Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Pop-Ups just started


  • This topic is locked This topic is locked
35 replies to this topic

#1 Frank Vasquez

Frank Vasquez

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 16 June 2009 - 10:04 AM

Hello - need some help. I just started getting these Random Pop-Ups, and it is driving me crazy. I have run MBAM, downloaded the latest update and scanned entire HDD and removed what it found, but still getting these pop-ups.

Here is my HJT Log


Thanks for the HELP!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:29, on 6/16/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe
C:\Program Files (x86)\ASUS\AASP\1.00.78\aaCenter.exe
C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe
C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Users\Frank\AppData\Roaming\Save\Save.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\ASUS\TweakIt\TWeakIt.exe
C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\InstallShield Installation Information\{3A94E148-9C8B-4FE9-99DD-93072F99BE20}\AMBSPISyncService.exe
C:\Program Files\ASUS\Ai Suite\CPU Level UpEx\CpuLevelUp.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Users\Frank\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\Integrator.exe
C:\Program Files (x86)\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files (x86)\Winmx\MXMoni128Eb\MXMoniE.exe
C:\Program Files (x86)\Winmx\WinMX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Mirar - {239FF45C-AEFB-4D35-82DE-9F707CBC426F} - C:\Windows\SysWow64\winb978.dll (file missing)
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [TweakIt Help] "C:\Program Files (x86)\ASUS\TweakIt\TweakIt.exe" -r
O4 - HKLM\..\Run: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Launch Direct Link] "C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe"
O4 - HKLM\..\Run: [Launch As Cmd Runner] "C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe" -reg
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [CTSyncService] "C:\Program Files (x86)\InstallShield Installation Information\{3A94E148-9C8B-4FE9-99DD-93072F99BE20}\AMBSPISyncService.exe" /StartRunKey
O4 - HKLM\..\Run: [Cpu Level Up] "C:\Program Files\ASUS\Ai Suite\CPU Level UPEx\CpuLevelUp.exe" -r
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [Save] C:\Users\Frank\AppData\Roaming\Save\Save.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: AntiCrash.lnk = C:\Program Files (x86)\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = C:\Program Files (x86)\Dachshund Software\Hare\Hare.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: SetPointII.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files%20(x86)/The%20Clockwork%20Man/Images/stg_drm.ocx
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files%20(x86)/The%20Clockwork%20Man/Images/armhelper.ocx
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sound Blaster X-Fi MB Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 14082 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:58 AM

Posted 22 June 2009 - 06:35 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Posted Image
m0le is a proud member of UNITE

#3 Frank Vasquez

Frank Vasquez
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 23 June 2009 - 07:18 AM

I use Vista 64 Ultimate, and this tool says my OS is not supported.

I have run MBAM a couple of times, but I am still getting these random pop-ups - I will be in Firefox, and something will pop-up in Internet Explorer - kinda weird. There has to be something lurking in my system that calls on IE - just can't find it, and I don't want to start deleted processes to see what happens.

Let me know what I should do next.

Thanks!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:58 AM

Posted 23 June 2009 - 02:53 PM

Hi Frank Vasquez,

Sorry about that. Try this scanner.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Also run MBAM on full scan and post the log so I can see what it's finding.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:58 AM

Posted 26 June 2009 - 11:50 AM

Hi Frank Vasquez,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:58 AM

Posted 26 June 2009 - 12:15 PM

Sorry to interrupt here m0le,

Frank Vasquez,

You have had a few other HiJack This topics here in the past. You have not followed through to completion on any one of them. I suspect that you have been running the initial scan, symptoms disappear, and you think the problem is gone. Let me assure you that IS NOT the case. Just because symptoms are gone does not mean the infection is gone. Please stick with the topic until your helper declares you clean and gives you advice to prevent future infections. If you do not, you are simply wasting the limited time of the HJT team.

Back to you m0le.

Orange Blossom ~ forum moderator
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:58 AM

Posted 27 June 2009 - 05:17 AM

Thanks OB.

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :thumbup2:

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE

#8 Frank Vasquez

Frank Vasquez
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 29 June 2009 - 11:04 AM

Hi Frank Vasquez,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open.

If you like you can PM me.

Thanks,


m0le



I had been working with m0le on this issue, and he had asked me to download RSIT and post the logs along with MBAM.

Here is the Log from RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Frank at 2009-06-29 10:48:51
Microsoft® Windows Vista™ Ultimate Service Pack 2
System drive C: has 22 GB (5%) free of 477 GB
Total RAM: 6134 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:53, on 6/29/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe
C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Users\Frank\AppData\Roaming\Save\Save.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\ASUS\TweakIt\TWeakIt.exe
C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\InstallShield Installation Information\{3A94E148-9C8B-4FE9-99DD-93072F99BE20}\AMBSPISyncService.exe
C:\Program Files\ASUS\Ai Suite\CPU Level UpEx\CpuLevelUp.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Users\Frank\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
C:\Program Files (x86)\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\Integrator.exe
C:\Program Files (x86)\Winmx\MXMoni128Eb\MXMoniE.exe
C:\Program Files (x86)\Winmx\WinMX.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~2\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Frank\Documents\Downloads\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\Frank.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Mirar - {239FF45C-AEFB-4D35-82DE-9F707CBC426F} - C:\Windows\SysWow64\winb978.dll (file missing)
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [TweakIt Help] "C:\Program Files (x86)\ASUS\TweakIt\TweakIt.exe" -r
O4 - HKLM\..\Run: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Launch Direct Link] "C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe"
O4 - HKLM\..\Run: [Launch As Cmd Runner] "C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe" -reg
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [CTSyncService] "C:\Program Files (x86)\InstallShield Installation Information\{3A94E148-9C8B-4FE9-99DD-93072F99BE20}\AMBSPISyncService.exe" /StartRunKey
O4 - HKLM\..\Run: [Cpu Level Up] "C:\Program Files\ASUS\Ai Suite\CPU Level UPEx\CpuLevelUp.exe" -r
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [Save] C:\Users\Frank\AppData\Roaming\Save\Save.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: AntiCrash.lnk = C:\Program Files (x86)\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = C:\Program Files (x86)\Dachshund Software\Hare\Hare.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: SetPointII.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files%20(x86)/The%20Clockwork%20Man/Images/stg_drm.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files%20(x86)/The%20Clockwork%20Man/Images/armhelper.ocx
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sound Blaster X-Fi MB Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 14311 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{F6E705AC-0D2D-4642-BF1B-32ED47BE4ED9}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-04-06 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptcl.dll [2008-10-06 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{239FF45C-AEFB-4D35-82DE-9F707CBC426F} - Mirar - C:\Windows\SysWow64\winb978.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"=C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [2008-02-11 221288]
"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]
"TweakIt Help"=C:\Program Files (x86)\ASUS\TweakIt\TweakIt.exe [2008-10-01 817152]
"TurboV"=C:\Program Files (x86)\ASUS\TurboV\TurboV.exe [2008-10-09 4040192]
"TkBellExe"=C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [2009-04-06 198160]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"ShStatEXE"=C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\SHSTAT.EXE [2008-10-06 128848]
"RoxWatchTray"=C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-06-08 236016]
"QFan Help"=C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe [2008-05-06 594432]
"NBKeyScan"=C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-12-02 2221352]
"McAfeeUpdaterUI"=C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe [2007-10-25 136512]
"Launch Direct Link"=C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe [2008-10-14 1212416]
"Launch As Cmd Runner"=C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe [2008-06-17 376832]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"CTSyncService"=C:\Program Files (x86)\InstallShield Installation Information\{3A94E148-9C8B-4FE9-99DD-93072F99BE20}\AMBSPISyncService.exe [2008-04-17 1233196]
"Cpu Level Up"=C:\Program Files\ASUS\Ai Suite\CPU Level UPEx\CpuLevelUp.exe [2008-10-01 1166336]
"Ai Nap"=C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe [2008-09-19 1423360]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2008-03-16 1302528]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2009-06-05 292136]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-05-20 98304]
"ATICustomerCare"=C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [2008-05-02 307200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []
"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2009-06-15 1217784]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2009-01-27 2387968]
"ISUSPM"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-12-12 1840424]
"AnyDVD"=C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [2009-02-27 2542528]
"Save"=C:\Users\Frank\AppData\Roaming\Save\Save.exe [2009-06-13 198576]
"igndlm.exe"=C:\Program Files (x86)\Download Manager\DLM.exe [2009-05-14 1103216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SetPointII.lnk - C:\Program Files (x86)\Logitech\SetPoint II\SetPointII.exe
WinZip Quick Pick.lnk - C:\Program Files (x86)\WinZip\WZQKPICK.EXE

