap32(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wintrust(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wintrust(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\winsta(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\winsrv(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\winscard(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\winscard(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\winrnr(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\winrnr(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\winmm(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\winmm(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\setupapi(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\services(2)(2).exe
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\schannel(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\samsrv(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\samlib(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\rastapi(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\rasman(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\rasdlg(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\rasapi32(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\olecnv32(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\oleaut32(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\ntlsapi(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\ntdll(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\msv1_0(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\lsasrv(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\lmhsvc(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\kernel32(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\imagehlp(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\dhcpcsvc(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\csrsrv(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\comdlg32(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\comctl32(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\advapi32(2)(2).dll
2008-09-07 09:47:44 ----A---- C:\WINDOWS\system32\srvsvc(2)(2).dll
2008-09-07 09:47:44 ----A---- C:\WINDOWS\system32\smss(2)(2).exe
2008-09-07 09:47:42 ----A---- C:\WINDOWS\system32\wkssvc(2)(2).dll
2008-09-04 07:49:40 ----A---- C:\WINDOWS\system32\avgwlntf.dll
2008-09-04 07:49:40 ----A---- C:\WINDOWS\system32\avgfwafu.dll
2008-09-04 07:49:16 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-03 22:31:10 ----D---- C:\WINDOWS\F34D9A5F484A4E31A9D3908CB265B289.TMP
2008-09-03 22:28:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-03 22:28:18 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2008-09-03 20:08:34 ----D---- C:\WINDOWS\system32\logs
2008-09-03 20:08:28 ----D---- C:\Documents and Settings\David Hamer\Application Data\BitDefender
2008-09-03 20:07:41 ----D---- C:\Program Files\BitDefender
2008-09-03 20:07:41 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-09-03 20:04:58 ----D---- C:\Program Files\Common Files\BitDefender
2008-09-02 19:42:09 ----D---- C:\Program Files\Lavasoft
2008-09-02 19:42:09 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-31 21:34:43 ----D---- C:\Documents and Settings\David Hamer\Application Data\SUPERAntiSpyware.com
2008-08-31 19:55:40 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-31 19:55:16 ----D---- C:\Program Files\SUPERAntiSpyware
2008-08-31 18:14:15 ----D---- C:\Documents and Settings\David Hamer\Application Data\Malwarebytes
2008-08-31 16:32:41 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-31 16:31:25 ----D---- C:\Program Files\Common Files\Download Manager
2008-08-31 15:17:20 ----D---- C:\SDFix

======List of files/folders modified in the last 1 months======

2008-09-30 19:50:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-30 19:32:26 ----D---- C:\WINDOWS\Temp
2008-09-30 18:40:59 ----D---- C:\WINDOWS
2008-09-30 18:37:37 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-30 18:37:29 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2008-09-30 08:29:52 ----D---- C:\WINDOWS\system32
2008-09-30 07:59:10 ----D---- C:\Downloads
2008-09-30 07:55:02 ----A---- C:\ASLog.txt
2008-09-30 07:49:34 ----A---- C:\WINDOWS\win.ini
2008-09-30 07:14:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-29 18:38:26 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2008-09-29 18:36:34 ----D---- C:\Documents and Settings\David Hamer\Application Data\AVG7
2008-09-27 22:00:28 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-27 19:56:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-27 19:45:43 ----SD---- C:\WINDOWS\Tasks
2008-09-27 19:45:43 ----RD---- C:\Program Files
2008-09-27 16:27:44 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-27 15:43:17 ----SHD---- C:\WINDOWS\Installer
2008-09-27 15:43:17 ----D---- C:\Config.Msi
2008-09-27 15:42:10 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-27 15:17:20 ----D---- C:\WINDOWS\system32\drivers
2008-09-26 14:03:01 ----RHD---- C:\$VAULT$.AVG
2008-09-24 19:33:42 ----D---- C:\Program Files\ACT
2008-09-16 20:46:15 ----D---- C:\Documents and Settings
2008-09-16 20:46:15 ----D---- C:\dell
2008-09-15 13:43:19 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-14 10:29:56 ----D---- C:\WINDOWS\system32\Macromed
2008-09-13 19:13:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-13 19:13:36 ----HD---- C:\WINDOWS\inf
2008-09-13 11:07:13 ----A---- C:\WINDOWS\setuplog.txt
2008-09-13 11:05:53 ----D---- C:\WINDOWS\system32\Setup
2008-09-13 11:05:53 ----D---- C:\WINDOWS\AppPatch
2008-09-13 11:05:52 ----RSD---- C:\WINDOWS\Fonts
2008-09-13 11:05:52 ----D---- C:\WINDOWS\system32\wbem
2008-09-13 11:05:12 ----D---- C:\WINDOWS\security
2008-09-13 11:03:16 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-13 11:01:03 ----D---- C:\WINDOWS\WinSxS
2008-09-13 11:00:58 ----D---- C:\Program Files\Messenger
2008-09-13 11:00:56 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-09-13 11:00:53 ----D---- C:\WINDOWS\network diagnostic
2008-09-13 11:00:53 ----D---- C:\WINDOWS\ime
2008-09-13 11:00:53 ----D---- C:\WINDOWS\Help
2008-09-13 11:00:39 ----D---- C:\WINDOWS\system32\usmt
2008-09-13 11:00:39 ----D---- C:\WINDOWS\system32\en-US
2008-09-13 11:00:36 ----D---- C:\WINDOWS\PeerNet
2008-09-13 11:00:36 ----D---- C:\Program Files\Movie Maker
2008-09-13 10:57:53 ----D---- C:\WINDOWS\system32\Restore
2008-09-13 10:57:53 ----D---- C:\WINDOWS\system32\npp
2008-09-13 10:57:51 ----D---- C:\WINDOWS\msagent
2008-09-13 10:57:49 ----D---- C:\WINDOWS\srchasst
2008-09-13 10:57:48 ----D---- C:\Program Files\NetMeeting
2008-09-13 10:57:46 ----D---- C:\WINDOWS\system32\Com
2008-09-13 10:57:43 ----D---- C:\Program Files\Windows Media Player
2008-09-13 10:57:42 ----D---- C:\Program Files\Windows NT
2008-09-13 10:57:42 ----D---- C:\Program Files\Outlook Express
2008-09-13 10:57:38 ----D---- C:\Program Files\Common Files\System
2008-09-13 10:57:21 ----D---- C:\WINDOWS\system32\oobe
2008-09-13 10:57:18 ----D---- C:\WINDOWS\system
2008-09-13 10:54:19 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-12 20:59:38 ----A---- C:\WINDOWS\imsins.BAK
2008-09-07 11:02:22 ----D---- C:\WINDOWS\system32\config
2008-09-07 11:02:05 ----D---- C:\WINDOWS\Registration
2008-09-06 16:21:10 ----D---- C:\WINDOWS\Debug
2008-09-06 16:10:32 ----SHD---- C:\System Volume Information
2008-09-05 21:29:35 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-09-05 21:20:52 ----D---- C:\Program Files\OpenOffice.org 2.0
2008-09-04 07:27:29 ----A---- C:\WINDOWS\orun32.ini
2008-09-03 22:28:43 ----D---- C:\Program Files\Registry Mechanic
2008-09-03 20:04:58 ----D---- C:\Program Files\Common Files
2008-09-02 19:41:35 ----D---- C:\WINDOWS\system32\FxsTmp
2008-08-31 21:25:02 ----D---- C:\Program Files\Internet Explorer
2008-08-31 18:16:51 ----D---- C:\Documents and Settings\David Hamer\Application Data\Apple Computer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-09-04 10760]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-09-04 26952]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 GEARAspiWDM;GearAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2005-05-13 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2005-05-13 23545]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2005-04-21 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-05-31 25725]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-05-31 34845]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-05-31 4125]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-05-31 2241]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-05-31 86876]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-05-31 15069]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-05-31 6365]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-05-31 98716]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-05-31 100605]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-08-14 102208]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
R3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-06-09 840960]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [2004-03-24 4272]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2005-05-06 1339776]
S3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2006-03-01 618880]
S3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2005-05-06 47360]
S3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2005-05-06 36880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 USB_RNDIS;Belkin High-Speed Mode Wireless G USB Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbcm;USB Cable Modem 351000 NDIS Driver; C:\WINDOWS\system32\DRIVERS\usbcm.sys [2002-04-11 13335]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-04-26 104576]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 YMIDUSB;YAMAHA Corporation USB MIDI Driver; C:\WINDOWS\System32\Drivers\ymidusb.sys [2002-09-25 169984]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-02 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2008-09-04 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2008-09-04 49664]
R2 AvgCoreSvc;AVG7 Resident Shield Service; C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe [2008-09-04 192512]
R2 AVGFwSrv;AVG Firewall; C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe [2008-09-04 838656]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 202544]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-01-17 1174152]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-11 138168]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------






