Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

intervalhehehe nightmare


  • This topic is locked This topic is locked
3 replies to this topic

#1 magistix

magistix

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 29 November 2008 - 10:18 AM

hey, my friend was helping me download winrar for some world of warcraft add-ons, and the site we got it from said it was free. So we downloaded it, and it seemed to be ok, except every five minutes or so this pop-up came up saying "intervalhehehe!!!intervalhehehe!!!", so we uninstalled winrar and did a scan using spybot s&d, and it went away.

However, everytime i open the internet now, the hompage (google) comes up as one of those pages that say webpage can't be found, with the red links and stuff, and in japanese. I try to access google via the url, and it comes up with an advert saying i've been attacked by hijackers, and to run a scan and buy the product. This happens everytime i run google, youtube, myspace, facebook and probably many other sites. I've tried downloading other anti spyware programs, but non onf them are detecting anything.

Here are the reports from RSIT -

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-11-29 15:07:35
Microsoft® Windows Vista™ Home Premium
System drive C: has 18 GB (17%) free of 105 GB
Total RAM: 2047 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07:55, on 29/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Owner\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.google.com
O1 - Hosts: 61.157.217.210 www.google.co.uk
O1 - Hosts: 61.157.217.210 www.myspace.com
O1 - Hosts: 61.157.217.210 www.youtube.com
O1 - Hosts: 61.157.217.210 www.facebook.com
O1 - Hosts: 61.157.217.210 www.live.com
O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.yahoo.co.uk
O1 - Hosts: 61.157.217.210 www.antispyware.com
O1 - Hosts: 61.157.217.210 antispyware.com
O1 - Hosts: 61.157.217.210 antispy.com
O1 - Hosts: 61.157.217.210 www.msn.com
O1 - Hosts: 204.16.197.121 www.asfvb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.3.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.657.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.34.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.45.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.asdv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvtrv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.g.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 61.157.217.210 www.antispy.com
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [BMISR] C:\Program Files\KYE\WebMate\BM.exe
O4 - HKLM\..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [explore] C:\Windows\system32\explore.exe
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 13235 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{30D4D86D-6D5E-46B5-8D36-6E647781F122}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-27 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-11-24 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-09-03 1006264]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-02-21 1183744]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2007-05-08 331552]
"PTHOSTTR"=C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-07 833072]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-05-11 472632]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-10 317128]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-06-05 71176]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-06-11 163840]
"HP Software Update"=c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-02-18 51048]
"osCheck"=C:\Program Files\Norton 360\osCheck.exe [2008-02-26 988512]
"BMISR"=C:\Program Files\KYE\WebMate\BM.exe []
"PAC207_Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"explore"=C:\Windows\system32\explore.exe []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"=C:\Windows\SMINST\launcher.exe [2007-06-06 44168]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-11-26 1232896]
"WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2006-11-02 2159104]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-04-19 484904]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
C:\Windows\system32\DeviceNP.dll [2007-06-08 49152]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2644cf70-bb0d-11dd-beec-001e370204b9}]
shell\Auto\command - setup.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9b7e442-ba54-11dd-9af5-001e370204b9}]
shell\Auto\command - G:\setup.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\setup.exe