C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
AntiCrash.lnk - C:\Program Files (x86)\Dachshund Software\AntiCrash\AntiCrash.exe
Hare.lnk - C:\Program Files (x86)\Dachshund Software\Hare\Hare.exe
OpenOffice.org 3.0.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoActiveDesktopChanges"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2009-06-27 22:59:45 ----AH---- C:\Users\Frank\AppData\Roaming\dach100.dll
2009-06-19 00:52:52 ----D---- C:\c6b30e281a82be9ed56bb35126ca55
2009-06-18 20:35:00 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-06-18 20:35:00 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-06-18 20:34:59 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-06-18 20:34:59 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2009-06-18 20:34:59 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-06-18 20:34:58 ----A---- C:\Windows\system32\xactengine3_4.dll
2009-06-18 20:34:58 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2009-06-18 20:19:57 ----A---- C:\Windows\system32\pbsvc.exe
2009-06-18 20:05:38 ----D---- C:\Program Files (x86)\USArmy
2009-06-16 19:14:12 ----D---- C:\ProgramData\ATI
2009-06-16 19:05:29 ----D---- C:\Program Files (x86)\ATI
2009-06-16 19:02:16 ----D---- C:\Program Files (x86)\ATI Technologies
2009-06-16 14:15:27 ----D---- C:\Program Files (x86)\Download Manager
2009-06-16 14:15:15 ----D---- C:\Users\Frank\AppData\Roaming\IGN_DLM
2009-06-16 13:08:59 ----D---- C:\ProgramData\AA3DeployClient
2009-06-15 15:58:39 ----D---- C:\Users\Frank\AppData\Roaming\Apple Computer
2009-06-15 15:58:18 ----A---- C:\Windows\system32\GEARAspi.dll
2009-06-15 15:57:59 ----D---- C:\Program Files (x86)\iPod
2009-06-15 15:57:58 ----D---- C:\ProgramData\{35733029-9859-49C7-8475-1E78E2AAE413}
2009-06-15 15:57:58 ----D---- C:\Program Files (x86)\iTunes
2009-06-15 15:57:12 ----D---- C:\Program Files (x86)\Bonjour
2009-06-15 15:56:10 ----D---- C:\ProgramData\Apple Computer
2009-06-15 15:56:10 ----D---- C:\Program Files (x86)\QuickTime
2009-06-15 15:55:36 ----D---- C:\Program Files (x86)\Apple Software Update
2009-06-15 15:52:50 ----D---- C:\ProgramData\Apple
2009-06-15 15:52:50 ----D---- C:\Program Files (x86)\Common Files\Apple
2009-06-13 17:57:58 ----D---- C:\Users\Frank\AppData\Roaming\Save
2009-06-10 03:08:47 ----D---- C:\winmx
2009-06-09 13:15:49 ----A---- C:\Windows\system32\localspl.dll
2009-06-09 13:15:46 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-09 13:15:41 ----A---- C:\Windows\system32\mshtml.dll
2009-06-09 13:15:40 ----A---- C:\Windows\system32\ieframe.dll
2009-06-09 13:15:39 ----A---- C:\Windows\system32\wininet.dll
2009-06-09 13:15:39 ----A---- C:\Windows\system32\urlmon.dll
2009-06-09 13:15:39 ----A---- C:\Windows\system32\iertutil.dll
2009-06-09 13:15:38 ----A---- C:\Windows\system32\ieui.dll
2009-06-09 13:15:38 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-09 13:15:37 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-09 13:15:37 ----A---- C:\Windows\system32\iesetup.dll
2009-06-09 13:15:37 ----A---- C:\Windows\system32\iernonce.dll
2009-06-09 13:15:37 ----A---- C:\Windows\system32\ie4uinit.exe
2009-05-28 16:29:42 ----D---- C:\Windows\system32\vi-VN
2009-05-28 16:29:42 ----D---- C:\Windows\system32\eu-ES
2009-05-28 16:29:42 ----D---- C:\Windows\system32\ca-ES
2009-05-28 15:10:48 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-05-28 15:10:44 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-05-28 15:10:42 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-05-28 15:10:40 ----A---- C:\Windows\system32\SLCExt.dll
2009-05-28 15:10:39 ----A---- C:\Windows\system32\mssrch.dll
2009-05-28 15:10:37 ----A---- C:\Windows\system32\WscEapPr.dll
2009-05-28 15:10:37 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-05-28 15:10:35 ----A---- C:\Windows\system32\tquery.dll
2009-05-28 15:10:34 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-05-28 15:10:33 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-05-28 15:10:33 ----A---- C:\Windows\system32\RMActivate.exe
2009-05-28 15:10:32 ----A---- C:\Windows\system32\msi.dll
2009-05-28 15:10:31 ----A---- C:\Windows\system32\secproc_isv.dll
2009-05-28 15:10:31 ----A---- C:\Windows\system32\imapi2fs.dll
2009-05-28 15:10:30 ----A---- C:\Windows\system32\icardagt.exe
2009-05-28 15:10:29 ----A---- C:\Windows\system32\mf.dll
2009-05-28 15:10:28 ----A---- C:\Windows\system32\spwizui.dll
2009-05-28 15:10:28 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-05-28 15:10:26 ----A---- C:\Windows\system32\spreview.exe
2009-05-28 15:10:26 ----A---- C:\Windows\system32\spinstall.exe
2009-05-28 15:10:25 ----A---- C:\Windows\system32\shell32.dll
2009-05-28 15:10:25 ----A---- C:\Windows\system32\secproc.dll
2009-05-28 15:10:25 ----A---- C:\Windows\system32\drmv2clt.dll
2009-05-28 15:10:24 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-05-28 15:10:24 ----A---- C:\Windows\system32\p2psvc.dll
2009-05-28 15:10:24 ----A---- C:\Windows\system32\mssvp.dll
2009-05-28 15:10:24 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-05-28 15:10:24 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-05-28 15:10:23 ----A---- C:\Windows\system32\mscoree.dll
2009-05-28 15:10:23 ----A---- C:\Windows\system32\kernel32.dll
2009-05-28 15:10:22 ----A---- C:\Windows\system32\ntdll.dll
2009-05-28 15:10:22 ----A---- C:\Windows\system32\mssphtb.dll
2009-05-28 15:10:22 ----A---- C:\Windows\system32\mssph.dll
2009-05-28 15:10:22 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-05-28 15:10:22 ----A---- C:\Windows\system32\imapi2.dll
2009-05-28 15:10:21 ----A---- C:\Windows\system32\sdohlp.dll
2009-05-28 15:10:21 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-05-28 15:10:21 ----A---- C:\Windows\system32\esent.dll
2009-05-28 15:10:21 ----A---- C:\Windows\system32\DevicePairing.dll
2009-05-28 15:10:20 ----A---- C:\Windows\system32\sperror.dll
2009-05-28 15:10:20 ----A---- C:\Windows\system32\SLC.dll
2009-05-28 15:10:20 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-05-28 15:10:20 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-05-28 15:10:20 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-05-28 15:10:20 ----A---- C:\Windows\system32\korwbrkr.dll
2009-05-28 15:10:19 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-05-28 15:10:19 ----A---- C:\Windows\system32\wmp.dll
2009-05-28 15:10:19 ----A---- C:\Windows\system32\msshsq.dll
2009-05-28 15:10:19 ----A---- C:\Windows\system32\msjet40.dll
2009-05-28 15:10:19 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-05-28 15:10:18 ----A---- C:\Windows\system32\Query.dll
2009-05-28 15:10:18 ----A---- C:\Windows\system32\msxml6.dll
2009-05-28 15:10:17 ----A---- C:\Windows\system32\user32.dll
2009-05-28 15:10:17 ----A---- C:\Windows\system32\P2PGraph.dll
2009-05-28 15:10:17 ----A---- C:\Windows\system32\msexch40.dll
2009-05-28 15:10:17 ----A---- C:\Windows\system32\IasMigReader.exe
2009-05-28 15:10:17 ----A---- C:\Windows\system32\EhStorShell.dll
2009-05-28 15:10:16 ----A---- C:\Windows\system32\srchadmin.dll
2009-05-28 15:10:16 ----A---- C:\Windows\system32\ole32.dll
2009-05-28 15:10:16 ----A---- C:\Windows\system32\msxml3.dll
2009-05-28 15:10:16 ----A---- C:\Windows\system32\EncDec.dll
2009-05-28 15:10:16 ----A---- C:\Windows\explorer.exe
2009-05-28 15:10:15 ----A---- C:\Windows\system32\riched20.dll
2009-05-28 15:10:15 ----A---- C:\Windows\system32\mmc.exe
2009-05-28 15:10:15 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-05-28 15:10:15 ----A---- C:\Windows\system32\gdi32.dll
2009-05-28 15:10:15 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-05-28 15:10:14 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-05-28 15:10:14 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-05-28 15:10:14 ----A---- C:\Windows\system32\RacEngn.dll
2009-05-28 15:10:14 ----A---- C:\Windows\system32\milcore.dll
2009-05-28 15:10:14 ----A---- C:\Windows\system32\Magnify.exe
2009-05-28 15:10:14 ----A---- C:\Windows\system32\fdBth.dll
2009-05-28 15:10:14 ----A---- C:\Windows\system32\bcrypt.dll
2009-05-28 15:10:13 ----A---- C:\Windows\system32\spoolss.dll
2009-05-28 15:10:13 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-05-28 15:10:13 ----A---- C:\Windows\system32\CertEnroll.dll
2009-05-28 15:10:11 ----A---- C:\Windows\system32\msjtes40.dll
2009-05-28 15:10:10 ----A---- C:\Windows\system32\Storprop.dll
2009-05-28 15:10:10 ----A---- C:\Windows\system32\msvcp60.dll
2009-05-28 15:10:10 ----A---- C:\Windows\system32\infocardapi.dll
2009-05-28 15:10:10 ----A---- C:\Windows\system32\gpedit.dll
2009-05-28 15:10:10 ----A---- C:\Windows\system32\es.dll
2009-05-28 15:10:09 ----A---- C:\Windows\system32\mstext40.dll
2009-05-28 15:10:09 ----A---- C:\Windows\system32\advapi32.dll
2009-05-28 15:10:08 ----A---- C:\Windows\system32\WMPhoto.dll
2009-05-28 15:10:08 ----A---- C:\Windows\system32\WebClnt.dll
2009-05-28 15:10:08 ----A---- C:\Windows\system32\slwmi.dll
2009-05-28 15:10:08 ----A---- C:\Windows\system32\msxbde40.dll
2009-05-28 15:10:08 ----A---- C:\Windows\system32\msexcl40.dll
2009-05-28 15:10:08 ----A---- C:\Windows\system32\comsvcs.dll
2009-05-28 15:10:07 ----A---- C:\Windows\system32\vssapi.dll
2009-05-28 15:10:07 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-05-28 15:10:07 ----A---- C:\Windows\system32\authui.dll
2009-05-28 15:10:06 ----A---- C:\Windows\system32\PresentationHost.exe
2009-05-28 15:10:06 ----A---- C:\Windows\system32\newdev.dll
2009-05-28 15:10:06 ----A---- C:\Windows\system32\mstscax.dll
2009-05-28 15:10:06 ----A---- C:\Windows\system32\msrepl40.dll
2009-05-28 15:10:05 ----A---- C:\Windows\system32\propsys.dll
2009-05-28 15:10:05 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-28 15:10:05 ----A---- C:\Windows\system32\iasrecst.dll
2009-05-28 15:10:05 ----A---- C:\Windows\system32\eudcedit.exe
