Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scandal.exe


  • This topic is locked This topic is locked
14 replies to this topic

#1 Pobb

Pobb

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 22 June 2009 - 01:01 AM

I inserted a Flash drive into my laptop and there was a folder called Scandal. Since then I've not been able to save documents or open programs etc properly and it had set the default IE homepage to some porn site (which wouldn't bother me but I can't even access it; damn proxies!). I found the scandal folder in my C:\windows\system folder and deleted it through dos and fixed the IE thing but still can't access c: or programs - I get a message saying this operation has been cancelled due to restrictions in effect on this computer. Any ideas? Also, the BleepingComputer guide says to attach the other .txt file but there is no browse button below :)

*edit* NOW the upload option is there... :thumbup2:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Piers1 at 9:24:55.00 on 22/06/2009
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1014.71 [GMT 4:00]

AV: avast! antivirus 4.8.1335 [VPS 090621-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\xampp\mysql\bin\mysqld.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Piers1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Documents and Settings\Piers1\Desktop\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\IE8-WindowsXP-x86-ENU.exe
c:\26f5d3b34a47d931867701150c0567\update\iesetup.exe
C:\Documents and Settings\Piers1\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 127.0.0.1:8081
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\documents and settings\piers1\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdanyw~1.lnk - c:\windows\installer\{649c4b1a-6a76-499a-9aec-0c9530fa7d2c}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: NoViewOnDrive = 4 (0x4)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
TCP: {3CE799C8-A65B-4390-A42D-1300AD30114E} = 10.11.192.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\piers1\applic~1\mozilla\firefox\profiles\i42fbsnf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\piers1\application data\mozilla\firefox\profiles\i42fbsnf.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\piers1\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\piers1\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.133.37\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-21 114768]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2008-12-10 24636]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-21 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-21 138680]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-6-1 331312]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-3-12 1221864]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-4-18 102400]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [2009-4-10 33840]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090619.004\naveng.sys [2009-6-19 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090619.004\navex15.sys [2009-6-19 876144]
S2 gupdate1c98757411a9d1c;Google Update Service (gupdate1c98757411a9d1c);c:\program files\google\update\GoogleUpdate.exe [2009-2-5 133104]
S2 vvdsvc;VJVodServices;c:\windows\system32\svchost.exe -k vvdsvc [2004-8-4 14336]
S3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-3 29744]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\HssTrayService.exe [2009-6-1 34352]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-3-12 169192]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-7-26 11520]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

2009-06-22 09:23 <DIR> --d----- C:\26f5d3b34a47d931867701150c0567
2009-06-22 00:32 <DIR> --d----- c:\docume~1\piers1\applic~1\Malwarebytes
2009-06-22 00:32 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-22 00:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-22 00:32 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-22 00:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-21 16:32 <DIR> --d----- C:\cmdcons
2009-06-21 16:30 161,792 a------- c:\windows\SWREG.exe
2009-06-21 16:30 155,136 a------- c:\windows\PEV.exe
2009-06-21 16:30 98,816 a------- c:\windows\sed.exe
2009-06-21 14:54 <DIR> --d----- c:\documents and settings\piers1\.housecall6.6
2009-06-21 14:16 <DIR> --d----- c:\docume~1\piers1\applic~1\Flock
2009-06-21 14:12 <DIR> --d----- c:\program files\Flock
2009-06-19 09:27 8,704 a------- c:\windows\system32\SpOrder.dll
2009-06-19 08:57 62 a------- c:\windows\MyProg.ini
2009-06-11 09:17 <DIR> --d----- c:\program files\RocketDock
2009-06-08 15:50 140,288 a------- c:\windows\system32\COMDLG32.OCX
2009-06-08 15:50 598,288 -------- c:\windows\system32\OLEAe6d3.rra
2009-06-08 15:50 722,192 a------- c:\windows\system32\Vb40032.dll
2009-06-08 15:50 209,192 a------- c:\windows\system32\TABCTL32.OCX
2009-06-08 15:50 89,360 a------- c:\windows\system32\VB5DB.DLL
2009-06-08 15:49 <DIR> --d----- c:\program files\CVision
2009-06-03 23:22 <DIR> --d----- c:\windows\IUConnect
2009-06-03 23:21 96,256 a------- c:\windows\system32\SMACKW32.DLL
2009-06-03 21:52 0 a------- c:\windows\SETUP32.INI
2009-06-02 23:01 33,857 a------- C:\leon2.jpg
2009-06-01 20:14 <DIR> --d----- C:\Hotspot Shield
2009-05-27 18:28 <DIR> --d----- C:\xampp