======List of files/folders created in the last 1 months======

2008-11-29 11:00:29 ----D---- C:\rsit
2008-11-29 10:47:17 ----D---- C:\Program Files\Trend Micro
2008-11-29 10:42:32 ----D---- C:\Users\Owner\AppData\Roaming\Malwarebytes
2008-11-29 10:41:58 ----D---- C:\ProgramData\Malwarebytes
2008-11-29 10:41:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-29 10:34:19 ----D---- C:\Program Files\RogueRemover FREE
2008-11-29 10:30:31 ----A---- C:\Windows\system32\VACFix.exe
2008-11-29 10:30:27 ----A---- C:\Windows\system32\WS2Fix.exe
2008-11-29 10:30:25 ----A---- C:\Windows\system32\VCCLSID.exe
2008-11-29 10:30:25 ----A---- C:\Windows\system32\swxcacls.exe
2008-11-29 10:30:25 ----A---- C:\Windows\system32\dumphive.exe
2008-11-29 10:30:24 ----A---- C:\Windows\system32\swsc.exe
2008-11-29 10:30:24 ----A---- C:\Windows\system32\SrchSTS.exe
2008-11-29 10:30:23 ----A---- C:\Windows\system32\swreg.exe
2008-11-29 10:30:23 ----A---- C:\Windows\system32\Process.exe
2008-11-29 10:30:05 ----D---- C:\Windows\system32\SmitfraudFix
2008-11-28 22:51:33 ----AD---- C:\ProgramData\TEMP
2008-11-28 22:51:25 ----D---- C:\Program Files\SpywareBlaster
2008-11-28 17:15:00 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-11-28 17:15:00 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-28 16:44:01 ----D---- C:\Users\Owner\AppData\Roaming\WinRAR
2008-11-28 16:32:10 ----D---- C:\Windows\SQL9_KB948109_ENU
2008-11-27 18:02:21 ----D---- C:\Program Files\Common Files\xing shared
2008-11-27 18:02:08 ----A---- C:\Windows\system32\rmoc3260.dll
2008-11-27 18:02:01 ----A---- C:\Windows\system32\pndx5032.dll
2008-11-27 18:02:01 ----A---- C:\Windows\system32\pndx5016.dll
2008-11-27 18:01:59 ----A---- C:\Windows\system32\pncrt.dll
2008-11-27 18:01:59 ----A---- C:\Windows\system32\msvcr71.dll
2008-11-27 18:01:54 ----D---- C:\Program Files\Common Files\Real
2008-11-27 18:01:48 ----D---- C:\Program Files\Real
2008-11-27 17:56:34 ----D---- C:\Users\Owner\AppData\Roaming\Real
2008-11-27 15:30:52 ----A---- C:\Windows\system32\riched32.dll
2008-11-27 15:30:52 ----A---- C:\Windows\system32\riched20.dll
2008-11-27 15:30:48 ----A---- C:\Windows\system32\rasser.dll
2008-11-27 15:30:48 ----A---- C:\Windows\system32\rasdiag.dll
2008-11-27 15:30:48 ----A---- C:\Windows\system32\rascfg.dll
2008-11-27 15:30:47 ----A---- C:\Windows\system32\rasmxs.dll
2008-11-27 15:30:47 ----A---- C:\Windows\system32\netcfgx.dll
2008-11-27 15:30:47 ----A---- C:\Windows\system32\msftedit.dll
2008-11-27 15:30:46 ----A---- C:\Windows\system32\ipnathlp.dll
2008-11-27 15:30:46 ----A---- C:\Windows\system32\icsunattend.exe
2008-11-27 15:30:45 ----A---- C:\Windows\system32\wshqos.dll
2008-11-27 15:30:45 ----A---- C:\Windows\system32\traffic.dll
2008-11-27 15:30:45 ----A---- C:\Windows\system32\pacerprf.dll
2008-11-27 15:30:45 ----A---- C:\Windows\system32\localspl.dll
2008-11-27 15:30:44 ----A---- C:\Windows\system32\dps.dll
2008-11-27 15:30:44 ----A---- C:\Windows\system32\cdd.dll
2008-11-27 15:30:09 ----A---- C:\Windows\system32\mcmde.dll
2008-11-27 15:30:08 ----A---- C:\Windows\system32\psisdecd.dll
2008-11-27 15:30:08 ----A---- C:\Windows\system32\EncDec.dll
2008-11-27 15:29:27 ----A---- C:\Windows\system32\es.dll