INFO.TXT

info.txt logfile of random's system information tool 1.04 2008-09-30 22:42:16

======Uninstall list======

-->"C:\Program Files\Creative\Sound Blaster Live! 24-bit\Program\Ctzapxx.EXE" /X /U /S
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Application Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDC3B433-099B-4082-B55A-909CC008CDF5}\Setup.exe" -l0x9
ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C5D7191-140A-11D6-B5A0-0050DA208A93}\SETUP.EXE" -l0x9 -uninst
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Belkin F5U249 Driver and Icon-->MsiExec.exe /I{E33A4D86-8941-41CB-9DF7-466FACB3ADF2}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BUFFALO Easy Backup Utility-->C:\WINDOWS\UN040622.EXE /U
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{26BDE7D8-93F0-4A07-AD47-1707DB417941} /l1033
Canon Camera Window for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}
Canon Internet Library for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F81FBFC-9A37-431F-9050-14B55485DF5A}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{16976C6C-F8D5-4317-9DE8-1F6352B66725}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.exe" -l0x9 /remove
Crown My Rooms in Colour 1.1-->C:\Program Files\Smart Panel\Uninst.exe
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CDE4CC8B-134B-421E-943C-90799E56F664}\setup.exe" -l0x9 -L0x9 /SMAINT
Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Picture Studio v3.0-->MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Encarta Research Organizer World English-->"C:\Program Files\Microsoft Encarta\Encarta Research Organizer WE\EROunins.exe" /uninstall
EPSON CardMonitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\SETUP.EXE" -l0x9 uninst
EPSON Copy Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
EPSON Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9DBEA589-5202-4504-90AE-97A73F139FE4}\setup.exe" -l0x9 MyUninstall
EPSON PhotoQuicker3.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x9 uninst
EPSON PhotoStarter3.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C48817E7-AA05-4151-A99D-1E1E550CE801}\SETUP.EXE" -l0x9 uninst
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\SETUP.EXE" -l0x9 UNINSTALL
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x9 Uninstall
ESCX5400 Copy Guide-->C:\Program Files\EPSON\ESCX5400\COPY_G\DOCUNINS.EXE
ESCX5400 Reference Guide-->C:\Program Files\EPSON\ESCX5400\REF_G\DOCUNINS.EXE
ESCX5400 Software Guide-->C:\Program Files\EPSON\ESCX5400\PQU_G\DOCUNINS.EXE
FinePixViewer Ver.4.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Guitar Pro 4 Demo-->MsiExec.exe /X{22C1B575-C746-46F2-80A3-EE9612AF5FAA}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
ImageMixer VCD2 for FinePix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934E9442-D305-4ACF-AD87-A6C11D677CB9}\setup.exe"
Intel® 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet for Wired Connections-->MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jasc Paint Shop Photo Album 5-->MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro Studio, Dell Editon-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
MAGICSTOMP-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E08ED408-E365-4273-AA07-257CD6CD70F8}\setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia 2000 World English-->"C:\Program Files\Microsoft Encarta\Encarta Encyclopedia 2000 WE\eeuninst.exe" /uninstall
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Natural Language Search-->"C:\Program Files\Microsoft Encarta\Encarta Encyclopedia 2000 WE\Nlq\Uninstall.exe" /uninstall
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RAW FILE CONVERTER LE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sky Broadband-->MsiExec.exe /I{14C35072-D7D0-4B29-B5BF-C94E426D77E9}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sound Blaster Live! 24-bit-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB481CC-F57C-4397-81A0-DADD22257047}\setup.exe" -l0x9
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Live Sign-in Assistant-->MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: AVG 7.5.523
FW: Norton Internet Worm Protection (disabled)
FW: AVG Firewall 7.5.500

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Sonic Shared;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

I'll let you digest the above....

Thanks again, David

#10 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 01 October 2008 - 02:57 AM

Hello Johannes1961

The infection Kaspersky found is in the Java cache. We will clean that.