==================== Find3M ====================

2009-06-01 20:03 215,860 a---h--- c:\windows\system32\mlfcache.dat
2009-05-20 23:54 33,840 a------- c:\windows\system32\drivers\hssdrv.sys
2009-04-09 10:25 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-19 08:50 258 a------- c:\docume~1\piers1\applic~1\wklnhst.dat
2006-07-14 07:49 22 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 9:32:24.68 ===============

Attached Files


Edited by Pobb, 22 June 2009 - 01:02 AM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 PM

Posted 26 June 2009 - 09:38 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Pobb

Pobb
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 27 June 2009 - 04:07 AM

Thanks for replying :thumbup2:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Piers1 at 12:59:39.50 on 27/06/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1014.309 [GMT 4:00]

AV: avast! antivirus 4.8.1335 [VPS 090626-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\xampp\mysql\bin\mysqld.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Piers1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Piers1\Desktop\dds(2).scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 127.0.0.1:8081
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\documents and settings\piers1\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdanyw~1.lnk - c:\windows\installer\{649c4b1a-6a76-499a-9aec-0c9530fa7d2c}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: NoViewOnDrive = 4 (0x4)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
TCP: {3CE799C8-A65B-4390-A42D-1300AD30114E} = 10.1.240.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\piers1\applic~1\mozilla\firefox\profiles\i42fbsnf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.ftp - 86.20.198.207
FF - prefs.js: network.proxy.ftp_port - 7212
FF - prefs.js: network.proxy.gopher - 86.20.198.207
FF - prefs.js: network.proxy.gopher_port - 7212
FF - prefs.js: network.proxy.http - 86.20.198.207
FF - prefs.js: network.proxy.http_port - 7212
FF - prefs.js: network.proxy.socks - 86.20.198.207
FF - prefs.js: network.proxy.socks_port - 7212
FF - prefs.js: network.proxy.ssl - 86.20.198.207
FF - prefs.js: network.proxy.ssl_port - 7212
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\piers1\application data\mozilla\firefox\profiles\i42fbsnf.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\piers1\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\piers1\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.133.37\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-21 114768]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2008-12-10 24636]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-21 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-21 138680]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-6-1 331312]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-3-12 1221864]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-4-18 102400]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [2009-4-10 33840]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090626.016\naveng.sys [2009-6-27 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090626.016\navex15.sys [2009-6-27 876144]
S2 gupdate1c98757411a9d1c;Google Update Service (gupdate1c98757411a9d1c);c:\program files\google\update\GoogleUpdate.exe [2009-2-5 133104]
S2 vvdsvc;VJVodServices;c:\windows\system32\svchost.exe -k vvdsvc [2004-8-4 14336]
S3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-3 29744]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\HssTrayService.exe [2009-6-1 34352]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-3-12 169192]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-7-26 11520]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