2008-11-27 15:16:16 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2008-11-27 15:16:16 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2008-11-27 15:16:14 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2008-11-27 15:16:13 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2008-11-27 15:16:13 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2008-11-27 15:16:11 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2008-11-27 15:16:09 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2008-11-27 15:16:08 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2008-11-27 15:16:05 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2008-11-27 15:16:02 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2008-11-27 15:15:59 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2008-11-27 15:15:58 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2008-11-27 15:15:57 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2008-11-27 15:15:55 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2008-11-27 15:15:54 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2008-11-27 15:15:51 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2008-11-27 15:15:46 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2008-11-27 15:15:44 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2008-11-27 15:15:43 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2008-11-27 15:15:39 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-11-27 15:15:37 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-11-27 15:15:35 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2008-11-27 15:15:35 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2008-11-27 15:15:31 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2008-11-27 15:15:29 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2008-11-27 15:15:24 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2008-11-27 15:15:23 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2008-11-27 15:15:21 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2008-11-27 15:15:19 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2008-11-27 15:15:17 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2008-11-27 15:15:10 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2008-11-27 15:15:09 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2008-11-27 15:15:08 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2008-11-27 15:15:05 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2008-11-27 15:15:02 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2008-11-27 15:15:01 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2008-11-27 15:14:58 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2008-11-27 15:14:56 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2008-11-27 15:14:54 ----A---- C:\Windows\system32\NlsModels0011.dll
2008-11-27 15:14:52 ----A---- C:\Windows\system32\NlsData0045.dll
2008-11-27 15:14:51 ----A---- C:\Windows\system32\NlsData0046.dll
2008-11-27 15:14:50 ----A---- C:\Windows\system32\NlsData0047.dll
2008-11-27 15:14:48 ----A---- C:\Windows\system32\NlsData0049.dll
2008-11-27 15:14:47 ----A---- C:\Windows\system32\NlsData0039.dll
2008-11-27 15:14:45 ----A---- C:\Windows\system32\NlsData0020.dll
2008-11-27 15:14:43 ----A---- C:\Windows\system32\NlsData0021.dll
2008-11-27 15:14:42 ----A---- C:\Windows\system32\NlsData0022.dll
2008-11-27 15:14:41 ----A---- C:\Windows\system32\NlsData0024.dll