2009-05-28 15:10:05 ----A---- C:\Windows\system32\crypt32.dll
2009-05-28 15:10:04 ----A---- C:\Windows\system32\setupapi.dll
2009-05-28 15:10:04 ----A---- C:\Windows\system32\mspbde40.dll
2009-05-28 15:10:04 ----A---- C:\Windows\system32\explorer.exe
2009-05-28 15:10:03 ----A---- C:\Windows\system32\msltus40.dll
2009-05-28 15:10:03 ----A---- C:\Windows\system32\davclnt.dll
2009-05-28 15:10:03 ----A---- C:\Windows\system32\d3d9.dll
2009-05-28 15:10:02 ----A---- C:\Windows\system32\wevtapi.dll
2009-05-28 15:10:02 ----A---- C:\Windows\system32\shlwapi.dll
2009-05-28 15:10:02 ----A---- C:\Windows\system32\photowiz.dll
2009-05-28 15:10:02 ----A---- C:\Windows\system32\nlhtml.dll
2009-05-28 15:10:02 ----A---- C:\Windows\system32\msrd3x40.dll
2009-05-28 15:10:02 ----A---- C:\Windows\system32\mfc42.dll
2009-05-28 15:10:02 ----A---- C:\Windows\system32\browseui.dll
2009-05-28 15:10:01 ----A---- C:\Windows\system32\quartz.dll
2009-05-28 15:10:00 ----A---- C:\Windows\system32\winhttp.dll
2009-05-28 15:10:00 ----A---- C:\Windows\system32\win32spl.dll
2009-05-28 15:10:00 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-05-28 15:10:00 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-05-28 15:10:00 ----A---- C:\Windows\system32\oleaut32.dll
2009-05-28 15:10:00 ----A---- C:\Windows\system32\netshell.dll
2009-05-28 15:10:00 ----A---- C:\Windows\system32\msv1_0.dll
2009-05-28 15:10:00 ----A---- C:\Windows\system32\kerberos.dll
2009-05-28 15:10:00 ----A---- C:\Windows\system32\apds.dll
2009-05-28 15:09:59 ----A---- C:\Windows\system32\xmlfilter.dll
2009-05-28 15:09:59 ----A---- C:\Windows\system32\mswstr10.dll
2009-05-28 15:09:59 ----A---- C:\Windows\system32\msvcrt.dll
2009-05-28 15:09:59 ----A---- C:\Windows\system32\msctf.dll
2009-05-28 15:09:59 ----A---- C:\Windows\system32\mfc42u.dll
2009-05-28 15:09:58 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-05-28 15:09:58 ----A---- C:\Windows\system32\secur32.dll
2009-05-28 15:09:58 ----A---- C:\Windows\system32\msrd2x40.dll
2009-05-28 15:09:58 ----A---- C:\Windows\system32\eapphost.dll
2009-05-28 15:09:57 ----A---- C:\Windows\system32\shdocvw.dll
2009-05-28 15:09:57 ----A---- C:\Windows\system32\propdefs.dll
2009-05-28 15:09:57 ----A---- C:\Windows\system32\odbc32.dll
2009-05-28 15:09:56 ----A---- C:\Windows\system32\WsmSvc.dll
2009-05-28 15:09:56 ----A---- C:\Windows\system32\wevtutil.exe
2009-05-28 15:09:56 ----A---- C:\Windows\system32\mssitlb.dll
2009-05-28 15:09:56 ----A---- C:\Windows\system32\dbgeng.dll
2009-05-28 15:09:55 ----A---- C:\Windows\system32\usp10.dll
2009-05-28 15:09:55 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-05-28 15:09:54 ----A---- C:\Windows\system32\schannel.dll
2009-05-28 15:09:54 ----A---- C:\Windows\system32\netlogon.dll
2009-05-28 15:09:54 ----A---- C:\Windows\system32\msscb.dll
2009-05-28 15:09:54 ----A---- C:\Windows\system32\msctfp.dll
2009-05-28 15:09:54 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-05-28 15:09:54 ----A---- C:\Windows\system32\drvinst.exe
2009-05-28 15:09:54 ----A---- C:\Windows\system32\devmgr.dll
2009-05-28 15:09:54 ----A---- C:\Windows\system32\adsldpc.dll
2009-05-28 15:09:53 ----A---- C:\Windows\system32\WSDApi.dll
2009-05-28 15:09:53 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-05-28 15:09:53 ----A---- C:\Windows\system32\Wldap32.dll
2009-05-28 15:09:53 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-05-28 15:09:53 ----A---- C:\Windows\system32\wcnwiz.dll
2009-05-28 15:09:53 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-05-28 15:09:53 ----A---- C:\Windows\system32\evr.dll
2009-05-28 15:09:52 ----A---- C:\Windows\system32\wcncsvc.dll
2009-05-28 15:09:52 ----A---- C:\Windows\system32\services.exe
2009-05-28 15:09:52 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-05-28 15:09:52 ----A---- C:\Windows\system32\msjter40.dll
2009-05-28 15:09:52 ----A---- C:\Windows\system32\msdtcprx.dll
2009-05-28 15:09:52 ----A---- C:\Windows\system32\msdrm.dll
2009-05-28 15:09:52 ----A---- C:\Windows\system32\mimefilt.dll
2009-05-28 15:09:52 ----A---- C:\Windows\system32\comdlg32.dll
2009-05-28 15:09:52 ----A---- C:\Windows\system32\certcli.dll
2009-05-28 15:09:52 ----A---- C:\Windows\system32\adtschema.dll
2009-05-28 15:09:51 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-05-28 15:09:51 ----A---- C:\Windows\system32\taskeng.exe
2009-05-28 15:09:51 ----A---- C:\Windows\system32\rtffilt.dll
2009-05-28 15:09:51 ----A---- C:\Windows\system32\reg.exe
2009-05-28 15:09:51 ----A---- C:\Windows\system32\mswdat10.dll
2009-05-28 15:09:51 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-05-28 15:09:51 ----A---- C:\Windows\system32\dnsapi.dll
2009-05-28 15:09:51 ----A---- C:\Windows\system32\certutil.exe
2009-05-28 15:09:50 ----A---- C:\Windows\system32\rsaenh.dll
2009-05-28 15:09:50 ----A---- C:\Windows\system32\msshooks.dll
2009-05-28 15:09:50 ----A---- C:\Windows\system32\msscntrs.dll
2009-05-28 15:09:50 ----A---- C:\Windows\system32\msihnd.dll
2009-05-28 15:09:50 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-05-28 15:09:49 ----A---- C:\Windows\system32\scrptadm.dll
2009-05-28 15:09:49 ----A---- C:\Windows\system32\netapi32.dll
2009-05-28 15:09:49 ----A---- C:\Windows\system32\msstrc.dll
2009-05-28 15:09:49 ----A---- C:\Windows\system32\inetcomm.dll
2009-05-28 15:09:49 ----A---- C:\Windows\system32\dfshim.dll
2009-05-28 15:09:48 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-05-28 15:09:48 ----A---- C:\Windows\system32\mtxclu.dll
2009-05-28 15:09:48 ----A---- C:\Windows\system32\mscories.dll
2009-05-28 15:09:48 ----A---- C:\Windows\system32\hidserv.dll
2009-05-28 15:09:48 ----A---- C:\Windows\system32\fundisc.dll
2009-05-28 15:09:48 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-05-28 15:09:48 ----A---- C:\Windows\system32\cryptsvc.dll
2009-05-28 15:09:47 ----A---- C:\Windows\system32\imapi.dll
2009-05-28 15:09:47 ----A---- C:\Windows\system32\gameux.dll
2009-05-28 15:09:46 ----A---- C:\Windows\system32\wdc.dll
2009-05-28 15:09:46 ----A---- C:\Windows\system32\shsvcs.dll
2009-05-28 15:09:46 ----A---- C:\Windows\system32\msiexec.exe
2009-05-28 15:09:46 ----A---- C:\Windows\system32\imm32.dll
2009-05-28 15:09:46 ----A---- C:\Windows\system32\iassdo.dll
2009-05-28 15:09:46 ----A---- C:\Windows\system32\chsbrkr.dll
2009-05-28 15:09:45 ----A---- C:\Windows\system32\spcmsg.dll
2009-05-28 15:09:45 ----A---- C:\Windows\system32\slmgr.vbs
2009-05-28 15:09:45 ----A---- C:\Windows\system32\scrrun.dll
2009-05-28 15:09:45 ----A---- C:\Windows\system32\pnidui.dll
2009-05-28 15:09:45 ----A---- C:\Windows\system32\autofmt.exe
2009-05-28 15:09:44 ----A---- C:\Windows\system32\wmpmde.dll
2009-05-28 15:09:44 ----A---- C:\Windows\system32\pidgenx.dll
2009-05-28 15:09:44 ----A---- C:\Windows\system32\pdh.dll
2009-05-28 15:09:44 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-05-28 15:09:44 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-05-28 15:09:44 ----A---- C:\Windows\system32\azroles.dll
2009-05-28 15:09:43 ----A---- C:\Windows\system32\winlogon.exe
2009-05-28 15:09:43 ----A---- C:\Windows\system32\SyncCenter.dll
2009-05-28 15:09:43 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-05-28 15:09:43 ----A---- C:\Windows\system32\comuid.dll
2009-05-28 15:09:43 ----A---- C:\Windows\system32\certmgr.dll
2009-05-28 15:09:42 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-05-28 15:09:42 ----A---- C:\Windows\system32\untfs.dll
2009-05-28 15:09:42 ----A---- C:\Windows\system32\spp.dll
2009-05-28 15:09:42 ----A---- C:\Windows\system32\sethc.exe
2009-05-28 15:09:42 ----A---- C:\Windows\system32\scrobj.dll
2009-05-28 15:09:42 ----A---- C:\Windows\system32\rtutils.dll
2009-05-28 15:09:42 ----A---- C:\Windows\system32\ncrypt.dll
2009-05-28 15:09:42 ----A---- C:\Windows\system32\iassam.dll
2009-05-28 15:09:41 ----A---- C:\Windows\system32\taskcomp.dll
2009-05-28 15:09:41 ----A---- C:\Windows\system32\autochk.exe
2009-05-28 15:09:40 ----A---- C:\Windows\system32\WMVDECOD.DLL
2009-05-28 15:09:40 ----A---- C:\Windows\system32\userenv.dll
2009-05-28 15:09:40 ----A---- C:\Windows\system32\printui.dll
2009-05-28 15:09:40 ----A---- C:\Windows\system32\onex.dll
2009-05-28 15:09:40 ----A---- C:\Windows\system32\iasnap.dll
2009-05-28 15:09:40 ----A---- C:\Windows\system32\cscript.exe
2009-05-28 15:09:40 ----A---- C:\Windows\system32\basecsp.dll
2009-05-28 15:09:40 ----A---- C:\Windows\system32\autoconv.exe
2009-05-28 15:09:40 ----A---- C:\Windows\system32\audiodg.exe
2009-05-28 15:09:39 ----A---- C:\Windows\system32\osk.exe
2009-05-28 15:09:39 ----A---- C:\Windows\system32\mswsock.dll
2009-05-28 15:09:38 ----A---- C:\Windows\system32\WinSCard.dll
2009-05-28 15:09:38 ----A---- C:\Windows\system32\winmm.dll
2009-05-28 15:09:38 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-05-28 15:09:38 ----A---- C:\Windows\system32\Utilman.exe
2009-05-28 15:09:38 ----A---- C:\Windows\system32\RelMon.dll
2009-05-28 15:09:38 ----A---- C:\Windows\system32\rdpencom.dll
2009-05-28 15:09:38 ----A---- C:\Windows\system32\offfilt.dll
2009-05-28 15:09:38 ----A---- C:\Windows\system32\msftedit.dll
2009-05-28 15:09:37 ----A---- C:\Windows\system32\wscript.exe
2009-05-28 15:09:37 ----A---- C:\Windows\system32\WerFault.exe
2009-05-28 15:09:37 ----A---- C:\Windows\system32\stobject.dll
2009-05-28 15:09:37 ----A---- C:\Windows\system32\SndVol.exe
2009-05-28 15:09:37 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-05-28 15:09:37 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-05-28 15:09:37 ----A---- C:\Windows\system32\prnntfy.dll
2009-05-28 15:09:37 ----A---- C:\Windows\system32\odbccp32.dll
2009-05-28 15:09:37 ----A---- C:\Windows\system32\msnetobj.dll
2009-05-28 15:09:37 ----A---- C:\Windows\system32\mscms.dll
2009-05-28 15:09:37 ----A---- C:\Windows\system32\mfplat.dll