2009-06-23 02:26 <DIR> --dsh--- c:\documents and settings\piers1\IECompatCache
2009-06-22 10:33 <DIR> --dsh--- c:\documents and settings\piers1\IETldCache
2009-06-22 10:24 <DIR> -cd-h--- c:\windows\ie8
2009-06-22 10:16 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-22 10:16 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-06-22 10:16 1,985,024 -------- c:\windows\system32\dllcache\iertutil.dll
2009-06-22 10:16 11,064,832 -------- c:\windows\system32\dllcache\ieframe.dll
2009-06-22 10:15 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-06-22 00:32 <DIR> --d----- c:\docume~1\piers1\applic~1\Malwarebytes
2009-06-22 00:32 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-22 00:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-22 00:32 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-22 00:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-21 16:32 <DIR> --d----- C:\cmdcons
2009-06-21 16:30 161,792 a------- c:\windows\SWREG.exe
2009-06-21 16:30 155,136 a------- c:\windows\PEV.exe
2009-06-21 16:30 98,816 a------- c:\windows\sed.exe
2009-06-21 14:54 <DIR> --d----- c:\documents and settings\piers1\.housecall6.6
2009-06-21 14:16 <DIR> --d----- c:\docume~1\piers1\applic~1\Flock
2009-06-21 14:12 <DIR> --d----- c:\program files\Flock
2009-06-19 09:27 8,704 a------- c:\windows\system32\SpOrder.dll
2009-06-19 08:57 62 a------- c:\windows\MyProg.ini
2009-06-11 09:17 <DIR> --d----- c:\program files\RocketDock
2009-06-08 15:50 140,288 a------- c:\windows\system32\COMDLG32.OCX
2009-06-08 15:50 598,288 -------- c:\windows\system32\OLEAe6d3.rra
2009-06-08 15:50 722,192 a------- c:\windows\system32\Vb40032.dll
2009-06-08 15:50 209,192 a------- c:\windows\system32\TABCTL32.OCX
2009-06-08 15:50 89,360 a------- c:\windows\system32\VB5DB.DLL
2009-06-08 15:49 <DIR> --d----- c:\program files\CVision
2009-06-03 23:22 <DIR> --d----- c:\windows\IUConnect
2009-06-03 23:21 96,256 a------- c:\windows\system32\SMACKW32.DLL
2009-06-03 21:52 0 a------- c:\windows\SETUP32.INI
2009-06-02 23:01 33,857 a------- C:\leon2.jpg
2009-06-01 20:14 <DIR> --d----- C:\Hotspot Shield

==================== Find3M ====================

2009-06-01 20:03 215,860 a---h--- c:\windows\system32\mlfcache.dat
2009-05-20 23:54 33,840 a------- c:\windows\system32\drivers\hssdrv.sys
2009-05-13 09:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 09:15 5,936,128 -------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 09:15 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-05-07 19:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-07 19:44 344,064 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-01 01:22 1,207,808 -------- c:\windows\system32\dllcache\urlmon.dll
2009-05-01 01:22 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-05-01 01:22 385,536 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 15:21 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-17 13:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-17 13:58 1,846,656 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 19:11 584,192 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 19:11 584,192 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-04-09 10:25 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-19 08:50 258 a------- c:\docume~1\piers1\applic~1\wklnhst.dat
2006-07-14 07:49 22 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 13:03:55.82 ===============

Edited by Pobb, 27 June 2009 - 04:10 AM.


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 PM

Posted 28 June 2009 - 02:40 PM

Hi Pobb-

No worries about the multiple posts, but thanks for clearing them out! Sorry for the delay...was away this weekend with limited internet access.

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case BitComet). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care.



I've looked over your logs and we need to get some more information for this type of infection, so we'll run two other scanners. Please let me know if you can't get these to run.

Step 1. Run RSIT scan.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Step 2. Run Kapersky online scan.
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

In your reply, please post both RSIT logs and the Kapersky log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 Pobb

Pobb
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 28 June 2009 - 11:50 PM