2008-11-27 15:14:39 ----A---- C:\Windows\system32\NlsData0026.dll
2008-11-27 15:14:38 ----A---- C:\Windows\system32\NlsData0027.dll
2008-11-27 15:14:35 ----A---- C:\Windows\system32\NlsData0010.dll
2008-11-27 15:14:30 ----A---- C:\Windows\system32\NlsData0011.dll
2008-11-27 15:14:26 ----A---- C:\Windows\system32\NlsData0013.dll
2008-11-27 15:14:23 ----A---- C:\Windows\system32\NlsData0018.dll
2008-11-27 15:14:22 ----A---- C:\Windows\system32\NlsData0000.dll
2008-11-27 15:14:18 ----A---- C:\Windows\system32\NlsData0019.dll
2008-11-27 15:14:16 ----A---- C:\Windows\system32\NlsData0001.dll
2008-11-27 15:14:14 ----A---- C:\Windows\system32\NlsData0002.dll
2008-11-27 15:14:13 ----A---- C:\Windows\system32\NlsData0007.dll
2008-11-27 15:14:13 ----A---- C:\Windows\system32\NlsData0003.dll
2008-11-27 15:14:11 ----A---- C:\Windows\system32\NlsData0009.dll
2008-11-27 15:14:09 ----A---- C:\Windows\system32\NlsData004a.dll
2008-11-27 15:14:07 ----A---- C:\Windows\system32\NlsData004b.dll
2008-11-27 15:14:05 ----A---- C:\Windows\system32\NlsData004c.dll
2008-11-27 15:14:02 ----A---- C:\Windows\system32\NlsData004e.dll
2008-11-27 15:14:01 ----A---- C:\Windows\system32\NlsData003e.dll
2008-11-27 15:14:00 ----A---- C:\Windows\system32\NlsData002a.dll
2008-11-27 15:13:59 ----A---- C:\Windows\system32\NlsData001a.dll
2008-11-27 15:13:58 ----A---- C:\Windows\system32\NlsData001b.dll
2008-11-27 15:13:57 ----A---- C:\Windows\system32\NlsData001d.dll
2008-11-27 15:13:51 ----A---- C:\Windows\system32\NlsData000a.dll
2008-11-27 15:13:50 ----A---- C:\Windows\system32\NlsData000c.dll
2008-11-27 15:13:49 ----A---- C:\Windows\system32\NlsData000d.dll
2008-11-27 15:13:47 ----A---- C:\Windows\system32\NlsData000f.dll
2008-11-27 15:13:44 ----A---- C:\Windows\system32\NlsData0414.dll
2008-11-27 15:13:43 ----A---- C:\Windows\system32\NlsData0416.dll
2008-11-27 15:13:43 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-11-27 15:13:40 ----A---- C:\Windows\system32\NlsData0816.dll
2008-11-27 15:13:39 ----A---- C:\Windows\system32\NlsData081a.dll
2008-11-27 15:13:34 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2008-11-27 15:13:33 ----A---- C:\Windows\system32\NlsData0c1a.dll
2008-11-27 15:04:43 ----A---- C:\Windows\system32\schannel.dll
2008-11-27 15:04:43 ----A---- C:\Windows\system32\ntprint.exe
2008-11-27 15:04:43 ----A---- C:\Windows\system32\ntprint.dll
2008-11-27 15:04:39 ----A---- C:\Windows\system32\dhcpcsvc.dll
2008-11-27 15:04:39 ----A---- C:\Windows\system32\dhcpcmonitor.dll
2008-11-27 15:04:38 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2008-11-27 15:04:36 ----A---- C:\Windows\system32\authui.dll
2008-11-27 15:04:33 ----A---- C:\Windows\system32\msvfw32.dll
2008-11-27 15:04:33 ----A---- C:\Windows\system32\avicap32.dll
2008-11-27 15:04:32 ----A---- C:\Windows\system32\msvidc32.dll
2008-11-27 15:04:32 ----A---- C:\Windows\system32\msrle32.dll
2008-11-27 15:04:32 ----A---- C:\Windows\system32\mciavi32.dll
2008-11-27 15:04:32 ----A---- C:\Windows\system32\avifil32.dll
2008-11-27 15:04:31 ----A---- C:\Windows\system32\sendmail.dll
2008-11-26 18:27:25 ----D---- C:\ProgramData\Blizzard
2008-11-26 09:34:48 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-11-26 09:34:47 ----A---- C:\Windows\system32\winipsec.dll
2008-11-26 09:34:47 ----A---- C:\Windows\system32\polstore.dll