2009-05-28 15:09:37 ----A---- C:\Windows\system32\diskraid.exe
2009-05-28 15:09:37 ----A---- C:\Windows\system32\AudioEng.dll
2009-05-28 15:09:37 ----A---- C:\Windows\system32\apphelp.dll
2009-05-28 15:09:37 ----A---- C:\Windows\system32\adsmsext.dll
2009-05-28 15:09:36 ----A---- C:\Windows\system32\wscntfy.dll
2009-05-28 15:09:36 ----A---- C:\Windows\system32\wlangpui.dll
2009-05-28 15:09:36 ----A---- C:\Windows\system32\ulib.dll
2009-05-28 15:09:36 ----A---- C:\Windows\system32\rastapi.dll
2009-05-28 15:09:36 ----A---- C:\Windows\system32\pnpsetup.dll
2009-05-28 15:09:36 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-05-28 15:09:36 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-05-28 15:09:36 ----A---- C:\Windows\system32\iasdatastore.dll
2009-05-28 15:09:36 ----A---- C:\Windows\system32\fdProxy.dll
2009-05-28 15:09:36 ----A---- C:\Windows\system32\dsound.dll
2009-05-28 15:09:36 ----A---- C:\Windows\system32\cryptui.dll
2009-05-28 15:09:35 ----A---- C:\Windows\system32\vdsdyn.dll
2009-05-28 15:09:35 ----A---- C:\Windows\system32\rastls.dll
2009-05-28 15:09:35 ----A---- C:\Windows\system32\netiohlp.dll
2009-05-28 15:09:35 ----A---- C:\Windows\system32\logman.exe
2009-05-28 15:09:35 ----A---- C:\Windows\system32\iashlpr.dll
2009-05-28 15:09:35 ----A---- C:\Windows\system32\gpapi.dll
2009-05-28 15:09:35 ----A---- C:\Windows\system32\diskpart.exe
2009-05-28 15:09:34 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-05-28 15:09:34 ----A---- C:\Windows\system32\rasapi32.dll
2009-05-28 15:09:34 ----A---- C:\Windows\system32\ntprint.dll
2009-05-28 15:09:34 ----A---- C:\Windows\system32\mscorier.dll
2009-05-28 15:09:33 ----A---- C:\Windows\system32\zipfldr.dll
2009-05-28 15:09:33 ----A---- C:\Windows\system32\wusa.exe
2009-05-28 15:09:33 ----A---- C:\Windows\system32\wshext.dll
2009-05-28 15:09:33 ----A---- C:\Windows\system32\iasrad.dll
2009-05-28 15:09:33 ----A---- C:\Windows\system32\findstr.exe
2009-05-28 15:09:32 ----A---- C:\Windows\system32\netcenter.dll
2009-05-28 15:09:31 ----A---- C:\Windows\system32\wsnmp32.dll
2009-05-28 15:09:31 ----A---- C:\Windows\system32\wer.dll
2009-05-28 15:09:31 ----A---- C:\Windows\system32\themecpl.dll
2009-05-28 15:09:31 ----A---- C:\Windows\system32\rasdlg.dll
2009-05-28 15:09:31 ----A---- C:\Windows\system32\iassvcs.dll
2009-05-28 15:09:30 ----A---- C:\Windows\system32\tsbyuv.dll
2009-05-28 15:09:30 ----A---- C:\Windows\system32\slcc.dll
2009-05-28 15:09:30 ----A---- C:\Windows\system32\scansetting.dll
2009-05-28 15:09:30 ----A---- C:\Windows\system32\powrprof.dll
2009-05-28 15:09:30 ----A---- C:\Windows\system32\ntmarta.dll
2009-05-28 15:09:30 ----A---- C:\Windows\system32\msutb.dll
2009-05-28 15:09:30 ----A---- C:\Windows\system32\mstsc.exe
2009-05-28 15:09:30 ----A---- C:\Windows\system32\mstlsapi.dll
2009-05-28 15:09:30 ----A---- C:\Windows\system32\mssprxy.dll
2009-05-28 15:09:30 ----A---- C:\Windows\system32\iasads.dll
2009-05-28 15:09:29 ----A---- C:\Windows\system32\wlanhlp.dll
2009-05-28 15:09:29 ----A---- C:\Windows\system32\powercpl.dll
2009-05-28 15:09:29 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-05-28 15:09:29 ----A---- C:\Windows\system32\newdev.exe
2009-05-28 15:09:29 ----A---- C:\Windows\system32\networkmap.dll
2009-05-28 15:09:29 ----A---- C:\Windows\system32\lpk.dll
2009-05-28 15:09:29 ----A---- C:\Windows\system32\icardres.dll
2009-05-28 15:09:29 ----A---- C:\Windows\system32\iasacct.dll
2009-05-28 15:09:29 ----A---- C:\Windows\system32\connect.dll
2009-05-28 15:09:29 ----A---- C:\Windows\system32\authz.dll
2009-05-28 15:09:28 ----A---- C:\Windows\system32\usercpl.dll
2009-05-28 15:09:28 ----A---- C:\Windows\system32\themeui.dll
2009-05-28 15:09:28 ----A---- C:\Windows\system32\systemcpl.dll
2009-05-28 15:09:28 ----A---- C:\Windows\system32\sud.dll
2009-05-28 15:09:28 ----A---- C:\Windows\system32\samlib.dll
2009-05-28 15:09:28 ----A---- C:\Windows\system32\pcaui.dll
2009-05-28 15:09:28 ----A---- C:\Windows\system32\mmci.dll
2009-05-28 15:09:28 ----A---- C:\Windows\system32\autoplay.dll
2009-05-28 15:09:28 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-05-28 15:09:27 ----A---- C:\Windows\system32\wlanpref.dll
2009-05-28 15:09:27 ----A---- C:\Windows\system32\qdvd.dll
2009-05-28 15:09:26 ----A---- C:\Windows\system32\wpcao.dll
2009-05-28 15:09:26 ----A---- C:\Windows\system32\vdsutil.dll
2009-05-28 15:09:26 ----A---- C:\Windows\system32\tapisrv.dll
2009-05-28 15:09:26 ----A---- C:\Windows\system32\scksp.dll
2009-05-28 15:09:26 ----A---- C:\Windows\system32\rpchttp.dll
2009-05-28 15:09:26 ----A---- C:\Windows\system32\regapi.dll
2009-05-28 15:09:26 ----A---- C:\Windows\system32\msinfo32.exe
2009-05-28 15:09:26 ----A---- C:\Windows\system32\feclient.dll
2009-05-28 15:09:26 ----A---- C:\Windows\system32\cscobj.dll
2009-05-28 15:09:25 ----A---- C:\Windows\system32\WMPEncEn.dll
2009-05-28 15:09:25 ----A---- C:\Windows\system32\scesrv.dll
2009-05-28 15:09:25 ----A---- C:\Windows\system32\psisdecd.dll
2009-05-28 15:09:25 ----A---- C:\Windows\system32\oleprn.dll
2009-05-28 15:09:25 ----A---- C:\Windows\system32\mpr.dll
2009-05-28 15:09:25 ----A---- C:\Windows\system32\dot3msm.dll
2009-05-28 15:09:25 ----A---- C:\Windows\system32\AudioSes.dll
2009-05-28 15:09:24 ----A---- C:\Windows\system32\wscisvif.dll
2009-05-28 15:09:24 ----A---- C:\Windows\system32\rekeywiz.exe
2009-05-28 15:09:24 ----A---- C:\Windows\system32\qedit.dll
2009-05-28 15:09:24 ----A---- C:\Windows\system32\perfdisk.dll
2009-05-28 15:09:24 ----A---- C:\Windows\system32\ncryptui.dll
2009-05-28 15:09:24 ----A---- C:\Windows\system32\iaspolcy.dll
2009-05-28 15:09:24 ----A---- C:\Windows\system32\Faultrep.dll
2009-05-28 15:09:24 ----A---- C:\Windows\system32\dpapimig.exe
2009-05-28 15:09:24 ----A---- C:\Windows\system32\certreq.exe
2009-05-28 15:09:23 ----A---- C:\Windows\system32\TSTheme.exe
2009-05-28 15:09:23 ----A---- C:\Windows\system32\spwinsat.dll
2009-05-28 15:09:23 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-05-28 15:09:23 ----A---- C:\Windows\system32\scecli.dll
2009-05-28 15:09:23 ----A---- C:\Windows\system32\rasplap.dll
2009-05-28 15:09:23 ----A---- C:\Windows\system32\rasgcw.dll
2009-05-28 15:09:23 ----A---- C:\Windows\system32\hdwwiz.exe
2009-05-28 15:09:23 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-05-28 15:09:22 ----A---- C:\Windows\system32\whealogr.dll
2009-05-28 15:09:22 ----A---- C:\Windows\system32\tcpmon.dll
2009-05-28 15:09:22 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-05-28 15:09:22 ----A---- C:\Windows\system32\fdWSD.dll
2009-05-28 15:09:22 ----A---- C:\Windows\system32\cmmon32.exe
2009-05-28 15:09:21 ----A---- C:\Windows\system32\SCardSvr.dll
2009-05-28 15:09:21 ----A---- C:\Windows\system32\raschap.dll
2009-05-28 15:09:21 ----A---- C:\Windows\system32\conime.exe
2009-05-28 15:09:21 ----A---- C:\Windows\system32\cmdial32.dll
2009-05-28 15:09:20 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-05-28 15:09:20 ----A---- C:\Windows\system32\wlanui.dll
2009-05-28 15:09:20 ----A---- C:\Windows\system32\wlanmsm.dll
2009-05-28 15:09:20 ----A---- C:\Windows\system32\wiaaut.dll
2009-05-28 15:09:20 ----A---- C:\Windows\system32\shwebsvc.dll
2009-05-28 15:09:20 ----A---- C:\Windows\system32\rasppp.dll
2009-05-28 15:09:20 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-05-28 15:09:20 ----A---- C:\Windows\system32\fontext.dll
2009-05-28 15:09:20 ----A---- C:\Windows\system32\dsprop.dll
2009-05-28 15:09:20 ----A---- C:\Windows\system32\dimsroam.dll
2009-05-28 15:09:19 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-05-28 15:09:19 ----A---- C:\Windows\system32\shsetup.dll
2009-05-28 15:09:19 ----A---- C:\Windows\system32\rasmontr.dll
2009-05-28 15:09:19 ----A---- C:\Windows\system32\oobefldr.dll
2009-05-28 15:09:19 ----A---- C:\Windows\system32\mscandui.dll
2009-05-28 15:09:19 ----A---- C:\Windows\system32\modemui.dll
2009-05-28 15:09:19 ----A---- C:\Windows\system32\chtbrkr.dll
2009-05-28 15:09:18 ----A---- C:\Windows\system32\WSDMon.dll
2009-05-28 15:09:18 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-05-28 15:09:18 ----A---- C:\Windows\system32\netplwiz.dll
2009-05-28 15:09:18 ----A---- C:\Windows\system32\dataclen.dll
2009-05-28 15:09:18 ----A---- C:\Windows\system32\credui.dll
2009-05-28 15:09:18 ----A---- C:\Windows\system32\blackbox.dll
2009-05-28 15:09:18 ----A---- C:\Windows\system32\appmgmts.dll
2009-05-28 15:09:17 ----A---- C:\Windows\system32\wpcsvc.dll
2009-05-28 15:09:17 ----A---- C:\Windows\system32\wmpeffects.dll
2009-05-28 15:09:17 ----A---- C:\Windows\system32\networkexplorer.dll
2009-05-28 15:09:17 ----A---- C:\Windows\system32\msscp.dll
2009-05-28 15:09:17 ----A---- C:\Windows\system32\logagent.exe
2009-05-28 15:09:17 ----A---- C:\Windows\system32\InkEd.dll
2009-05-28 15:09:17 ----A---- C:\Windows\system32\ifmon.dll
2009-05-28 15:09:17 ----A---- C:\Windows\system32\cipher.exe
2009-05-28 15:09:17 ----A---- C:\Windows\system32\AUDIOKSE.dll
2009-05-28 15:09:16 ----A---- C:\Windows\system32\wscapi.dll
2009-05-28 15:09:16 ----A---- C:\Windows\system32\wpdwcn.dll
2009-05-28 15:09:16 ----A---- C:\Windows\system32\thawbrkr.dll
2009-05-28 15:09:16 ----A---- C:\Windows\system32\softkbd.dll
2009-05-28 15:09:16 ----A---- C:\Windows\system32\sendmail.dll
2009-05-28 15:09:16 ----A---- C:\Windows\system32\msimtf.dll
2009-05-28 15:09:16 ----A---- C:\Windows\system32\msctfui.dll
2009-05-28 15:09:16 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-05-28 15:09:16 ----A---- C:\Windows\system32\gpresult.exe
2009-05-28 15:09:15 ----A---- C:\Windows\system32\olepro32.dll
2009-05-28 15:09:15 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-05-28 15:09:15 ----A---- C:\Windows\system32\dmsynth.dll
2009-05-28 15:09:15 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-05-28 15:09:14 ----A---- C:\Windows\system32\wshbth.dll