Hi there etavares, below is the info.txt:

info.txt logfile of random's system information tool 1.06 2009-06-29 08:43:34

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{D92B72E2-C854-4738-8ED6-4C3661CC17AE}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3-->MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->C:\Program Files\Common Files\Adobe\Installers\2a10c9ba9b74a6a4a29b2f04d8a5e8f\Setup.exe
Adobe Illustrator CS3-->MsiExec.exe /I{CDC317B4-FCA3-4114-B825-FD23094C6AF8}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Setup-->MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Setup-->MsiExec.exe /I{F70510E1-0E00-4CF8-A4D2-E2866928297F}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Agere Systems AC'97 Modem-->agrsmdel
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Panorama Maker 4 Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06FE635A-BE8C-4208-91A9-FB6E641A4F52}\Setup.exe" -l0x9
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Axure RP Pro 5.5-->"C:\Documents and Settings\All Users\Application Data\{E4DB4006-B508-4A62-8107-293DCE366AF3}\AxureRP.exe" REMOVE=TRUE MODIFY=FALSE
Axure RP Pro 5.5-->C:\Documents and Settings\All Users\Application Data\{E4DB4006-B508-4A62-8107-293DCE366AF3}\AxureRP.exe
BitComet 1.03-->C:\Program Files\BitComet\uninst.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Celestron's TheSky (Remove only)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6E84D0-AA30-11D1-A245-00A024C41DAA}\setup.exe" -uninst
Chronometer 1.0.4-->"C:\Program Files\Chronometer 1.0.4\unins000.exe"
CVista PdfCompressor DeskTop 2.1 - Evaluation Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836570D5-B3B8-11D7-818D-0050DAC6D80D}\Setup.exe" -l0x9 -uninst
DVD slideshow GUI 0.9.1.0-->"C:\Program Files\DVD slideshow GUI\unins000.exe"
FlashGet 1.9.0.1012-->C:\Program Files\FlashGet\uninst.exe
Flock (2.5)-->C:\Program Files\Flock\uninstall\helper.exe
Football Manager 2009-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10540
FootyOnline.tv-->C:\Program Files\FootyOnline.tv\Uninstal.exe
Foxit PDF Preview Handler for XP-->MsiExec.exe /I{833CF9E6-42DD-46EB-BC96-50A88FFC7A61}
FreeMind-->"C:\Program Files\FreeMind\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Talk Plugin-->MsiExec.exe /I{5012BC0C-7E1A-329A-8F02-B6846070C5F8}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hamachi 1.0.2.5-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Documents and Settings\Piers1\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB896256)-->"C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800)-->"C:\WINDOWS\$NtUninstallKB915800$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotspot Shield 1.17-->C:\Program Files\Hotspot Shield\Uninstall.exe
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP QuickPlay 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides--System Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 B3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
HP_User_Guides_0005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{29F3E29B-4B0F-4485-9A48-1A48F3F47247}\setup.exe" -l0x9 -removeonly
iDump (Backing up your iPod)-->C:\Program Files\iDump\uninstall.exe
IKEA Home Planner-->C:\WINDOWS\unvise32.exe C:\Program Files\IKEA Home Planner\IKEA Home Planner uninstal.log
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
iTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Learn To Speak English 9.0-->C:\WINDOWS\IUConnect\LTSE3744DE\IUCHECK.EXE