2008-11-26 09:34:47 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-11-26 09:33:29 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2008-11-26 09:33:29 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2008-11-26 09:33:29 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 09:32:06 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-11-26 09:32:00 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-11-26 09:32:00 ----A---- C:\Windows\system32\gameux.dll
2008-11-26 09:30:34 ----A---- C:\Windows\system32\msoeacct.dll
2008-11-26 09:30:34 ----A---- C:\Windows\system32\ACCTRES.dll
2008-11-26 09:30:33 ----A---- C:\Windows\system32\msoert2.dll
2008-11-26 09:29:02 ----A---- C:\Windows\system32\wtsapi32.dll
2008-11-26 09:28:57 ----A---- C:\Windows\explorer.exe
2008-11-26 09:28:55 ----A---- C:\Windows\system32\sysmain.dll
2008-11-26 09:28:52 ----A---- C:\Windows\system32\wlansvc.dll
2008-11-26 09:28:52 ----A---- C:\Windows\system32\wlanmsm.dll
2008-11-26 09:28:52 ----A---- C:\Windows\system32\wlanhlp.dll
2008-11-26 09:28:52 ----A---- C:\Windows\system32\wlanapi.dll
2008-11-26 09:28:51 ----A---- C:\Windows\system32\wlansec.dll
2008-11-26 09:27:38 ----A---- C:\Windows\system32\WebClnt.dll
2008-11-26 09:21:23 ----A---- C:\Windows\system32\shell32.dll
2008-11-26 09:14:25 ----A---- C:\Windows\system32\tzres.dll
2008-11-26 09:12:24 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2008-11-26 09:08:25 ----A---- C:\Windows\system32\wmpeffects.dll
2008-11-26 09:05:44 ----A---- C:\Windows\system32\msxml3r.dll
2008-11-26 09:05:44 ----A---- C:\Windows\system32\msxml3.dll
2008-11-26 09:04:41 ----A---- C:\Windows\system32\wmploc.DLL
2008-11-26 09:04:40 ----A---- C:\Windows\system32\wmp.dll
2008-11-26 09:04:39 ----A---- C:\Windows\system32\spwmp.dll
2008-11-26 09:04:38 ----A---- C:\Windows\system32\dxmasf.dll
2008-11-26 09:04:36 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2008-11-26 09:03:43 ----A---- C:\Windows\system32\FirewallAPI.dll
2008-11-26 09:03:42 ----A---- C:\Windows\system32\MPSSVC.dll
2008-11-26 09:03:41 ----A---- C:\Windows\system32\wfapigp.dll
2008-11-26 09:03:41 ----A---- C:\Windows\system32\icfupgd.dll
2008-11-26 09:03:41 ----A---- C:\Windows\system32\cmifw.dll
2008-11-26 09:03:40 ----A---- C:\Windows\system32\iphlpsvc.dll
2008-11-26 09:02:57 ----A---- C:\Windows\system32\netapi32.dll
2008-11-26 08:56:30 ----A---- C:\Windows\system32\tcpipcfg.dll
2008-11-26 08:56:30 ----A---- C:\Windows\system32\netcfg.exe
2008-11-26 08:56:29 ----A---- C:\Windows\system32\netiougc.exe
2008-11-26 08:54:29 ----A---- C:\Windows\system32\fsquirt.exe
2008-11-26 08:53:24 ----A---- C:\Windows\system32\setupapi.dll
2008-11-26 08:52:08 ----A---- C:\Windows\system32\srdelayed.exe
2008-11-26 08:52:08 ----A---- C:\Windows\system32\srcore.dll
2008-11-26 08:52:08 ----A---- C:\Windows\system32\srclient.dll
2008-11-26 08:52:08 ----A---- C:\Windows\system32\rstrui.exe
2008-11-26 08:52:07 ----A---- C:\Windows\system32\wpd_ci.dll
2008-11-26 08:52:06 ----A---- C:\Windows\system32\winresume.exe
2008-11-26 08:52:06 ----A---- C:\Windows\system32\winload.exe
2008-11-26 08:52:06 ----A---- C:\Windows\system32\kd1394.dll
2008-11-26 08:52:05 ----A---- C:\Windows\system32\ci.dll
2008-11-26 08:52:04 ----A---- C:\Windows\system32\drvinst.exe
2008-11-26 08:52:04 ----A---- C:\Windows\system32\cfgmgr32.dll