2009-05-28 15:09:14 ----A---- C:\Windows\system32\wmdrmdev.dll
2009-05-28 15:09:14 ----A---- C:\Windows\system32\version.dll
2009-05-28 15:09:14 ----A---- C:\Windows\system32\puiapi.dll
2009-05-28 15:09:14 ----A---- C:\Windows\system32\msisip.dll
2009-05-28 15:09:14 ----A---- C:\Windows\system32\mprapi.dll
2009-05-28 15:09:14 ----A---- C:\Windows\system32\input.dll
2009-05-28 15:09:14 ----A---- C:\Windows\system32\fc.exe
2009-05-28 15:09:14 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-05-28 15:09:13 ----A---- C:\Windows\system32\WMADMOD.DLL
2009-05-28 15:09:13 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-05-28 15:09:13 ----A---- C:\Windows\system32\fdSSDP.dll
2009-05-28 15:09:13 ----A---- C:\Windows\system32\dmusic.dll
2009-05-28 15:09:13 ----A---- C:\Windows\system32\cscapi.dll
2009-05-28 15:09:12 ----A---- C:\Windows\system32\wsdchngr.dll
2009-05-28 15:09:12 ----A---- C:\Windows\system32\wmdrmnet.dll
2009-05-28 15:09:12 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-05-28 15:09:12 ----A---- C:\Windows\system32\rrinstaller.exe
2009-05-28 15:09:12 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-05-28 15:09:12 ----A---- C:\Windows\system32\msjint40.dll
2009-05-28 15:09:12 ----A---- C:\Windows\system32\l2nacp.dll
2009-05-28 15:09:12 ----A---- C:\Windows\system32\ftp.exe
2009-05-28 15:09:12 ----A---- C:\Windows\system32\eapp3hst.dll
2009-05-28 15:09:12 ----A---- C:\Windows\system32\cscdll.dll
2009-05-28 15:09:11 ----A---- C:\Windows\system32\tscupgrd.exe
2009-05-28 15:09:11 ----A---- C:\Windows\system32\rasdial.exe
2009-05-28 15:09:11 ----A---- C:\Windows\system32\rasdiag.dll
2009-05-28 15:09:11 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-05-28 15:09:11 ----A---- C:\Windows\system32\MSMPEG2ENC.DLL
2009-05-28 15:09:11 ----A---- C:\Windows\system32\MSAC3ENC.DLL
2009-05-28 15:09:11 ----A---- C:\Windows\system32\mfps.dll
2009-05-28 15:09:11 ----A---- C:\Windows\system32\ipconfig.exe
2009-05-28 15:09:11 ----A---- C:\Windows\system32\gpscript.exe
2009-05-28 15:09:11 ----A---- C:\Windows\system32\fdWCN.dll
2009-05-28 15:09:11 ----A---- C:\Windows\system32\eappcfg.dll
2009-05-28 15:09:11 ----A---- C:\Windows\system32\dot3cfg.dll
2009-05-28 15:09:11 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-05-28 15:09:11 ----A---- C:\Windows\system32\bthudtask.exe
2009-05-28 15:09:11 ----A---- C:\Windows\system32\aaclient.dll
2009-05-28 15:09:10 ----A---- C:\Windows\system32\slcinst.dll
2009-05-28 15:09:10 ----A---- C:\Windows\system32\ocsetup.exe
2009-05-28 15:09:10 ----A---- C:\Windows\system32\nslookup.exe
2009-05-28 15:09:10 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-05-28 15:09:10 ----A---- C:\Windows\system32\gpscript.dll
2009-05-28 15:09:10 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-05-28 15:09:10 ----A---- C:\Windows\system32\eappgnui.dll
2009-05-28 15:09:09 ----A---- C:\Windows\system32\tsgqec.dll
2009-05-28 15:09:09 ----A---- C:\Windows\system32\mmcico.dll
2009-05-28 15:09:09 ----A---- C:\Windows\system32\mfpmp.exe
2009-05-28 15:09:09 ----A---- C:\Windows\system32\hbaapi.dll
2009-05-28 15:09:09 ----A---- C:\Windows\system32\fdeploy.dll
2009-05-28 15:09:08 ----A---- C:\Windows\system32\gpupdate.exe
2009-05-28 15:09:08 ----A---- C:\Windows\system32\atmlib.dll
2009-05-28 15:09:07 ----A---- C:\Windows\system32\NcdProp.dll
2009-05-28 15:09:06 ----A---- C:\Windows\system32\wmpps.dll
2009-05-28 15:09:06 ----A---- C:\Windows\system32\vdmdbg.dll
2009-05-28 15:09:06 ----A---- C:\Windows\system32\odbcconf.dll
2009-05-28 15:09:05 ----A---- C:\Windows\system32\winrnr.dll
2009-05-28 15:09:05 ----A---- C:\Windows\system32\slwga.dll
2009-05-28 15:09:04 ----A---- C:\Windows\system32\midimap.dll
2009-05-28 15:09:04 ----A---- C:\Windows\system32\atmfd.dll
2009-05-28 15:09:02 ----A---- C:\Windows\system32\spwmp.dll
2009-05-28 15:09:01 ----A---- C:\Windows\system32\wmploc.DLL
2009-05-28 15:09:01 ----A---- C:\Windows\system32\msimsg.dll
2009-05-28 15:09:01 ----A---- C:\Windows\system32\mferror.dll
2009-05-28 15:09:01 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-05-28 15:09:01 ----A---- C:\Windows\system32\dxmasf.dll
2009-05-28 15:08:48 ----A---- C:\Windows\system32\wdscore.dll
2009-05-28 15:08:39 ----A---- C:\Windows\system32\drvstore.dll
2009-05-20 14:37:29 ----D---- C:\Users\Frank\AppData\Roaming\Ubisoft
2009-05-20 14:32:31 ----D---- C:\ProgramData\Ubisoft
2009-05-17 21:24:49 ----D---- C:\Program Files (x86)\Schmads Inc
2009-05-16 22:21:50 ----D---- C:\Users\Frank\AppData\Roaming\teamspeak2
2009-05-16 22:21:27 ----D---- C:\Program Files (x86)\Teamspeak2_RC2
2009-05-16 08:50:16 ----D---- C:\Program Files (x86)\Windows Installer Clean Up
2009-05-16 01:16:58 ----D---- C:\rsit
2009-05-15 23:49:41 ----A---- C:\Windows\system32\tmp.txt
2009-05-15 23:49:41 ----A---- C:\Users\Frank\AppData\Roaming\SetValue.bat
2009-05-15 23:49:41 ----A---- C:\Users\Frank\AppData\Roaming\GetValue.vbs
2009-05-15 23:49:36 ----A---- C:\rapport.txt
2009-05-15 23:48:04 ----A---- C:\VundoFix.txt
2009-05-15 23:47:18 ----D---- C:\ComboFix
2009-05-15 23:47:18 ----A---- C:\Windows\system32\CF3545.exe
2009-05-15 23:46:28 ----D---- C:\Qoobox
2009-05-15 23:46:28 ----A---- C:\Bug.txt
2009-05-15 23:46:26 ----A---- C:\Windows\system32\cmd.execf
2009-05-15 23:22:32 ----A---- C:\Windows\system32\atipdlxx.dll
2009-05-15 23:22:19 ----A---- C:\Windows\system32\Oemdspif.dll
2009-05-15 23:22:02 ----A---- C:\Windows\system32\ati2edxx.dll
2009-05-15 23:19:18 ----A---- C:\Windows\system32\atidxx32.dll
2009-05-15 23:13:43 ----D---- C:\Program Files (x86)\Trend Micro
2009-05-15 23:08:33 ----A---- C:\Windows\system32\atiumdag.dll
2009-05-15 22:53:48 ----A---- C:\Windows\system32\atiumdva.dll
2009-05-15 22:42:08 ----A---- C:\Windows\system32\atimpc32.dll
2009-05-15 22:42:08 ----A---- C:\Windows\system32\amdpcom32.dll
2009-05-15 22:41:38 ----A---- C:\Windows\system32\atiadlxy.dll
2009-05-15 22:40:35 ----A---- C:\Windows\system32\atioglxx.dll
2009-05-15 22:00:47 ----A---- C:\Windows\system32\aticalrt.dll
2009-05-15 22:00:32 ----A---- C:\Windows\system32\aticalcl.dll
2009-05-15 21:59:29 ----A---- C:\Windows\system32\aticaldd.dll
2009-05-15 16:30:31 ----D---- C:\Windows\pss
2009-05-10 15:28:34 ----D---- C:\Users\Frank\AppData\Roaming\Bioshock
2009-05-09 13:07:02 ----D---- C:\Users\Frank\AppData\Roaming\SUPERAntiSpyware.com
2009-05-09 13:07:02 ----D---- C:\Program Files (x86)\SUPERAntiSpyware
2009-05-07 22:31:26 ----D---- C:\ProgramData\Eidos
2009-05-07 22:31:26 ----D---- C:\Program Files (x86)\OpenAL
2009-05-07 22:31:26 ----D---- C:\Program Files (x86)\Eidos
2009-04-30 23:05:00 ----D---- C:\Users\Frank\AppData\Roaming\Atari
2009-04-30 23:04:05 ----D---- C:\ProgramData\Tages
2009-04-30 21:33:19 ----D---- C:\Program Files (x86)\Atari
2009-04-30 20:23:41 ----D---- C:\Program Files (x86)\UberSoldier
2009-04-29 15:34:45 ----D---- C:\Program Files (x86)\Return to Castle Wolfenstein DEMO
2009-04-29 02:09:35 ----D---- C:\Program Files (x86)\Defraggler
2009-04-22 00:20:44 ----A---- C:\Windows\system32\xlivefnt.dll
2009-04-22 00:20:44 ----A---- C:\Windows\system32\xlive.dll
2009-04-22 00:19:06 ----A---- C:\Windows\system32\xlive.dll.cat
2009-04-18 11:19:21 ----D---- C:\Users\Frank\AppData\Roaming\Total Eclipse
2009-04-18 11:19:12 ----AD---- C:\ProgramData\TEMP
2009-04-18 11:00:57 ----D---- C:\Users\Frank\AppData\Roaming\SpinTop
2009-04-17 10:35:04 ----D---- C:\Users\Frank\AppData\Roaming\SpinTop Games
2009-04-17 10:34:28 ----D---- C:\ProgramData\PopCap Games
2009-04-17 09:35:58 ----D---- C:\Windows\system32\Adobe
2009-04-14 22:22:58 ----D---- C:\Program Files (x86)\PeerGuardian2
2009-04-14 22:16:01 ----D---- C:\Program Files (x86)\uTorrent
2009-04-14 22:15:52 ----D---- C:\Users\Frank\AppData\Roaming\uTorrent
2009-04-13 19:50:13 ----D---- C:\Users\Frank\AppData\Roaming\Braid
2009-04-12 13:01:01 ----D---- C:\QUARANTINE
2009-04-09 18:24:10 ----D---- C:\Program Files (x86)\Roxio
2009-04-09 18:24:10 ----D---- C:\Program Files (x86)\Common Files\Sonic Shared
2009-04-09 18:21:18 ----D---- C:\Program Files (x86)\Common Files\Research In Motion
2009-04-09 18:21:15 ----D---- C:\Program Files (x86)\Research In Motion
2009-04-08 13:50:36 ----D---- C:\Program Files (x86)\Byteswarm
2009-04-06 01:04:14 ----D---- C:\Program Files (x86)\Common Files\xing shared
2009-04-06 01:04:06 ----A---- C:\Windows\system32\rmoc3260.dll
2009-04-06 01:04:02 ----A---- C:\Windows\system32\pndx5032.dll
2009-04-06 01:04:02 ----A---- C:\Windows\system32\pndx5016.dll
2009-04-06 01:04:01 ----A---- C:\Windows\system32\pncrt.dll
2009-04-06 01:03:59 ----D---- C:\Users\Frank\AppData\Roaming\Real
2009-04-06 01:03:59 ----D---- C:\Program Files (x86)\Common Files\Real
2009-04-05 19:59:23 ----D---- C:\Windows\Minidump
2009-04-05 14:27:08 ----D---- C:\Users\Frank\AppData\Roaming\Malwarebytes
2009-04-05 14:27:01 ----D---- C:\ProgramData\Malwarebytes
2009-04-05 14:27:00 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-04-04 23:16:26 ----A---- C:\Windows\game.ini
2009-04-04 22:44:55 ----SHD---- C:\Windows\ftpcache
2009-04-04 22:30:23 ----D---- C:\Program Files (x86)\Activision
2009-04-03 15:06:00 ----A---- C:\Windows\system32\javaws.exe
2009-04-03 15:06:00 ----A---- C:\Windows\system32\javaw.exe
2009-04-03 15:06:00 ----A---- C:\Windows\system32\java.exe
2009-04-02 15:17:45 ----D---- C:\ProgramData\Media Center Programs
2009-04-01 02:03:58 ----D---- C:\Windows\system32\WindowsPowerShell
2009-04-01 02:00:03 ----D---- C:\Program Files (x86)\Windows Live SkyDrive
2009-04-01 01:59:50 ----D---- C:\Program Files (x86)\Windows Live
2009-04-01 01:59:43 ----D---- C:\Windows\PCHEALTH
2009-04-01 01:59:26 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2009-04-01 01:56:08 ----D---- C:\Program Files (x86)\Common Files\Windows Live