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LiveUpdate 2.0 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Magic ISO Maker v5.5 (build 0276)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Accounting 2008 PayPal Addin-->MsiExec.exe /X{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}
Microsoft Office Accounting 2008-->"C:\Program Files\Microsoft Small Business\Office Accounting 2008\SetupBootstrap\Setup.exe" /remove {BE40D474-9F3F-4277-82CA-DE216C796DFF}
Microsoft Office Accounting 2008-->MsiExec.exe /X{BE40D474-9F3F-4277-82CA-DE216C796DFF}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Visio Viewer 2007-->MsiExec.exe /I{95120000-0052-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Native Client-->MsiExec.exe /I{BF251EAF-8697-4E89-BF09-C998F97BBC40}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft Visual Studio 2005 Premier Partner Edition - ENU-->MsiExec.exe /I{C25EF637-BE7A-4761-9B45-9069989C319F}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Sunbird (0.9)-->C:\Program Files\Mozilla Sunbird\uninstall\uninst.exe
Mozilla Thunderbird (2.0.0.19)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
PDF Settings-->MsiExec.exe /I{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Quick Launch Buttons 5.20 F2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Real Alternative 1.8.0-->"C:\Program Files\Real Alternative\unins000.exe"
RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"
Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Speakonia-->"C:\Program Files\CFS-Technologies\Speakonia\unins000.exe"
SPVOD Player1.8-->"C:\WINDOWS\system32\Nagasoft\Uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SQLXML4-->MsiExec.exe /I{8C62A94B-4AB6-485F-A111-93056684D340}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StuffIt Expander 2009-->MsiExec.exe /X{57DC8980-73DA-481E-AFD4-5E2D44B7F1AD}
Symantec AntiVirus-->MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.4.5.3-->C:\Program Files\TVUPlayer\uninst.exe
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
v0.1-->"C:\Program Files\Monochrome BBS\unins000.exe"
Veetle TV 0.9.14-->C:\Program Files\Veetle\UninstallVeetleTV.exe
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WD Anywhere Backup-->C:\Program Files\InstallShield Installation Information\{649C4B1A-6A76-499A-9AEC-0C9530FA7D2C}\setup.exe -runfromtemp -l0x0409
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WD Drive Manager (x86)-->MsiExec.exe /X{4F702A4B-D39C-44E6-95A2-A6C9179303DB}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Desktop Search 3.01-->"C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB884575-->C:\WINDOWS\$NtUninstallKB884575$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885464-->C:\WINDOWS\$NtUninstallKB885464$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885855-->C:\WINDOWS\$NtUninstallKB885855$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB888402-->C:\WINDOWS\$NtUninstallKB888402$\spuninst\spuninst.exe
Windows XP Hotfix - KB889673-->C:\WINDOWS\$NtUninstallKB889673$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB892559-->"C:\WINDOWS\$NtUninstallKB892559$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinSoftMEsti-->MsiExec.exe /I{E1A8653F-9771-4473-B613-E9EF37A1ECC4}
XAMPP 1.7.1-->"c:\xampp\uninstall.exe"
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Your Freedom-->"C:\Program Files\Your Freedom\uninstall.exe"