The two suspicious items:
I suggest you open Outlook Express, and delete everything in the “sent items folder” and the “deleted items folder”

Please save these instructions in Notepad to your Desktop, or print them, for easy reference.

To Clear the Java Runtime Environment (JRE) cache, do this:
  • Click Start > Settings > Control Panel.
  • Double-click the Java icon.
    -The Java Control Panel appears.
  • Click "Settings" under Temporary Internet Files.
    -The Temporary Files Settings dialog box appears.
  • Click "Delete Files".
    -The Delete Temporary Files dialog box appears.
    -There are three options on this window to clear the cache.
    • Delete Files
    • View Applications
    • View Applets
  • Click "OK" on Delete Temporary Files window.
    -Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click "OK" on Temporary Files Settings window.
  • Close the Java Control Panel.
You can also view these instructions along with screenshots here.

Please download: CCleaner
Run the installer, and UNcheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
  • Double-click CCleaner
  • Click the Windows tab
  • The following should be selected by default, if not, please select:
    Posted Image
  • Click Options
  • Click the Advanced tab
  • Uncheck: Only delete files in Windows Temp folders older than 48 hrs
  • Click Cleaner (The picture of a broom)
  • Click Run Cleaner (bottom right)
  • A warning will pop-up. Click OK
  • Exit
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your Desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Plattform: "Windows".
  • Select your Language: "English".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your Desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
Also, note that the antivirus on your computer, AVG7, is outdated and has been replaced by AVG8-- however, AVG8 now bundles AVG Antispyware and some BHOs that really slow things down... I recommend uninstalling AVG7 and replacing it with either Avast! or Avira which is also excellent.

Finally, delete RSIT folder on the desktop.

Let me know if you have any further problems.


White Warrior

#11 Johannes1961

Johannes1961
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK

Posted 01 October 2008 - 08:31 AM

OK ran Kaperski again with my J: drive (external backup) connected this time :thumbsup:

Got the following:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, October 1, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, October 01, 2008 05:33:02
Records in database: 1278724
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
J:\

Scan statistics:
Files scanned: 118442
Threat name: 2
Infected objects: 1
Suspicious objects: 4
Duration of the scan: 01:58:37


File name / Threat name / Threats count
C:\Documents and Settings\Carrie Hamer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Java2SE.jar-29708241-3b5e41ce.zip Infected: Trojan-Downloader.Java.OpenConnection.ar 1
C:\Documents and Settings\David Hamer\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Ebay.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\David Hamer\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
J:\Backup(David Hamer)\6(Outlook)\10554e9b\Outlook1.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
J:\Backup(David Hamer)\6(Outlook)\106972fd\Outlook1.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1

The selected area was scanned.

Just note your comments re. AVG 7.5. Yeah, I've had real problems upgrading to 8 online and AVG seem reluctant to send me a cd. I've tried twice and both times the upgrade appears to hang! I left it for a several hours the second time before rebooting. AVG was not starting and would not start. SO I had to deistall the AVG and then reinstall from my existing 7.5 media..... Figured that I'd wait until I got a stable platform before deciding what to implement to increase my security.

It's a bit of a bummer as I enterred into a 2 year licence agreement with AVG earlier this year...

Do the products that you mention have firewall as well?

If we get all the stuff cleaned off the next job for me is to address all the programs loading & taking resource that I'm not bothered about. I noticed from the Hijack log there are quite a few that I don't want to load automatically on start up. Plus I want to get reid of the symantec core service if I can. Can you point me to threads for guidance on this or would I have to open another thread?

Thanks, David

Edited by Johannes1961, 01 October 2008 - 09:49 AM.


#12 Johannes1961

Johannes1961
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:21 PM

Posted 01 October 2008 - 04:41 PM

Ok - Cleared Java Cache

Ran CCleaner

Upgraded JRE as per instructions.

Didn't delete RSIT.

Ran Kapersky:

Output as follows:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, October 1, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, October 01, 2008 05:33:02
Records in database: 1278724
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
J:\

Scan statistics:
Files scanned: 118442
Threat name: 2
Infected objects: 1
Suspicious objects: 4
Duration of the scan: 01:58:37


File name / Threat name / Threats count
C:\Documents and Settings\Carrie Hamer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Java2SE.jar-29708241-3b5e41ce.zip Infected: Trojan-Downloader.Java.OpenConnection.ar 1
C:\Documents and Settings\David Hamer\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Ebay.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\David Hamer\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
J:\Backup(David Hamer)\6(Outlook)\10554e9b\Outlook1.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
J:\Backup(David Hamer)\6(Outlook)\106972fd\Outlook1.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1

The selected area was scanned.


I have deleted a whole stack of emails from both the active & archive folders and emptied deleted items. Still picking up the problem with Ebay.dbx.

Looking at this, I'm pretty sure it's a folder definition ... and I've deleted this folder from both the active and archive areas of Outlook. I use Outlook not Outlook Express is this where this problem might lie? How do I get access to folders in Express when I'm using Outlook?

Do I need to log in as user 'Carrie Hamer' to clear her Java Cache? I only did it from my own user account which has admin priviledges?

The references to J; are just backups of the Outlook/Express problem.

Thanks, David

#13 Johannes1961

Johannes1961
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:21 PM

Posted 01 October 2008 - 04:48 PM

FYI


RSIT log as follows:

Logfile of random's system information tool 1.04 (written by random/random)
Run by David Hamer at 2008-10-01 22:42:35
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 107 GB (71%) free of 149 GB
Total RAM: 1022 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:42:50, on 01/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Icons\SetIcon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David Hamer\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\David Hamer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bleepingcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-1008\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Carrie Hamer')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Carrie Hamer')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-1008\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all (User 'Carrie Hamer')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-1009\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Gracie Hamer')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-1010\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Ava Hamer')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-1014\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Admin')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-500\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Administrator')
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-501\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Guest')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-3921214351-744279095-824717259-1008 Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Carrie Hamer')
O4 - S-1-5-21-3921214351-744279095-824717259-1008 User Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Carrie Hamer')
O4 - S-1-5-21-3921214351-744279095-824717259-1009 Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Gracie Hamer')
O4 - S-1-5-21-3921214351-744279095-824717259-1009 User Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Gracie Hamer')
O4 - S-1-5-21-3921214351-744279095-824717259-1010 Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Ava Hamer')
O4 - S-1-5-21-3921214351-744279095-824717259-1010 User Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Ava Hamer')
O4 - S-1-5-21-3921214351-744279095-824717259-1014 Startup: BUFFALO EasyBackup.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe (User 'Admin')
O4 - Startup: BUFFALO Disk Backup Utility.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193003783740
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193003770833
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...003/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 14089 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Security Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{188E7BA6-D5CA-467B-8157-0BC7BA01C53B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 118844]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 323904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-05-11 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-09 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-05-11 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"CTSysVol"=C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"P17Helper"=Rundll32 P17.dll []
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-05-31 122941]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-09-01 180269]
"SetIcon"=C:\Program Files\Icons\SetIcon.exe [2002-12-16 39936]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-09-04 579584]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-26 1207080]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-26 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 []
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe [2008-07-08 2828184]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-09-01 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^David Hamer^Start Menu^Programs^Startup^BUFFALO Disk Backup Utility.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^David Hamer^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe []

C:\Documents and Settings\David Hamer\Start Menu\Programs\Startup
BUFFALO Disk Backup Utility.lnk - C:\Program Files\BUFFALO\HDBackup\HDBackup.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgwlntf]
C:\WINDOWS\system32\avgwlntf.dll [2008-09-04 9216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"NoDispCPL"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoViewOnDrive"=0
"NoStartMenuMorePrograms"=0
"StartMenuLogOff"=0
"NoDrives"=0
"NoToolbarCustomize"=0
"NoSetFolders"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4"
"C:\Program Files\BUFFALO\HDBackup\HDBackup.exe"="C:\Program Files\BUFFALO\HDBackup\HDBackup.exe:*:Enabled:BUFFALO Easy Backup to HD"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:MSN Messenger 7.5"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Disabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

======File associations======

.reg - open - regedit.exe "%1" %*

======List of files/folders created in the last 1 months======

2008-10-01 16:22:43 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-01 16:22:42 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-01 16:22:42 ----A---- C:\WINDOWS\system32\java.exe
2008-10-01 16:22:02 ----D---- C:\Program Files\Common Files\Java
2008-10-01 15:56:57 ----D---- C:\Program Files\CCleaner
2008-09-30 22:25:38 ----D---- C:\rsit
2008-09-27 12:51:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-15 16:50:05 ----D---- C:\Program Files\Trend Micro
2008-09-13 11:06:35 ----D---- C:\WINDOWS\Prefetch
2008-09-13 10:57:58 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-13 10:51:44 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-07 16:37:03 ----D---- C:\WINDOWS\system32\scripting
2008-09-07 16:37:02 ----D---- C:\WINDOWS\system32\en
2008-09-07 16:37:02 ----D---- C:\WINDOWS\l2schemas
2008-09-07 16:37:01 ----D---- C:\WINDOWS\system32\bits
2008-09-07 16:28:26 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2008-09-07 16:28:26 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\printui.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\oleaut32.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\ntdll.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\lsasrv.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\locator.exe
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\localspl.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\imagehlp.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\ftp.exe
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\format.com
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\cmd.exe
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\cacls.exe
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\autochk.exe
2008-09-07 16:27:44 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-09-07 16:27:43 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-09-07 16:27:43 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-09-07 16:27:43 ----A---- C:\WINDOWS\system32\services.exe
2008-09-07 16:27:43 ----A---- C:\WINDOWS\system32\schannel.dll
2008-09-07 16:27:43 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-09-07 16:27:43 ----A---- C:\WINDOWS\system32\savedump.exe
2008-09-07 16:27:43 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-09-07 16:27:43 ----A---- C:\WINDOWS\system32\samlib.dll
2008-09-07 16:27:43 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-09-07 16:27:43 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-09-07 16:27:43 ----A---- C:\WINDOWS\system32\rasman.dll
2008-09-07 16:27:42 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-09-07 16:27:42 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-09-07 16:27:42 ----A---- C:\WINDOWS\system32\smss.exe
2008-09-07 16:27:41 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-09-07 16:27:41 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-09-07 16:27:41 ----A---- C:\WINDOWS\system32\userinit.exe
2008-09-07 16:27:41 ----A---- C:\WINDOWS\system32\untfs.dll
2008-09-07 16:27:41 ----A---- C:\WINDOWS\system32\ulib.dll
2008-09-07 16:27:41 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-09-07 16:27:40 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-09-07 16:27:40 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-09-07 16:27:40 ----A---- C:\WINDOWS\system32\HAL.DLL
2008-09-07 16:27:17 ----D---- C:\WINDOWS\EHome
2008-09-07 09:48:34 ----A---- C:\WINDOWS\system32\wuauserv(5).dll
2008-09-07 09:48:34 ----A---- C:\WINDOWS\system32\wuauserv(2)(2).dll
2008-09-07 09:48:34 ----A---- C:\WINDOWS\system32\wscsvc(5).dll
2008-09-07 09:48:34 ----A---- C:\WINDOWS\system32\wscsvc(2)(2).dll
2008-09-07 09:48:34 ----A---- C:\WINDOWS\system32\winhttp(5).dll
2008-09-07 09:48:34 ----A---- C:\WINDOWS\system32\winhttp(2)(2).dll
2008-09-07 09:48:30 ----A---- C:\WINDOWS\system32\xpsp2res(2)(2).dll
2008-09-07 09:48:30 ----A---- C:\WINDOWS\system32\qmgr(2)(2).dll
2008-09-07 09:48:07 ----A---- C:\WINDOWS\explorer(5).exe
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\browser(5).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\browser(2)(2).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\basesrv(2)(2).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\authz(5).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\authz(2)(2).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\audiosrv(5).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\audiosrv(2)(2).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\atl(5).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\atl(2)(2).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\apphelp(2)(2).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\alrsvc(2)(2).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\alg(5).exe
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\alg(2)(2).exe
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\adsldpc(5).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\adsldpc(2)(2).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\actxprxy(5).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\activeds(5).dll
2008-09-07 09:48:05 ----A---- C:\WINDOWS\system32\activeds(2)(2).dll
2008-09-07 09:48:04 ----A---- C:\WINDOWS\system32\certcli(5).dll
2008-09-07 09:48:04 ----A---- C:\WINDOWS\system32\certcli(2)(2).dll
2008-09-07 09:48:04 ----A---- C:\WINDOWS\system32\catsrvut(2)(2).dll
2008-09-07 09:48:04 ----A---- C:\WINDOWS\system32\catsrv(2)(2).dll
2008-09-07 09:48:04 ----A---- C:\WINDOWS\system32\cabinet(5).dll
2008-09-07 09:48:04 ----A---- C:\WINDOWS\system32\cabinet(2)(2).dll
2008-09-07 09:48:04 ----A---- C:\WINDOWS\system32\browseui(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\davclnt(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\csrss(5).exe
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\csrss(2)(2).exe
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cscui(4).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cscdll(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cscdll(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cryptui(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cryptui(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cryptsvc(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cryptsvc(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cryptnet(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cryptdll(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cryptdll(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\crypt32(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\crypt32(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\credui(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\credui(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\comsvcs(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\comsvcs(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\comres(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\comres(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\colbact(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\colbact(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cnbjmon(4).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\clusapi(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\clusapi(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\clbcatq(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\clbcatq(2)(2).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cfgmgr32(5).dll
2008-09-07 09:48:03 ----A---- C:\WINDOWS\system32\cfgmgr32(2)(2).dll
2008-09-07 09:48:02 ----A---- C:\WINDOWS\system32\drprov(2)(2).dll
2008-09-07 09:48:02 ----A---- C:\WINDOWS\system32\dnsrslvr(5).dll
2008-09-07 09:48:02 ----A---- C:\WINDOWS\system32\dnsrslvr(2)(2).dll
2008-09-07 09:48:02 ----A---- C:\WINDOWS\system32\dnsapi(5).dll