======List of files/folders modified in the last 3 months======

2009-06-29 10:48:51 ----D---- C:\Windows\Temp
2009-06-29 10:46:23 ----A---- C:\Windows\NeroDigital.ini
2009-06-29 10:16:28 ----D---- C:\Windows\Prefetch
2009-06-29 10:15:20 ----D---- C:\Program Files (x86)\Mozilla Firefox
2009-06-29 10:05:08 ----D---- C:\Windows
2009-06-29 00:00:17 ----SHD---- C:\System Volume Information
2009-06-28 22:15:11 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-06-28 22:15:08 ----D---- C:\Program Files (x86)\Steam
2009-06-24 03:00:16 ----D---- C:\Windows\winsxs
2009-06-24 03:00:16 ----D---- C:\Program Files (x86)\Internet Explorer
2009-06-20 14:07:57 ----RSD---- C:\Windows\assembly
2009-06-18 21:51:05 ----A---- C:\Windows\system32\PnkBstrA.exe
2009-06-18 20:35:01 ----D---- C:\Windows\system32\directx
2009-06-18 20:35:01 ----D---- C:\Windows\System32
2009-06-18 20:35:00 ----D---- C:\Windows\SysWOW64
2009-06-18 20:34:49 ----HD---- C:\Windows\msdownld.tmp
2009-06-18 20:12:00 ----HD---- C:\ProgramData
2009-06-18 20:05:38 ----RD---- C:\Program Files (x86)
2009-06-16 19:18:40 ----D---- C:\Windows\inf
2009-06-16 19:14:12 ----D---- C:\Users\Frank\AppData\Roaming\ATI
2009-06-16 19:05:29 ----SHD---- C:\Windows\Installer
2009-06-16 19:02:06 ----RD---- C:\Program Files
2009-06-16 18:56:25 ----D---- C:\Program Files (x86)\Driver Sweeper
2009-06-16 14:15:15 ----SD---- C:\Windows\Downloaded Program Files
2009-06-15 21:00:37 ----D---- C:\Program Files (x86)\Common Files\Steam
2009-06-15 20:54:50 ----D---- C:\Users\Frank\AppData\Roaming\FrostWire
2009-06-15 20:36:46 ----D---- C:\Program Files (x86)\FrostWire
2009-06-15 18:18:23 ----D---- C:\Windows\Debug
2009-06-15 15:52:50 ----D---- C:\Program Files (x86)\Common Files
2009-06-14 01:07:59 ----D---- C:\Windows\Microsoft.NET
2009-06-13 23:24:04 ----D---- C:\ProgramData\InstallShield
2009-06-13 23:23:52 ----D---- C:\Program Files (x86)\Analog Devices
2009-06-13 22:11:11 ----D---- C:\Windows\ehome
2009-06-10 03:13:58 ----D---- C:\Windows\system32\migration
2009-06-05 09:26:50 ----D---- C:\Windows\system32\drivers
2009-05-28 16:53:52 ----D---- C:\Windows\rescache
2009-05-28 16:40:23 ----SHD---- C:\Boot
2009-05-28 16:33:07 ----D---- C:\Program Files (x86)\Windows Sidebar
2009-05-28 16:33:07 ----D---- C:\Program Files (x86)\Windows Mail
2009-05-28 16:33:06 ----D---- C:\Program Files (x86)\Windows Media Player
2009-05-28 16:33:06 ----D---- C:\Program Files (x86)\Windows Calendar
2009-05-28 16:33:04 ----D---- C:\Program Files (x86)\Windows Photo Gallery
2009-05-28 16:33:04 ----D---- C:\Program Files (x86)\Common Files\System
2009-05-28 16:32:59 ----D---- C:\Windows\servicing
2009-05-28 16:32:33 ----D---- C:\Windows\system32\XPSViewer
2009-05-28 16:32:33 ----D---- C:\Windows\system32\sk-SK
2009-05-28 16:32:33 ----D---- C:\Windows\system32\lv-LV
2009-05-28 16:32:33 ----D---- C:\Windows\system32\ko-KR
2009-05-28 16:32:33 ----D---- C:\Windows\system32\hr-HR
2009-05-28 16:32:33 ----D---- C:\Windows\system32\et-EE
2009-05-28 16:32:33 ----D---- C:\Windows\system32\da-DK
2009-05-28 16:32:32 ----D---- C:\Windows\system32\en-US
2009-05-28 16:32:28 ----D---- C:\Windows\system32\oobe
2009-05-28 16:32:28 ----D---- C:\Windows\system32\it-IT
2009-05-28 16:32:28 ----D---- C:\Windows\system32\el-GR
2009-05-28 16:32:28 ----D---- C:\Windows\system32\de-DE
2009-05-28 16:32:24 ----D---- C:\Windows\system32\sv-SE
2009-05-28 16:32:24 ----D---- C:\Windows\system32\SLUI
2009-05-28 16:32:24 ----D---- C:\Windows\system32\setup
2009-05-28 16:32:24 ----D---- C:\Windows\system32\ru-RU
2009-05-28 16:32:24 ----D---- C:\Windows\system32\pt-PT
2009-05-28 16:32:24 ----D---- C:\Windows\system32\hu-HU
2009-05-28 16:32:24 ----D---- C:\Windows\system32\he-IL
2009-05-28 16:32:24 ----D---- C:\Windows\system32\fr-FR
2009-05-28 16:32:24 ----D---- C:\Windows\system32\fi-FI
2009-05-28 16:32:24 ----D---- C:\Windows\system32\cs-CZ
2009-05-28 16:32:24 ----D---- C:\Windows\system32\AdvancedInstallers
2009-05-28 16:32:23 ----D---- C:\Windows\system32\zh-TW
2009-05-28 16:32:23 ----D---- C:\Windows\system32\zh-CN
2009-05-28 16:32:23 ----D---- C:\Windows\system32\uk-UA
2009-05-28 16:32:23 ----D---- C:\Windows\system32\sr-Latn-CS
2009-05-28 16:32:23 ----D---- C:\Windows\system32\sl-SI
2009-05-28 16:32:23 ----D---- C:\Windows\system32\ro-RO
2009-05-28 16:32:23 ----D---- C:\Windows\system32\pl-PL
2009-05-28 16:32:23 ----D---- C:\Windows\system32\manifeststore
2009-05-28 16:32:23 ----D---- C:\Windows\system32\ja-JP
2009-05-28 16:32:23 ----D---- C:\Windows\system32\es-ES
2009-05-28 16:32:23 ----D---- C:\Windows\system32\en
2009-05-28 16:32:23 ----D---- C:\Windows\system32\bg-BG
2009-05-28 16:32:22 ----D---- C:\Windows\system32\tr-TR
2009-05-28 16:32:22 ----D---- C:\Windows\system32\th-TH
2009-05-28 16:32:21 ----D---- C:\Windows\system32\wbem
2009-05-28 16:32:20 ----D---- C:\Windows\system32\nl-NL
2009-05-28 16:32:20 ----D---- C:\Windows\system32\nb-NO
2009-05-28 16:32:20 ----D---- C:\Windows\system32\lt-LT
2009-05-28 16:32:20 ----D---- C:\Windows\system32\ar-SA
2009-05-28 16:32:19 ----D---- C:\Windows\system32\pt-BR
2009-05-28 16:32:19 ----D---- C:\Windows\system32\migwiz
2009-05-28 16:31:31 ----D---- C:\Windows\IME
2009-05-28 16:31:30 ----D---- C:\Windows\PolicyDefinitions
2009-05-28 16:30:00 ----RSD---- C:\Windows\Fonts
2009-05-28 16:29:59 ----D---- C:\Windows\AppPatch
2009-05-27 10:54:16 ----D---- C:\Program Files (x86)\EA GAMES
2009-05-16 08:49:46 ----D---- C:\Program Files (x86)\MSECache
2009-05-16 08:27:16 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2009-05-15 23:06:38 ----RD---- C:\Users
2009-05-15 19:14:47 ----D---- C:\Windows\Tasks
2009-05-15 19:14:46 ----D---- C:\Users\Frank\AppData\Roaming\Ventrilo
2009-05-15 19:14:43 ----D---- C:\Windows\registration
2009-05-15 17:52:16 ----SD---- C:\ProgramData\Microsoft
2009-05-15 17:40:27 ----D---- C:\Program Files (x86)\SpeedFan
2009-05-14 17:37:19 ----D---- C:\ProgramData\DVD Shrink
2009-05-09 13:22:44 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2009-05-07 22:31:26 ----A---- C:\Windows\system32\wrap_oal.dll
2009-05-07 22:31:26 ----A---- C:\Windows\system32\OpenAL32.dll
2009-05-01 19:01:39 ----SHD---- C:\$Recycle.Bin
2009-04-14 12:38:35 ----D---- C:\Program Files (x86)\Winmx
2009-04-12 13:31:26 ----SD---- C:\Users\Frank\AppData\Roaming\Microsoft
2009-04-09 18:25:03 ----D---- C:\Program Files (x86)\Common Files\Roxio Shared
2009-04-09 18:25:02 ----D---- C:\Program Files (x86)\Common Files\PX Storage Engine
2009-04-09 18:24:15 ----D---- C:\ProgramData\Roxio
2009-04-08 13:50:24 ----A---- C:\Windows\iun6002.exe
2009-04-03 15:05:59 ----D---- C:\Program Files (x86)\Java
2009-04-01 02:00:13 ----D---- C:\Program Files (x86)\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2007-12-17 14392]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []
R1 mfetdik;McAfee Inc.; C:\Windows\system32\drivers\mfetdik.sys []
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys []
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys []
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2009-01-29 120256]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\Windows\system32\DRIVERS\L8042mou.Sys []
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys []
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys []
R3 LMouKE;SetPoint Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouKE.Sys []
R3 mfeapfk;McAfee Inc.; C:\Windows\system32\drivers\mfeapfk.sys []
R3 mfeavfk;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk.sys []
R3 mfehidk;McAfee Inc.; C:\Windows\system32\drivers\mfehidk.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys []
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys []
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys []
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys []
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys []
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 SkLaggProtocol;Marvell Link Aggregation Protocol; C:\Windows\system32\DRIVERS\yk60x64l.sys []
S3 SkVlanProtocol;Marvell VLAN Protocol; C:\Windows\system32\DRIVERS\yk60x64v.sys []
S3 ULCDRHlp;ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE []
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-08-15 86016]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2008-03-12 417792]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-01-27 73728]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2007-10-25 103744]
R2 McShield;McAfee McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [2008-10-06 154432]
R2 McTaskManager;McAfee Task Manager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2008-10-06 54608]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2008-12-02 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-06-18 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-06-28 189288]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [2007-06-05 177704]
R2 yksvc;Marvell Yukon Service; ykx64mpcoinst,serviceStartProc []
R3 iPod Service;iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [2009-06-05 541992]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-12-12 537896]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2009-02-27 79360]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-06-16 316664]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-06-08 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-06-08 170480]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-30 89920]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 fsssvc;Windows Live Family Safety; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-19 19968]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-06-08 1108464]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
S4 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-04-09 731840]