2008-11-26 08:52:03 ----A---- C:\Windows\system32\umpnpmgr.dll
2008-11-26 08:52:03 ----A---- C:\Windows\system32\dpx.dll
2008-11-26 08:52:02 ----A---- C:\Windows\system32\oleaut32.dll
2008-11-26 08:52:02 ----A---- C:\Windows\system32\nshhttp.dll
2008-11-26 08:52:02 ----A---- C:\Windows\system32\kbd106n.dll
2008-11-26 08:52:01 ----A---- C:\Windows\system32\unlodctr.exe
2008-11-26 08:52:01 ----A---- C:\Windows\system32\lodctr.exe
2008-11-26 08:52:01 ----A---- C:\Windows\system32\loadperf.dll
2008-11-26 08:52:00 ----A---- C:\Windows\system32\prflbmsg.dll
2008-11-26 08:51:58 ----A---- C:\Windows\system32\schedsvc.dll
2008-11-26 08:51:57 ----A---- C:\Windows\system32\f3ahvoas.dll
2008-11-26 08:51:57 ----A---- C:\Windows\system32\dispci.dll
2008-11-26 08:51:57 ----A---- C:\Windows\system32\batt.dll
2008-11-26 08:46:50 ----A---- C:\Windows\system32\WMASF.DLL
2008-11-26 08:46:50 ----A---- C:\Windows\system32\LAPRXY.DLL
2008-11-26 08:46:50 ----A---- C:\Windows\system32\asferror.dll
2008-11-26 08:44:32 ----A---- C:\Windows\system32\gdi32.dll
2008-11-26 08:43:45 ----A---- C:\Windows\system32\SLC.dll
2008-11-26 08:43:44 ----A---- C:\Windows\system32\slwmi.dll
2008-11-26 08:43:44 ----A---- C:\Windows\system32\mcbuilder.exe
2008-11-26 08:43:42 ----A---- C:\Windows\system32\SLUINotify.dll
2008-11-26 08:43:42 ----A---- C:\Windows\system32\SLUI.exe
2008-11-26 08:43:42 ----A---- C:\Windows\system32\SLLUA.exe
2008-11-26 08:43:42 ----A---- C:\Windows\system32\SLCommDlg.dll
2008-11-26 08:43:40 ----A---- C:\Windows\system32\SLsvc.exe
2008-11-26 08:43:40 ----A---- C:\Windows\system32\slcinst.dll
2008-11-26 08:42:48 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 08:42:48 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 08:42:47 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 08:41:16 ----A---- C:\Windows\system32\printcom.dll
2008-11-26 08:41:15 ----A---- C:\Windows\system32\win32spl.dll
2008-11-26 08:39:21 ----A---- C:\Windows\system32\wshrm.dll
2008-11-26 08:38:53 ----A---- C:\Windows\system32\sbunattend.exe
2008-11-26 08:37:57 ----A---- C:\Windows\system32\dnsrslvr.dll
2008-11-26 08:37:57 ----A---- C:\Windows\system32\dnscacheugc.exe
2008-11-26 08:37:57 ----A---- C:\Windows\system32\dnsapi.dll
2008-11-26 08:35:52 ----A---- C:\Windows\system32\rpcrt4.dll
2008-11-26 08:35:14 ----A---- C:\Windows\system32\INETRES.dll
2008-11-26 08:35:14 ----A---- C:\Windows\system32\inetcomm.dll
2008-11-26 08:34:49 ----A---- C:\Windows\system32\connect.dll
2008-11-26 08:34:18 ----A---- C:\Windows\system32\wmi.dll
2008-11-26 08:34:17 ----A---- C:\Windows\system32\imagehlp.dll
2008-11-26 08:33:16 ----A---- C:\Windows\system32\quartz.dll
2008-11-26 08:31:43 ----D---- C:\Program Files\MSXML 4.0
2008-11-26 08:30:15 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-11-26 08:30:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-11-26 08:29:51 ----A---- C:\Windows\system32\msxml6r.dll
2008-11-26 08:29:51 ----A---- C:\Windows\system32\msxml6.dll
2008-11-26 08:25:59 ----A---- C:\Windows\system32\ieapfltr.dll
2008-11-26 08:25:59 ----A---- C:\Windows\system32\advpack.dll
2008-11-26 08:25:58 ----A---- C:\Windows\system32\wininet.dll
2008-11-26 08:25:58 ----A---- C:\Windows\system32\jsproxy.dll
2008-11-26 08:25:58 ----A---- C:\Windows\system32\dxtrans.dll