2008-09-07 09:48:02 ----A---- C:\WINDOWS\system32\dnsapi(2)(2).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\hidserv(5).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\hidserv(2)(2).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\hid(5).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\hid(2)(2).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\gdi32(2)(2).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\fxsmon(4).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\fxsevent(4).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\eventlog(5).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\eventlog(2)(2).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\esent(5).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\esent(2)(2).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\es(5).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\es(2)(2).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\ersvc(5).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\ersvc(2)(2).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\duser(2)(2).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\dssenh(5).dll
2008-09-07 09:48:01 ----A---- C:\WINDOWS\system32\dssenh(2)(2).dll
2008-09-07 09:48:00 ----A---- C:\WINDOWS\system32\inetpp(4).dll
2008-09-07 09:48:00 ----A---- C:\WINDOWS\system32\imm32(2)(2).dll
2008-09-07 09:48:00 ----A---- C:\WINDOWS\system32\icaapi(5).dll
2008-09-07 09:48:00 ----A---- C:\WINDOWS\system32\icaapi(2)(2).dll
2008-09-07 09:48:00 ----A---- C:\WINDOWS\system32\hnetcfg(5).dll
2008-09-07 09:48:00 ----A---- C:\WINDOWS\system32\hnetcfg(2)(2).dll
2008-09-07 09:47:59 ----A---- C:\WINDOWS\system32\lsass(5).exe
2008-09-07 09:47:59 ----A---- C:\WINDOWS\system32\lsass(2)(2).exe
2008-09-07 09:47:59 ----A---- C:\WINDOWS\system32\logonui(2)(2).exe
2008-09-07 09:47:59 ----A---- C:\WINDOWS\system32\kerberos(5).dll
2008-09-07 09:47:59 ----A---- C:\WINDOWS\system32\kerberos(2)(2).dll
2008-09-07 09:47:59 ----A---- C:\WINDOWS\system32\itss(2)(2).dll
2008-09-07 09:47:59 ----A---- C:\WINDOWS\system32\ipsecsvc(4).dll
2008-09-07 09:47:59 ----A---- C:\WINDOWS\system32\ipnathlp(5).dll
2008-09-07 09:47:59 ----A---- C:\WINDOWS\system32\ipnathlp(2)(2).dll
2008-09-07 09:47:59 ----A---- C:\WINDOWS\system32\iphlpapi(5).dll
2008-09-07 09:47:59 ----A---- C:\WINDOWS\system32\iphlpapi(2)(2).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\msgina(2)(2).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\mscms(4).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\msasn1(5).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\msasn1(2)(2).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\msapsspc(2).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\msacm32(5).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\msacm32(2)(2).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\mprapi(5).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\mprapi(2)(2).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\mpr(5).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\mpr(2)(2).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\modemui(2)(2).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\mlang(2)(2).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\midimap(5).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\midimap(2)(2).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\mfcsubs(2)(2).dll
2008-09-07 09:47:58 ----A---- C:\WINDOWS\system32\mfc42(4).dll
2008-09-07 09:47:57 ----A---- C:\WINDOWS\system32\msimg32(5).dll
2008-09-07 09:47:57 ----A---- C:\WINDOWS\system32\msimg32(2)(2).dll
2008-09-07 09:47:57 ----A---- C:\WINDOWS\system32\msidle(5).dll
2008-09-07 09:47:57 ----A---- C:\WINDOWS\system32\msidle(2)(2).dll
2008-09-07 09:47:57 ----A---- C:\WINDOWS\system32\msi(2)(2).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\mswsock(5).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\mswsock(2)(2).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\msvcrt40(2).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\msvcrt(5).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\msvcrt(2)(2).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\msvcp60(5).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\msvcp60(2)(2).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\mstlsapi(5).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\mstlsapi(2)(2).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\msprivs(5).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\msprivs(2)(2).dll
2008-09-07 09:47:56 ----A---- C:\WINDOWS\system32\mspatcha(4).dll
2008-09-07 09:47:55 ----A---- C:\WINDOWS\system32\netcfgx(5).dll
2008-09-07 09:47:55 ----A---- C:\WINDOWS\system32\netcfgx(2)(2).dll
2008-09-07 09:47:55 ----A---- C:\WINDOWS\system32\netapi32(5).dll
2008-09-07 09:47:55 ----A---- C:\WINDOWS\system32\netapi32(2)(2).dll
2008-09-07 09:47:55 ----A---- C:\WINDOWS\system32\nddeapi(5).dll
2008-09-07 09:47:55 ----A---- C:\WINDOWS\system32\nddeapi(2)(2).dll
2008-09-07 09:47:55 ----A---- C:\WINDOWS\system32\ncobjapi(2)(2).dll
2008-09-07 09:47:55 ----A---- C:\WINDOWS\system32\mtxclu(5).dll
2008-09-07 09:47:55 ----A---- C:\WINDOWS\system32\mtxclu(2)(2).dll
2008-09-07 09:47:55 ----A---- C:\WINDOWS\system32\msxml3(4).dll
2008-09-07 09:47:55 ----A---- C:\WINDOWS\system32\msxml3(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\pjlmon(4).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\olecli32(5).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\olecli32(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\ole32(5).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\ole32(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\odbcint(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\odbc32(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\oakley(4).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\ntmarta(5).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\ntmarta(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\ntlanman(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\ntdsapi(5).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\ntdsapi(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\newdev(4).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\netui1(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\netui0(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\netshell(5).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\netshell(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\netrap(5).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\netrap(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\netman(5).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\netman(2)(2).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\netlogon(5).dll
2008-09-07 09:47:54 ----A---- C:\WINDOWS\system32\netlogon(2)(2).dll
2008-09-07 09:47:53 ----A---- C:\WINDOWS\system32\psapi(5).dll
2008-09-07 09:47:53 ----A---- C:\WINDOWS\system32\psapi(2)(2).dll
2008-09-07 09:47:53 ----A---- C:\WINDOWS\system32\profmap(5).dll
2008-09-07 09:47:53 ----A---- C:\WINDOWS\system32\profmap(2)(2).dll
2008-09-07 09:47:53 ----A---- C:\WINDOWS\system32\powrprof(5).dll
2008-09-07 09:47:53 ----A---- C:\WINDOWS\system32\powrprof(2)(2).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\regapi(5).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\regapi(2)(2).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\rastls(5).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\rastls(2)(2).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\rasppp(5).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\rasppp(2)(2).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\rasmans(5).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\rasmans(2)(2).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\raschap(5).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\raschap(2)(2).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\rasadhlp(5).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\rasadhlp(2)(2).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\qmgrprxy(5).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\qmgrprxy(2)(2).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\pstorsvc(5).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\pstorsvc(2)(2).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\psbase(5).dll
2008-09-07 09:47:52 ----A---- C:\WINDOWS\system32\psbase(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\sfc_os(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\sfc_os(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\sfc(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\sfc(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\sensapi(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\sensapi(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\sens(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\sens(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\secur32(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\secur32(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\seclogon(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\seclogon(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\scrrun(3).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\sclgntfy(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\schedsvc(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\schedsvc(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\scesrv(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\scesrv(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\scecli(4).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\rtutils(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\rtutils(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\rsaenh(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\rsaenh(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\rpcss(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\rpcss(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\rpcrt4(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\rpcrt4(2)(2).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\resutils(5).dll