-----------------EOF-----------------


Here is the INFO File from RSIT

info.txt logfile of random's system information tool 1.06 2009-06-29 10:48:55

======Uninstall list======

-->"C:\Program Files (x86)\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files (x86)\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files (x86)\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files (x86)\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files (x86)\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files (x86)\Creative Installation Information\SBCONTROL64\Setup.exe" /remove /l0x0009
-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files (x86)\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3A01623A-4502-478E-9074-1DFD1DAB78EB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DCCC08BD-FC52-4AEB-ACF8-6A5C06550468}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DCCC08BD-FC52-4AEB-ACF8-6A5C06550468}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9 /remove
3DMark Vantage-->C:\Program Files (x86)\InstallShield Installation Information\{C40C3C3D-97CF-44B5-836C-766E374464B3}\setup.exe -runfromtemp -l0x0009 -removeonly
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11.5-->C:\Windows\system32\Adobe\uninstaller.exe
AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AI Direct Link-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C312984C-E386-4C2D-B33E-7B54355FB16E}\Setup.exe" -l0x9
AI Suite-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\Setup.exe" -l0x9
Alien Shooter Demo-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/33140
AntiCrash 3.6.1-->"C:\Program Files (x86)\Dachshund Software\AntiCrash\Uninstall.exe" "C:\Program Files (x86)\Dachshund Software\AntiCrash\install.log"
AnyDVD-->"C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files (x86)\SlySoft\AnyDVD"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assassin's Creed-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/15100
ASUSUpdate-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
ATI Catalyst Registration-->MsiExec.exe /X{72736F5F-520D-472A-88CC-7B02872FD34E}
Battlecraft 1942-->C:\Windows\iun6002.exe "C:\Program Files (x86)\EA GAMES\Battlecraft 1942\irunin.ini"
Battlecraft Vietnam-->C:\Windows\iun6002.exe "C:\Program Files (x86)\EA GAMES\Battlecraft Vietnam\irunin.ini"
Battlefield 1942: Secret Weapons of WWII-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}\setup.exe" -l0x9
Battlefield 1942: The Road To Rome-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}\setup.exe" -l0x9
Battlefield 1942-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\Setup.exe" -l0x9
Battlefield Heroes-->"C:\Program Files (x86)\EA Games\Battlefield Heroes\uninstaller.exe" "C:\Program Files (x86)\EA Games\Battlefield Heroes\Uninstall.xml"
Battlefield Mod Development Toolkit 2.0 Beta-->C:\Windows\iun6002.exe "C:\Program Files\EA GAMES\Battlefield Mod Development Toolkit\MDT.ini"
Battlefield Vietnam™-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E35B3C63-E958-4E31-A178-95D22024109A}\setup.exe" -l0x9
Battlefield Vietnam: WW2 Mod-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F989306B-9287-444F-AE73-E30C7E4AF0F5}\setup.exe" -l0x9
Battleforge Demo-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/24770
Bioshock-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/7670
BlackBerry Desktop Software 4.6-->MsiExec.exe /I{7CB1E63B-C999-4D17-8133-E138F41D9ECF}
BlackBerry Desktop Software 4.6-->MsiExec.exe /i{7CB1E63B-C999-4D17-8133-E138F41D9ECF}
Call of Duty® 4 - Modern Warfare™ 1.2 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.3 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.4 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch-->C:\Program Files (x86)\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.6 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.7 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™-->C:\Program Files (x86)\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"C:\Program Files (x86)\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CleanUp!-->C:\Program Files (x86)\CleanUp!\uninstall.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Corel MediaOne-->MsiExec.exe /I{A062A15F-9CAC-4B88-98DF-87628A0BD721}
Creative ALchemy (X-Fi MB Edition)-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3A01623A-4502-478E-9074-1DFD1DAB78EB}\setup.exe" -l0x9 /remove
Creative MediaSource 5-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\setup.exe" -l0x9 /remove
Crysis Warhead-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/17330
Dead Space™-->MsiExec.exe /X{4D87DC92-C328-46EC-A7B4-9C88129DC696}
Defraggler (remove only)-->"C:\Program Files (x86)\Defraggler\uninst.exe"
DesertCombat 0.7-->C:\Windows\iun6002.exe "C:\Program Files (x86)\EA GAMES\Battlefield 1942\DesertCombat.ini"
Download Manager 2.3.9-->C:\Program Files (x86)\Download Manager\uninst.exe
Driver Sweeper 1.5.5-->"C:\Program Files (x86)\Driver Sweeper\unins000.exe"
DVD Shrink 3.2-->"C:\Program Files (x86)\DVD Shrink\unins000.exe"
F.E.A.R. 2: Project Origin-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/16450
Fallout 3-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly
Far Cry 2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/19900
Forgotten Honor-->"C:\Program Files (x86)\EA GAMES\Battlefield 1942\Mods\fhtmod\unins000.exe"
Forgotten Hope 0.70-->C:\Program Files (x86)\EA GAMES\Battlefield 1942\Mods\FH\uninst.exe
Foxit Reader-->C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe
FriendFinder Messenger v4.1-->MsiExec.exe /I{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}
FrostWire 4.18.0-->C:\Program Files (x86)\FrostWire\Uninstall.exe
Futuremark SystemInfo-->C:\Program Files (x86)\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe -runfromtemp -l0x0009 -removeonly
G15_TeamSpeak (NSIS)-->"C:\Program Files (x86)\Schmads Inc\G15_TeamSpeak\uninstall.exe"
Half-Life 2: Episode One-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/420
Half-Life 2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/220
Half-Life-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/70
Hare 1.5.1-->"C:\Program Files (x86)\Dachshund Software\Hare\Uninstall.exe" "C:\Program Files (x86)\Dachshund Software\Hare\install.log"
HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
Left 4 Dead-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/500
LightScribe System Software-->MsiExec.exe /X{4A9849CA-E11C-4F24-8BB1-97C717A1C898}
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->C:\Program Files (x86)\Marvell\Miniport Driver\Uninst.exe
Marvell Network Configuration Utility-->MsiExec.exe /X{7A351AAA-E651-41B1-89B6-972A676FF78B}
McAfee VirusScan Enterprise-->MsiExec.exe /X{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Office 2003 Resource Kit-->MsiExec.exe /I{90240409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Converter Pack-->MsiExec.exe /X{6EECB283-E65F-40EF-86D3-D51BF02A8D43}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mirar-->mshta.exe http://remove.getmirar.com/
Mozilla Firefox (3.0.11)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MySpaceIM-->C:\Program Files (x86)\MySpace\IM\Uninstall.exe
Nero 8-->MsiExec.exe /X{1CA7ACD6-B21B-4240-AA05-4FC55F6E1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NGists G15/TeamSpeak Display-->MsiExec.exe /X{07C903D3-2996-4683-9B49-7839207148CA}
OpenAL-->"C:\Program Files (x86)\OpenAL\oalinst.exe" /U
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
PC Probe II-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
PunkBuster for Battlefield 1942-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{127B684B-A002-44C8-99A7-6CF8F1E26873}\setup.exe" -l0x9
PunkBuster for Battlefield Vietnam-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}\setup.exe" -l0x9
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio Media Manager-->MsiExec.exe /X{F6377647-81AF-41C0-BC7E-06CF37E204AB}
Shellshock 2-->C:\Program Files (x86)\Eidos\Shellshock 2\uninstall.exe
SiN 1-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/1313
Sound Blaster X-Fi MB-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3A94E148-9C8B-4FE9-99DD-93072F99BE20}\setup.exe" -l0x9 /remove
SoundMAX-->C:\Program Files (x86)\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly
SpeedFan (remove only)-->"C:\Program Files (x86)\SpeedFan\uninstall.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamSpeak 2 RC2-->"C:\Program Files (x86)\Teamspeak2_RC2\unins000.exe"
The Chronicles of Riddick - Assault on Dark Athena-->C:\Program Files (x86)\InstallShield Installation Information\{12C85315-0989-4C28-8956-33458F464DD6}\Setup.exe -runfromtemp -l0x0009 -removeonly
TurboV-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A31951C5-DCD8-4DFE-A525-CFC701F54792}\setup.exe" -l0x9
TweakIt-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{922A36F5-6663-45C0-A515-B63C4E585195}\setup.exe" -l0x9
UberSoldier-->C:\Program Files (x86)\UberSoldier\Uninstall\uninstall.exe /C "/U:C:\Program Files (x86)\UberSoldier\Uninstall\uninstall.xml"
Ulead Burn.Now 4.5 SE-->C:\Program Files (x86)\InstallShield Installation Information\{A3BE3F1E-2472-4211-8735-E8239BE49D9F}\setup.exe -runfromtemp -l0x0409
Unreal Tournament 3-->MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
Virtual Cable Tester-->MsiExec.exe /X{3D654496-9C3D-4565-858C-3E551ECDA4E2}
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Winmx Community 1-->C:\Program Files (x86)\Winmx\Remove1.exe
WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Yahoo! Messenger-->C:\PROGRA~2\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~2\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: McAfee VirusScan Enterprise
AS: Windows Defender