2008-11-26 08:25:57 ----A---- C:\Windows\system32\dxtmsft.dll
2008-11-26 08:25:56 ----A---- C:\Windows\system32\ieui.dll
2008-11-26 08:25:55 ----A---- C:\Windows\system32\ieframe.dll
2008-11-26 08:25:52 ----A---- C:\Windows\system32\mshtmled.dll
2008-11-26 08:25:52 ----A---- C:\Windows\system32\mshtml.dll
2008-11-26 08:25:49 ----A---- C:\Windows\system32\mstime.dll
2008-11-26 08:25:48 ----A---- C:\Windows\system32\icardie.dll
2008-11-26 08:25:45 ----A---- C:\Windows\system32\ieUnatt.exe
2008-11-26 08:25:43 ----A---- C:\Windows\system32\urlmon.dll
2008-11-26 08:25:43 ----A---- C:\Windows\system32\pngfilt.dll
2008-11-26 08:25:42 ----A---- C:\Windows\system32\iertutil.dll
2008-11-26 08:25:41 ----A---- C:\Windows\system32\iesetup.dll
2008-11-26 08:25:41 ----A---- C:\Windows\system32\iernonce.dll
2008-11-26 08:25:41 ----A---- C:\Windows\system32\ie4uinit.exe
2008-11-26 08:24:20 ----A---- C:\Windows\system32\qmgr.dll
2008-11-25 17:25:38 ----D---- C:\Users\Owner\AppData\Roaming\Adobe
2008-11-24 23:21:50 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-11-24 23:21:45 ----D---- C:\Program Files\Windows Live
2008-11-24 23:20:02 ----D---- C:\ProgramData\WLInstaller
2008-11-24 23:17:58 ----D---- C:\Users\Owner\AppData\Roaming\Mozilla
2008-11-24 23:17:32 ----D---- C:\Program Files\Mozilla Firefox
2008-11-24 21:40:55 ----A---- C:\Windows\system32\GEARAspi.dll
2008-11-24 21:40:54 ----DC---- C:\Windows\system32\DRVSTORE
2008-11-24 21:40:53 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 21:29:40 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-11-24 20:35:31 ----D---- C:\ProgramData\Citrix
2008-11-24 18:28:37 ----D---- C:\Users\Owner\AppData\Roaming\Reallusion
2008-11-24 18:16:57 ----D---- C:\Program Files\Reallusion
2008-11-24 18:16:57 ----D---- C:\Program Files\Common Files\Reallusion
2008-11-24 18:12:29 ----A---- C:\Windows\system32\Remover.ini
2008-11-24 18:12:29 ----A---- C:\Windows\system32\Remove.exe
2008-11-24 18:12:28 ----A---- C:\Windows\system32\CoInst_071102.dll
2008-11-24 18:12:27 ----A---- C:\Windows\98Setup.exe
2008-11-24 18:12:23 ----A---- C:\Windows\system32\SP207.ini
2008-11-24 18:12:22 ----A---- C:\Windows\system32\P207USD.dll
2008-11-24 18:12:19 ----D---- C:\Windows\PixArt
2008-11-24 18:12:19 ----D---- C:\Program Files\Common Files\PAC207
2008-11-24 18:00:16 ----A---- C:\Windows\system32\msvcp71.dll
2008-11-24 18:00:07 ----D---- C:\Windows\Album
2008-11-24 18:00:06 ----D---- C:\Program Files\KYE
2008-11-24 17:37:20 ----A---- C:\Windows\system32\msonpmon.dll
2008-11-24 17:14:11 ----D---- C:\Users\Owner\AppData\Roaming\Symantec
2008-11-24 17:10:30 ----D---- C:\Program Files\Norton 360
2008-11-24 17:08:17 ----D---- C:\Program Files\Symantec
2008-11-24 17:02:17 ----D---- C:\ProgramData\Symantec
2008-11-22 16:00:59 ----A---- C:\Windows\system32\wups2.dll
2008-11-22 16:00:59 ----A---- C:\Windows\system32\wucltux.dll
2008-11-22 16:00:59 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-22 16:00:59 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-22 16:00:34 ----A---- C:\Windows\system32\wups.dll
2008-11-22 16:00:34 ----A---- C:\Windows\system32\wudriver.dll
2008-11-22 16:00:34 ----A---- C:\Windows\system32\wuapi.dll
2008-11-22 16:00:21 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-22 16:00:21 ----A---- C:\Windows\system32\wuapp.exe