2008-09-07 09:47:51 ----A---- C:\WINDOWS\system32\resutils(2)(2).dll
2008-09-07 09:47:50 ----A---- C:\WINDOWS\system32\shdocvw(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\tapi32(5).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\tapi32(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\sxs(5).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\sxs(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\svchost(5).exe
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\svchost(2)(2).exe
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\ssdpsrv(5).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\ssdpsrv(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\ssdpapi(5).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\ssdpapi(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\srsvc(5).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\srsvc(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\srrstr(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\srclient(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\spoolsv(4).exe
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\spoolss(4).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\shsvcs(5).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\shsvcs(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\shlwapi(6).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\shlwapi(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\shimeng(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\shgina(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\shfolder(5).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\shfolder(2)(2).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\shell32(5).dll
2008-09-07 09:47:49 ----A---- C:\WINDOWS\system32\shell32(2)(2).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\uxtheme(5).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\uxtheme(2)(2).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\userenv(2)(2).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\user32(2)(2).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\usbmon(4).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\upnp(5).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\upnp(2)(2).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\uniplat(2)(2).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\unimdmat(2)(2).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\umpnpmgr(5).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\umpnpmgr(2)(2).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\trkwks(5).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\trkwks(2)(2).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\themeui(4).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\termsrv(5).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\termsrv(2)(2).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\tcpmon(4).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\tapisrv(5).dll
2008-09-07 09:47:48 ----A---- C:\WINDOWS\system32\tapisrv(2)(2).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\winlogon(2)(2).exe
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\winipsec(5).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\winipsec(2)(2).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\wiaservc(4).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\webclnt(5).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\webclnt(2)(2).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\wdigest(5).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\wdigest(2)(2).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\w32time(5).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\w32time(2)(2).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\vssapi(5).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\vssapi(2)(2).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\version(5).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\version(2)(2).dll
2008-09-07 09:47:47 ----A---- C:\WINDOWS\system32\vbscript(4).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wzcsvc(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wzcsvc(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wzcsapi(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wzcsapi(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wtsapi32(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wtsapi32(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wsock32(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wsock32(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wshtcpip(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wshtcpip(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\ws2help(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\ws2help(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\ws2_32(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\ws2_32(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wow32(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wow32(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wmi(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wmi(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wlnotify(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wlnotify(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wldap32(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wldap32(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wintrust(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\wintrust(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\winsta(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\winsrv(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\winscard(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\winscard(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\winrnr(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\winrnr(2)(2).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\winmm(5).dll
2008-09-07 09:47:46 ----A---- C:\WINDOWS\system32\winmm(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\setupapi(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\services(2)(2).exe
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\schannel(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\samsrv(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\samlib(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\rastapi(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\rasman(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\rasdlg(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\rasapi32(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\olecnv32(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\oleaut32(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\ntlsapi(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\ntdll(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\msv1_0(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\lsasrv(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\lmhsvc(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\kernel32(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\imagehlp(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\dhcpcsvc(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\csrsrv(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\comdlg32(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\comctl32(2)(2).dll
2008-09-07 09:47:45 ----A---- C:\WINDOWS\system32\advapi32(2)(2).dll
2008-09-07 09:47:44 ----A---- C:\WINDOWS\system32\srvsvc(2)(2).dll
2008-09-07 09:47:44 ----A---- C:\WINDOWS\system32\smss(2)(2).exe
2008-09-07 09:47:42 ----A---- C:\WINDOWS\system32\wkssvc(2)(2).dll
2008-09-04 07:49:40 ----A---- C:\WINDOWS\system32\avgwlntf.dll
2008-09-04 07:49:40 ----A---- C:\WINDOWS\system32\avgfwafu.dll
2008-09-04 07:49:16 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-03 22:31:10 ----D---- C:\WINDOWS\F34D9A5F484A4E31A9D3908CB265B289.TMP
2008-09-03 22:28:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-03 22:28:18 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2008-09-03 20:08:34 ----D---- C:\WINDOWS\system32\logs
2008-09-03 20:08:28 ----D---- C:\Documents and Settings\David Hamer\Application Data\BitDefender
2008-09-03 20:07:41 ----D---- C:\Program Files\BitDefender
2008-09-03 20:07:41 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-09-03 20:04:58 ----D---- C:\Program Files\Common Files\BitDefender
2008-09-02 19:42:09 ----D---- C:\Program Files\Lavasoft
2008-09-02 19:42:09 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