======System event log======

Computer Name: Frank-PC
Event Code: 4386
Message: Windows Servicing required reboot to complete the process of changing update 948609-588_neutral_GDR from package KB948609(Update) into Staging(Staging) state
Record Number: 12277
Source Name: Microsoft-Windows-Servicing
Time Written: 20090227004018.000000-000
Event Type: Warning
User: Frank-PC\Frank

Computer Name: Frank-PC
Event Code: 4386
Message: Windows Servicing required reboot to complete the process of changing update 948609-587_neutral_LDR from package KB948609(Update) into Staging(Staging) state
Record Number: 12276
Source Name: Microsoft-Windows-Servicing
Time Written: 20090227004018.000000-000
Event Type: Warning
User: Frank-PC\Frank

Computer Name: Frank-PC
Event Code: 4386
Message: Windows Servicing required reboot to complete the process of changing update 948609-586_neutral_GDR from package KB948609(Update) into Staging(Staging) state
Record Number: 12275
Source Name: Microsoft-Windows-Servicing
Time Written: 20090227004018.000000-000
Event Type: Warning
User: Frank-PC\Frank

Computer Name: Frank-PC
Event Code: 4386
Message: Windows Servicing required reboot to complete the process of changing update 948609-585_neutral_LDR from package KB948609(Update) into Staging(Staging) state
Record Number: 12274
Source Name: Microsoft-Windows-Servicing
Time Written: 20090227004018.000000-000
Event Type: Warning
User: Frank-PC\Frank

Computer Name: Frank-PC
Event Code: 4386
Message: Windows Servicing required reboot to complete the process of changing update 948609-584_neutral_GDR from package KB948609(Update) into Staging(Staging) state
Record Number: 12273
Source Name: Microsoft-Windows-Servicing
Time Written: 20090227004018.000000-000
Event Type: Warning
User: Frank-PC\Frank

=====Application event log=====

Computer Name: Frank-PC
Event Code: 8193
Message: Failed to create restore point on volume (Process = C:\PROGRA~2\COMMON~1\INSTAL~1\Engine\6\INTEL3~1\IKernel.exe -Embedding; Descripton = Installed TurboV; Hr = 0x81000101).
Record Number: 163
Source Name: System Restore
Time Written: 20090226230855.000000-000
Event Type: Error
User:

Computer Name: Frank-PC
Event Code: 8193
Message: Failed to create restore point on volume (Process = C:\PROGRA~2\COMMON~1\INSTAL~1\Engine\6\INTEL3~1\IKernel.exe -Embedding; Descripton = Installed AI Suite; Hr = 0x81000101).
Record Number: 143
Source Name: System Restore
Time Written: 20090226225630.000000-000
Event Type: Error
User:

Computer Name: Frank-PC
Event Code: 8193
Message: Failed to create restore point on volume (Process = C:\PROGRA~2\COMMON~1\INSTAL~1\Engine\6\INTEL3~1\IKernel.exe -Embedding; Descripton = Installed ASUSUpdate; Hr = 0x81000101).
Record Number: 136
Source Name: System Restore
Time Written: 20090226225355.000000-000
Event Type: Error
User:

Computer Name: Frank-PC
Event Code: 63
Message: A provider, WmiPerfClass, has been registered in the Windows Management Instrumentation namespace root\cimv2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 70
Source Name: Microsoft-Windows-WMI
Time Written: 20090226222207.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Frank-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 26
Source Name: Microsoft-Windows-Search
Time Written: 20090226221818.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: 26L2233A1-13
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x7c456
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090227010622.934451-000
Event Type: Audit Success
User:

Computer Name: 26L2233A1-13
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090227010622.014045-000
Event Type: Audit Success
User:

Computer Name: 26L2233A1-13
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090227010621.998445-000
Event Type: Audit Success
User:

Computer Name: 26L2233A1-13
Event Code: 4647
Message: User initiated logoff:

Subject:
Security ID: S-1-5-21-3991871189-2232181320-2112149827-500
Account Name: Administrator
Account Domain: 26L2233A1-13
Logon ID: 0x92456

This event is generated when a logoff is initiated but the token reference count is not zero and the logon session cannot be destroyed. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20061102160004.159800-000
Event Type: Audit Success
User:

Computer Name: 26L2233A1-13
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1f471

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20061102160003.192600-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 26 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=1a04
"NUMBER_OF_PROCESSORS"=8
"VSEDEFLOGDIR"=C:\ProgramData\McAfee\DesktopProtection
"DEFLOGDIR"=C:\ProgramData\McAfee\DesktopProtection
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

MBAM Log

Malwarebytes' Anti-Malware 1.38
Database version: 2350
Windows 6.0.6002 Service Pack 2

6/29/2009 11:56:20
mbam-log-2009-06-29 (11-56-20).txt

Scan type: Full Scan (C:\|)
Objects scanned: 286565
Time elapsed: 1 hour(s), 1 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks,

Frank

All three files are attached as well as pasted.

Attached Files



#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:58 AM

Posted 29 June 2009 - 12:31 PM

Hi Frank,

First thing we should do is to remove the tools that you have collected. We may use some of these but if we do we will freshly install them.

Delete ComboFix and Clean Up
Click Start > Run and type combofix /u click OK (Note the space between combofix and /u)
Posted Image
Please advise if this step is missed for any reason as it performs some important actions.


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Next

We need to create an OTL Report
  • Please download OTL from the mirror:
    [http://oldtimer.geekstogo.com/OTL.exe]This is THE Mirror[/url]
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
OTListIt.txt <-- Will be opened
Extra.txt <-- Will be minimized
Then

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop, please rename it as gamer.exe.
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#10 Frank Vasquez

Frank Vasquez
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 29 June 2009 - 01:44 PM

I downloaded OTC and ran it - it is asking for reboot, which I will do - could not run Combofix - I am running Vista 64 and says incompatible

I will run rest when reboot

#11 Frank Vasquez

Frank Vasquez
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 29 June 2009 - 02:13 PM

Rebooted and ran OTL, but I got an error as it was running:

"Access violation at address 00310033. Write of address 0B0586C8."

No Extra report, but it did give OLT Report:

The report was too long, so I attached it.

#12 Frank Vasquez

Frank Vasquez
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 29 June 2009 - 02:36 PM

I ran the GMER as gamer.exe, and it say NO modifications have been made - log was empty.

#13 Frank Vasquez

Frank Vasquez
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 29 June 2009 - 02:48 PM

I ran OTL again, and here is the screen cap of the error - a little different this time:

Posted Image

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:58 AM

Posted 29 June 2009 - 04:07 PM

Hello Frank Vasquez,

To avoid confusion and for the sake of continuity, I have merged your new topic to your previously existing topic which I have reopened.

Note: If you know that you will be unable to post for a while, please notify your helper ahead of time so he knows what's going on. :)

Back to you m0le,

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:58 AM

Posted 29 June 2009 - 04:22 PM

No Extra report, but it did give OLT Report:

The report was too long, so I attached it.


Hi Frank,

You haven't attached the OTL report.

Also, I didn't ask you to run Combofix but to delete it. It is showing in your RSIT log. Please run the uninstall.

The logs so far are showing no rootkits or recognisable trojans.

Can you give me a bit more detail about the kind of symptoms you are experiencing on the PC.

If the OTL scan didn't work then we'll try a different scanner. Let's see if that runs.


Please download OTS and save it to your desktop:
- Double click Posted Image and run
If you are running on Vista then right-click the program and choose Run as Administrator.


- Please check Posted Image & Posted Image
- Next press
Posted Image
- When the scan is complete Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
- Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit)
- The log will be located in the OTS folder and named OTS.txt.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users