=====HijackThis Backups=====

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youporn.com [2009-06-21]
O4 - HKCU\..\Run: [YahooMessenger] C:\Windows\System\Scandals.exe [2009-06-21]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TAGA MALITA NI! [2009-06-21]

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090628-0] (disabled)

======System event log======

Computer Name: PIERS
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00166F5319A7. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 65080
Source Name: Dhcp
Time Written: 20090616202439.000000+240
Event Type: warning
User:

Computer Name: PIERS
Event Code: 1000
Message: Your computer has lost the lease to its IP address 192.168.0.100 on the
Network Card with network address 00166F5319A7.

Record Number: 65078
Source Name: Dhcp
Time Written: 20090616201314.000000+240
Event Type: error
User:

Computer Name: PIERS
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00166F5319A7. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 65077
Source Name: Dhcp
Time Written: 20090616201314.000000+240
Event Type: warning
User:

Computer Name: PIERS
Event Code: 1000
Message: Your computer has lost the lease to its IP address 192.168.0.100 on the
Network Card with network address 00166F5319A7.

Record Number: 65075
Source Name: Dhcp
Time Written: 20090616200734.000000+240
Event Type: error
User:

Computer Name: PIERS
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00166F5319A7. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 65074
Source Name: Dhcp
Time Written: 20090616200734.000000+240
Event Type: warning
User:

=====Application event log=====

Computer Name: PIERS
Event Code: 3
Message:
Record Number: 221447
Source Name: Adobe Version Cue CS3
Time Written: 20090624102039.000000+240
Event Type: error
User:

Computer Name: PIERS
Event Code: 3
Message:
Record Number: 221446
Source Name: Adobe Version Cue CS3
Time Written: 20090624102039.000000+240
Event Type: error
User:

Computer Name: PIERS
Event Code: 3
Message:
Record Number: 221445
Source Name: Adobe Version Cue CS3
Time Written: 20090624102039.000000+240
Event Type: error
User:

Computer Name: PIERS
Event Code: 3
Message:
Record Number: 221444
Source Name: Adobe Version Cue CS3
Time Written: 20090624102039.000000+240
Event Type: error
User:

Computer Name: PIERS
Event Code: 3
Message:
Record Number: 221443
Source Name: Adobe Version Cue CS3
Time Written: 20090624102039.000000+240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"lib"=C:\Program Files\SQLXML 4.0\bin\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------







And here is the log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Piers1 at 2009-06-29 08:42:05
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 13 GB (15%) free of 88 GB
Total RAM: 1014 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:43:15, on 29/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\xampp\mysql\bin\mysqld.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Piers1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Piers1\Desktop\RSIT.exe
C:\Documents and Settings\Piers1\Desktop\Piers1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8081
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Piers1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WD Anywhere Backup Launcher.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CE799C8-A65B-4390-A42D-1300AD30114E}: NameServer = 10.11.64.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98757411a9d1c) (gupdate1c98757411a9d1c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 13920 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2622300698-2743463601-4225773032-1006.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{4EC9A910-F76E-41B8-AAF6-4DABE357E80C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-26 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2009-06-12 218160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-07-19 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-07-19 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-07-19 114688]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-04-13 88209]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2005-02-08 159744]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-11-16 503808]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2005-12-12 94208]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2005-12-07 409600]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-03-29 233534]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-02-29 66680]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2004-03-12 124128]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-01 29744]
"WD Drive Manager"=C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2008-04-18 430080]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-09 148888]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-06 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"Google Update"=C:\Documents and Settings\Piers1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2008-12-17 1410296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
C:\PROGRA~1\Hp\DIGITA~1\bin\hpqthb08.exe [2005-09-24 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
C:\PROGRA~1\Microtek\SCANWI~1\SCANNE~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WD Anywhere Backup Launcher.lnk - C:\WINDOWS\Installer\{649C4B1A-6A76-499A-9AEC-0C9530FA7D2C}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-07-19 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2004-03-12 83176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoViewOnDrive"=4
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Steam\steamapps\common\football manager 2009\fm.exe"="C:\Program Files\Steam\steamapps\common\football manager 2009\fm.exe:*:Enabled:Football Manager 2009"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Piers1\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Piers1\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Piers1\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Piers1\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\xampp\apache\bin\httpd.exe"="C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - edit -
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2009-06-29 08:42:05 ----D---- C:\rsit
2009-06-27 17:30:31 ----D---- C:\Program Files\Common Files\NSV
2009-06-24 09:22:04 ----D---- C:\Program Files\Microsoft Works
2009-06-22 10:54:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-22 10:54:04 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-22 10:53:49 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-22 10:53:22 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-22 10:24:06 ----HDC---- C:\WINDOWS\ie8
2009-06-22 09:04:19 ----SHD---- C:\RECYCLER
2009-06-22 01:05:25 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-22 00:32:27 ----D---- C:\Documents and Settings\Piers1\Application Data\Malwarebytes
2009-06-22 00:32:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-22 00:32:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-22 00:12:31 ----D---- C:\WINDOWS\BDOSCAN8
2009-06-21 17:25:31 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-06-21 17:25:24 ----D---- C:\Program Files\Alwil Software
2009-06-21 17:04:22 ----A---- C:\ComboFix.txt
2009-06-21 16:32:57 ----A---- C:\Boot.bak
2009-06-21 16:32:40 ----D---- C:\cmdcons
2009-06-21 16:30:36 ----A---- C:\WINDOWS\zip.exe
2009-06-21 16:30:36 ----A---- C:\WINDOWS\SWREG.exe
2009-06-21 16:30:36 ----A---- C:\WINDOWS\sed.exe
2009-06-21 16:30:36 ----A---- C:\WINDOWS\PEV.exe
2009-06-21 16:30:36 ----A---- C:\WINDOWS\NIRCMD.exe
2009-06-21 16:30:36 ----A---- C:\WINDOWS\grep.exe
2009-06-21 16:30:35 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-06-21 16:30:35 ----A---- C:\WINDOWS\SWSC.exe
2009-06-21 16:30:24 ----D---- C:\WINDOWS\ERDNT
2009-06-21 16:30:15 ----D---- C:\Qoobox
2009-06-21 15:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-06-21 15:36:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-06-21 15:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-06-21 15:35:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-06-21 15:35:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-06-21 15:34:52 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-06-21 14:16:25 ----D---- C:\Documents and Settings\Piers1\Application Data\Flock
2009-06-21 14:12:10 ----D---- C:\Program Files\Flock
2009-06-19 09:27:11 ----A---- C:\WINDOWS\system32\SpOrder.dll
2009-06-19 08:57:52 ----A---- C:\WINDOWS\MyProg.ini
2009-06-11 09:17:41 ----D---- C:\Program Files\RocketDock
2009-06-08 15:50:21 ----A---- C:\WINDOWS\system32\Vb40032.dll
2009-06-08 15:50:16 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2009-06-08 15:49:50 ----D---- C:\Program Files\CVision
2009-06-03 23:22:05 ----D---- C:\WINDOWS\IUConnect
2009-06-03 23:21:56 ----A---- C:\WINDOWS\system32\SMACKW32.DLL
2009-06-03 21:52:05 ----A---- C:\WINDOWS\SETUP32.INI
2009-06-03 17:57:19 ----D---- C:\Program Files\Notepad++
2009-06-03 17:57:19 ----D---- C:\Documents and Settings\Piers1\Application Data\Notepad++
2009-06-01 20:14:53 ----D---- C:\Hotspot Shield