======List of files/folders modified in the last 1 months======

2008-10-01 22:10:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-01 16:28:49 ----D---- C:\WINDOWS\Temp
2008-10-01 16:28:25 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-01 16:27:00 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2008-10-01 16:26:06 ----D---- C:\WINDOWS
2008-10-01 16:22:45 ----D---- C:\Config.Msi
2008-10-01 16:22:43 ----D---- C:\WINDOWS\system32
2008-10-01 16:22:42 ----D---- C:\Program Files\Java
2008-10-01 16:22:06 ----SHD---- C:\WINDOWS\Installer
2008-10-01 16:22:02 ----D---- C:\Program Files\Common Files
2008-10-01 15:58:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-01 15:58:38 ----D---- C:\WINDOWS\Debug
2008-10-01 15:58:36 ----D---- C:\WINDOWS\Minidump
2008-10-01 15:56:57 ----RD---- C:\Program Files
2008-10-01 13:57:06 ----RHD---- C:\$VAULT$.AVG
2008-10-01 13:57:04 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2008-09-30 22:55:51 ----D---- C:\Documents and Settings\David Hamer\Application Data\AVG7
2008-09-30 07:59:10 ----D---- C:\Downloads
2008-09-30 07:55:02 ----A---- C:\ASLog.txt
2008-09-30 07:49:34 ----A---- C:\WINDOWS\win.ini
2008-09-30 07:14:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-27 19:56:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-27 19:45:43 ----SD---- C:\WINDOWS\Tasks
2008-09-27 15:43:11 ----D---- C:\Program Files\SUPERAntiSpyware
2008-09-27 15:42:10 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-27 15:17:20 ----D---- C:\WINDOWS\system32\drivers
2008-09-24 19:33:42 ----D---- C:\Program Files\ACT
2008-09-16 20:46:15 ----D---- C:\Documents and Settings
2008-09-16 20:46:15 ----D---- C:\dell
2008-09-14 10:29:56 ----D---- C:\WINDOWS\system32\Macromed
2008-09-13 19:13:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-13 19:13:36 ----HD---- C:\WINDOWS\inf
2008-09-13 11:05:53 ----D---- C:\WINDOWS\system32\Setup
2008-09-13 11:05:53 ----D---- C:\WINDOWS\AppPatch
2008-09-13 11:05:52 ----RSD---- C:\WINDOWS\Fonts
2008-09-13 11:05:52 ----D---- C:\WINDOWS\system32\wbem
2008-09-13 11:05:12 ----D---- C:\WINDOWS\security
2008-09-13 11:03:16 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-13 11:01:03 ----D---- C:\WINDOWS\WinSxS
2008-09-13 11:00:58 ----D---- C:\Program Files\Messenger
2008-09-13 11:00:56 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-09-13 11:00:53 ----D---- C:\WINDOWS\network diagnostic
2008-09-13 11:00:53 ----D---- C:\WINDOWS\ime
2008-09-13 11:00:53 ----D---- C:\WINDOWS\Help
2008-09-13 11:00:39 ----D---- C:\WINDOWS\system32\usmt
2008-09-13 11:00:39 ----D---- C:\WINDOWS\system32\en-US
2008-09-13 11:00:36 ----D---- C:\WINDOWS\PeerNet
2008-09-13 11:00:36 ----D---- C:\Program Files\Movie Maker
2008-09-13 10:57:53 ----D---- C:\WINDOWS\system32\Restore
2008-09-13 10:57:53 ----D---- C:\WINDOWS\system32\npp
2008-09-13 10:57:51 ----D---- C:\WINDOWS\msagent
2008-09-13 10:57:49 ----D---- C:\WINDOWS\srchasst
2008-09-13 10:57:48 ----D---- C:\Program Files\NetMeeting
2008-09-13 10:57:46 ----D---- C:\WINDOWS\system32\Com
2008-09-13 10:57:43 ----D---- C:\Program Files\Windows Media Player
2008-09-13 10:57:42 ----D---- C:\Program Files\Windows NT
2008-09-13 10:57:42 ----D---- C:\Program Files\Outlook Express
2008-09-13 10:57:38 ----D---- C:\Program Files\Common Files\System
2008-09-13 10:57:21 ----D---- C:\WINDOWS\system32\oobe
2008-09-13 10:57:18 ----D---- C:\WINDOWS\system
2008-09-13 10:54:19 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-07 11:02:22 ----D---- C:\WINDOWS\system32\config
2008-09-07 11:02:05 ----D---- C:\WINDOWS\Registration
2008-09-06 16:10:32 ----SHD---- C:\System Volume Information
2008-09-05 21:29:35 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-09-05 21:20:52 ----D---- C:\Program Files\OpenOffice.org 2.0
2008-09-04 07:27:29 ----A---- C:\WINDOWS\orun32.ini
2008-09-03 22:28:43 ----D---- C:\Program Files\Registry Mechanic
2008-09-02 19:41:35 ----D---- C:\WINDOWS\system32\FxsTmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-09-04 10760]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-09-04 26952]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 GEARAspiWDM;GearAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2005-05-13 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2005-05-13 23545]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2005-04-21 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-05-31 25725]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-05-31 34845]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-05-31 4125]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-05-31 2241]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-05-31 86876]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-05-31 15069]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-05-31 6365]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-05-31 98716]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-05-31 100605]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-08-14 102208]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
R3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-06-09 840960]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [2004-03-24 4272]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2005-05-06 1339776]
S3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2006-03-01 618880]
S3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2005-05-06 47360]
S3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2005-05-06 36880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 USB_RNDIS;Belkin High-Speed Mode Wireless G USB Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbcm;USB Cable Modem 351000 NDIS Driver; C:\WINDOWS\system32\DRIVERS\usbcm.sys [2002-04-11 13335]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-04-26 104576]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 YMIDUSB;YAMAHA Corporation USB MIDI Driver; C:\WINDOWS\System32\Drivers\ymidusb.sys [2002-09-25 169984]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-02 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2008-09-04 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2008-09-04 49664]
R2 AvgCoreSvc;AVG7 Resident Shield Service; C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe [2008-09-04 192512]
R2 AVGFwSrv;AVG Firewall; C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe [2008-09-04 838656]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 202544]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-01-17 1174152]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-11 138168]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Info.txt