======List of files/folders modified in the last 1 months======

2008-11-29 15:07:27 ----D---- C:\Windows\Temp
2008-11-29 15:05:53 ----D---- C:\Windows\Prefetch
2008-11-29 13:43:56 ----SHD---- C:\System Volume Information
2008-11-29 13:30:23 ----D---- C:\Windows\system32\catroot2
2008-11-29 13:30:23 ----D---- C:\Windows\system32\catroot
2008-11-29 13:28:03 ----D---- C:\Windows\winsxs
2008-11-29 10:47:17 ----RD---- C:\Program Files
2008-11-29 10:42:18 ----D---- C:\Windows\system32\drivers
2008-11-29 10:41:58 ----HD---- C:\ProgramData
2008-11-29 10:35:34 ----D---- C:\Windows\System32
2008-11-29 10:09:32 ----D---- C:\Windows\inf
2008-11-29 10:09:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-29 10:04:12 ----D---- C:\Windows\SMINST
2008-11-28 20:03:44 ----D---- C:\Windows\servicing
2008-11-28 17:42:31 ----SD---- C:\Users\Owner\AppData\Roaming\Microsoft
2008-11-28 16:38:03 ----SHD---- C:\Windows\Installer
2008-11-28 16:33:54 ----D---- C:\Program Files\Microsoft SQL Server
2008-11-28 16:32:10 ----D---- C:\Windows
2008-11-27 23:03:41 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-27 20:07:37 ----D---- C:\Windows\Microsoft.NET
2008-11-27 20:07:35 ----RSD---- C:\Windows\assembly
2008-11-27 19:58:31 ----D---- C:\Windows\system32\ras
2008-11-27 19:58:31 ----D---- C:\Windows\system32\icsxml
2008-11-27 19:58:31 ----D---- C:\Program Files\Windows Calendar
2008-11-27 19:58:29 ----D---- C:\Windows\ehome
2008-11-27 18:02:21 ----D---- C:\Program Files\Common Files
2008-11-27 17:55:38 ----D---- C:\Program Files\Internet Explorer
2008-11-27 15:30:34 ----D---- C:\ProgramData\Microsoft Help
2008-11-27 15:25:22 ----D---- C:\Program Files\Common Files\microsoft shared
2008-11-27 15:22:57 ----D---- C:\Windows\Registration
2008-11-27 15:00:46 ----A---- C:\Windows\win.ini
2008-11-26 15:35:50 ----D---- C:\Windows\system32\WDI
2008-11-26 09:53:51 ----ASH---- C:\Program Files\desktop.ini
2008-11-26 09:53:44 ----D---- C:\Windows\rescache
2008-11-26 09:46:28 ----D---- C:\Windows\AppPatch
2008-11-26 09:46:28 ----D---- C:\Program Files\Windows Mail
2008-11-26 09:46:27 ----D---- C:\Windows\system32\XPSViewer
2008-11-26 09:46:27 ----D---- C:\Windows\system32\wbem
2008-11-26 09:46:27 ----D---- C:\Program Files\Common Files\System
2008-11-26 09:46:24 ----D---- C:\Windows\system32\en-US
2008-11-26 09:46:24 ----D---- C:\Program Files\Windows Media Player
2008-11-26 09:46:22 ----D---- C:\Windows\system32\migration
2008-11-26 09:46:20 ----D---- C:\Windows\system32\SLUI
2008-11-26 09:46:19 ----D---- C:\Program Files\Windows Sidebar
2008-11-26 08:24:45 ----D---- C:\Windows\SoftwareDistribution
2008-11-25 21:12:56 ----D---- C:\Windows\system32\Tasks
2008-11-25 21:12:55 ----D---- C:\Windows\Tasks
2008-11-25 19:03:06 ----D---- C:\Windows\twain_32
2008-11-24 18:19:58 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-24 17:18:45 ----D---- C:\Windows\system32\NDF
2008-11-22 16:00:43 ----SD---- C:\ProgramData\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-11-20 371248]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081127.001\IDSvix86.sys [2008-10-03 270384]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2008-09-05 447024]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2008-02-01 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2008-06-13 24112]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 CO_Mon;CO_Mon; \??\C:\Windows\system32\drivers\CO_Mon.sys [2007-08-09 36056]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2007-03-09 309248]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2007-04-16 1161152]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-21 2920448]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-06-19 690432]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-11-26 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-11-26 29184]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-05-11 79664]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-05-11 81200]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-05-11 16432]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-11-26 14208]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-05-24 223616]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-20 99376]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081128.048\NAVENG.SYS [2008-11-20 89104]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081128.048\NAVEX15.SYS [2008-11-20 876112]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio; C:\Windows\system32\DRIVERS\RLVrtAuCbl.sys [2007-03-19 31616]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2008-02-01 279088]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-11-27 123952]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-06-07 181432]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-11-26 11264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-06-19 690432]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-11-26 220160]
S3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 DAMDrv;DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-19 2219520]
S3 PAC207;Eye 110; C:\Windows\system32\DRIVERS\PFC027.SYS [2007-10-25 616064]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-21 2920448]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2008-02-01 317616]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2006-11-02 41064]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2006-11-02 128104]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2007-02-06 69632]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2007-04-16 9216]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-07-21 610304]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-21 238968]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-06-05 61440]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 540448]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-11-24 1245064]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; C:\Windows\system32\flcdlock.exe [2007-06-08 172131]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-09-05 3220856]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-05-23 1010424]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-05-03 74656]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]

-----------------EOF-----------------


And a report from HijackThis -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07:55, on 29/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Owner\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.google.com
O1 - Hosts: 61.157.217.210 www.google.co.uk
O1 - Hosts: 61.157.217.210 www.myspace.com
O1 - Hosts: 61.157.217.210 www.youtube.com
O1 - Hosts: 61.157.217.210 www.facebook.com
O1 - Hosts: 61.157.217.210 www.live.com
O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.yahoo.co.uk
O1 - Hosts: 61.157.217.210 www.antispyware.com
O1 - Hosts: 61.157.217.210 antispyware.com
O1 - Hosts: 61.157.217.210 antispy.com
O1 - Hosts: 61.157.217.210 www.msn.com
O1 - Hosts: 204.16.197.121 www.asfvb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.3.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.657.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.34.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.45.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.asdv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvtrv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.g.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 61.157.217.210 www.antispy.com
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [BMISR] C:\Program Files\KYE\WebMate\BM.exe
O4 - HKLM\..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [explore] C:\Windows\system32\explore.exe
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 13235 bytes


I can't work out how to get the kaspersky report, but it said there was one infection.

Any help would really be greatly appreciated. :thumbsup:

Jess

BC AdBot (Login to Remove)

 


#2 magistix

magistix
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 30 November 2008 - 11:13 AM

Can nobody be bothered to help?

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:59 PM

Posted 14 December 2008 - 01:14 PM

Hello and :thumbsup: to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:59 PM

Posted 21 December 2008 - 01:10 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users