info.txt logfile of random's system information tool 1.04 2008-10-01 22:46:45

======Uninstall list======

-->"C:\Program Files\Creative\Sound Blaster Live! 24-bit\Program\Ctzapxx.EXE" /X /U /S
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Application Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDC3B433-099B-4082-B55A-909CC008CDF5}\Setup.exe" -l0x9
ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C5D7191-140A-11D6-B5A0-0050DA208A93}\SETUP.EXE" -l0x9 -uninst
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Belkin F5U249 Driver and Icon-->MsiExec.exe /I{E33A4D86-8941-41CB-9DF7-466FACB3ADF2}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BUFFALO Easy Backup Utility-->C:\WINDOWS\UN040622.EXE /U
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{26BDE7D8-93F0-4A07-AD47-1707DB417941} /l1033
Canon Camera Window for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}
Canon Internet Library for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F81FBFC-9A37-431F-9050-14B55485DF5A}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{16976C6C-F8D5-4317-9DE8-1F6352B66725}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.exe" -l0x9 /remove
Crown My Rooms in Colour 1.1-->C:\Program Files\Smart Panel\Uninst.exe
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CDE4CC8B-134B-421E-943C-90799E56F664}\setup.exe" -l0x9 -L0x9 /SMAINT
Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Picture Studio v3.0-->MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Encarta Research Organizer World English-->"C:\Program Files\Microsoft Encarta\Encarta Research Organizer WE\EROunins.exe" /uninstall
EPSON CardMonitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\SETUP.EXE" -l0x9 uninst
EPSON Copy Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
EPSON Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9DBEA589-5202-4504-90AE-97A73F139FE4}\setup.exe" -l0x9 MyUninstall
EPSON PhotoQuicker3.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x9 uninst
EPSON PhotoStarter3.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C48817E7-AA05-4151-A99D-1E1E550CE801}\SETUP.EXE" -l0x9 uninst
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\SETUP.EXE" -l0x9 UNINSTALL
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x9 Uninstall
ESCX5400 Copy Guide-->C:\Program Files\EPSON\ESCX5400\COPY_G\DOCUNINS.EXE
ESCX5400 Reference Guide-->C:\Program Files\EPSON\ESCX5400\REF_G\DOCUNINS.EXE
ESCX5400 Software Guide-->C:\Program Files\EPSON\ESCX5400\PQU_G\DOCUNINS.EXE
FinePixViewer Ver.4.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Guitar Pro 4 Demo-->MsiExec.exe /X{22C1B575-C746-46F2-80A3-EE9612AF5FAA}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
ImageMixer VCD2 for FinePix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934E9442-D305-4ACF-AD87-A6C11D677CB9}\setup.exe"
Intel® 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet for Wired Connections-->MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Jasc Paint Shop Photo Album 5-->MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro Studio, Dell Editon-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
MAGICSTOMP-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E08ED408-E365-4273-AA07-257CD6CD70F8}\setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia 2000 World English-->"C:\Program Files\Microsoft Encarta\Encarta Encyclopedia 2000 WE\eeuninst.exe" /uninstall
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Natural Language Search-->"C:\Program Files\Microsoft Encarta\Encarta Encyclopedia 2000 WE\Nlq\Uninstall.exe" /uninstall
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RAW FILE CONVERTER LE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sky Broadband-->MsiExec.exe /I{14C35072-D7D0-4B29-B5BF-C94E426D77E9}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sound Blaster Live! 24-bit-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB481CC-F57C-4397-81A0-DADD22257047}\setup.exe" -l0x9
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Live Sign-in Assistant-->MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: AVG 7.5.523
FW: Norton Internet Worm Protection (disabled)
FW: AVG Firewall 7.5.500

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Sonic Shared;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

#14 Johannes1961

Johannes1961
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK

Posted 02 October 2008 - 01:40 AM

I also tried logging in to my wife's user account 'Carrie Hamer'. All appeared in order at first. The desktop wasn't 'blinking' and I appeared to have control. Then I noticed that the START menu is incomplete. On the righthandside it's missing Control Panel, Run, Search, Help, My Computer and My Documents. The only option available is Set Program Access & Defaults.

Thanks, David

Edited by Johannes1961, 02 October 2008 - 01:40 AM.


#15 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 03 October 2008 - 01:47 AM

Hello Johannes1961

Please save these instructions in Notepad to your Desktop, or print them, for easy reference.

First of all, we’ll run a scan with a different scanner and see what it finds.

How do I get access to folders in Express when I'm using Outlook?


You can still access Outlook Express. Just open the program.

Do the products that you mention have firewall as well?


No they don’t.

For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls

Do I need to log in as user 'Carrie Hamer' to clear her Java Cache?


No. There is only one Java cache on the computer, and that has been cleaned.

If we get all the stuff cleaned off the next job for me is to address all the programs loading & taking resource that I'm not bothered about. I noticed from the Hijack log there are quite a few that I don't want to load automatically on start up. Plus I want to get reid of the symantec core service if I can. Can you point me to threads for guidance on this or would I have to open another thread?


I will include a list of programs which can be disabled in the HijackThis fixes.

Then I noticed that the START menu is incomplete.


Please try this:

Right click on the task bar>>properties>>start menu>>customize>>advanced>>scroll down the list and check everything you want to show in the start menu.
When you are finished, click OK, then reboot the computer.

If that did not work, then see here:
When merging reg files: double click the file>>choose Yes and OK and reboot afterwards.

Run

Search

Control Panel

Help

My Computer

My Documents

Now, please re-open HijackThis and choose Do a system scan only. Check the boxes next to ONLY the entries listed below:

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-21-3921214351-744279095-824717259-1008\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all (User 'Carrie Hamer')


Now close all windows other than HijackThis, including browsers, so that nothing other than HijackThis is open, then click Fix checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Reboot the computer.

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
Please Post:

Bit Defender Report
A new HJT log.


White Warrior




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users