======List of files/folders modified in the last 1 months======

2009-06-29 08:40:35 ----D---- C:\WINDOWS\Temp
2009-06-29 08:34:30 ----D---- C:\Program Files\FlashGet
2009-06-29 08:19:21 ----ASH---- C:\hpqp.ini
2009-06-28 16:04:57 ----A---- C:\WINDOWS\wincmd.ini
2009-06-28 15:59:46 ----A---- C:\WINDOWS\wcx_ftp.ini
2009-06-28 14:57:13 ----SD---- C:\WINDOWS\Tasks
2009-06-28 13:31:43 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-06-28 13:07:23 ----D---- C:\Program Files\Mozilla Firefox
2009-06-27 22:26:01 ----SHD---- C:\WINDOWS\Installer
2009-06-27 17:30:31 ----D---- C:\Program Files\Common Files
2009-06-27 13:27:10 ----D---- C:\Program Files\Symantec AntiVirus
2009-06-25 15:29:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-25 08:52:37 ----D---- C:\Documents and Settings\Piers1\Application Data\Adobe
2009-06-24 09:24:28 ----HD---- C:\Config.Msi
2009-06-24 09:24:07 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-06-24 09:22:04 ----RD---- C:\Program Files
2009-06-23 19:16:10 ----HD---- C:\WINDOWS\inf
2009-06-23 09:45:12 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-23 08:49:12 ----A---- C:\XP_TV.ini
2009-06-23 08:48:20 ----D---- C:\WINDOWS
2009-06-23 08:46:20 ----D---- C:\WINDOWS\system32
2009-06-22 10:54:21 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-06-22 10:54:12 ----A---- C:\WINDOWS\imsins.BAK
2009-06-22 10:54:02 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-22 10:32:29 ----D---- C:\WINDOWS\system32\en-US
2009-06-22 10:32:24 ----D---- C:\WINDOWS\Media
2009-06-22 10:32:24 ----D---- C:\Program Files\Internet Explorer
2009-06-22 10:32:23 ----D---- C:\WINDOWS\Help
2009-06-22 10:29:57 ----D---- C:\WINDOWS\ie8updates
2009-06-22 01:22:25 ----D---- C:\WINDOWS\system
2009-06-22 00:32:21 ----D---- C:\WINDOWS\system32\drivers
2009-06-22 00:12:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-21 23:59:18 ----D---- C:\WINDOWS\system32\config
2009-06-21 23:56:00 ----D---- C:\WINDOWS\system32\Restore
2009-06-21 16:55:37 ----A---- C:\WINDOWS\system.ini
2009-06-21 16:41:12 ----D---- C:\WINDOWS\AppPatch
2009-06-21 16:32:57 ----RASH---- C:\boot.ini
2009-06-21 15:43:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-21 15:40:24 ----A---- C:\WINDOWS\win.ini
2009-06-21 15:38:16 ----D---- C:\WINDOWS\system32\wbem
2009-06-16 14:30:17 ----RSD---- C:\WINDOWS\Fonts
2009-06-12 13:16:32 ----D---- C:\Program Files\Hotspot Shield
2009-06-12 13:16:26 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-06-08 15:49:49 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-03 23:32:02 ----D---- C:\Program Files\Common Files\Macromedia
2009-06-03 23:31:56 ----D---- C:\WINDOWS\Downloaded Installations
2009-06-03 23:31:56 ----D---- C:\Program Files\Macromedia
2009-06-03 21:44:24 ----D---- C:\Program Files\MagicISO
2009-06-01 09:51:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-30 20:53:50 ----D---- C:\Program Files\TVUPlayer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-06 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-06 114768]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-28 36096]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-03-11 263616]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-06 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-06 94032]
R2 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-10-06 129280]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-04-13 1066278]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-01-31 109319]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-01-15 23848]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-07-09 25280]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HssDrv;Hotspot Shield Helper Miniport; C:\WINDOWS\system32\DRIVERS\HssDrv.sys [2009-05-20 33840]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-07-19 1049180]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090626.016\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090626.016\navex15.sys []
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-03-11 16288]
R3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2006-10-26 27136]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-10-18 3298432]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 aw8t0m56;aw8t0m56; C:\WINDOWS\system32\drivers\aw8t0m56.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-18 56648]
S3 catchme;catchme; \??\C:\DOCUME~1\Piers1\LOCALS~1\Temp\catchme.sys []
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2008-01-30 11520]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apache2.2;Apache2.2; C:\xampp\apache\bin\httpd.exe [2008-12-10 24636]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-06 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-06 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-02-29 242808]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2004-03-12 29928]
R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-06-01 94256]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2005-11-28 98304]
R2 HssSrv;Hotspot Shield Helper Service; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2009-06-01 331312]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-09 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-11-15 73728]
R2 mysql;mysql; C:\xampp\mysql\bin\mysqld.exe [2009-03-16 6562432]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2004-03-12 1221864]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-04-18 102400]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S2 gupdate1c98757411a9d1c;Google Update Service (gupdate1c98757411a9d1c); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-05 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 183280]
S2 vvdsvc;VJVodServices; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-02-29 255096]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-02-29 87160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FileZilla Server;FileZilla Server FTP server; c:\xampp\FileZillaFTP\FileZillaServer.exe [2009-03-03 691200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-04 654848]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-01 29744]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\Shared\hpqwmi.exe [2005-06-14 98304]
S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2009-06-01 34352]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-03-11 193760]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]

-----------------EOF-----------------





To be honest I dont use bitcomet very often. The virus came from a flash drive which I borrowed! I'm running the Kapersky report now and will post when complete. Cheers.

#6 Pobb

Pobb
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 29 June 2009 - 06:21 AM

jeez, that scan only took 5 hours! Here is the Kaspersky report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, June 29, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, June 29, 2009 05:36:52
Records in database: 2400340
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
H:\
Z:\

Scan statistics:
Files scanned: 143582
Threat name: 2
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 05:11:59


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03840000.VBN Infected: Trojan.Win32.Buzus.axin 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E800000.VBN Infected: Exploit.Win32.Pidief.afz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E800001.VBN Infected: Exploit.Win32.Pidief.afz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E800002.VBN Infected: Exploit.Win32.Pidief.afz 1

The selected area was scanned.

#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 PM

Posted 30 June 2009 - 09:09 AM

Hi Pobb-

Sorry about the long antivirus scan.


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Symantec Antivirus or avast! Antivirus.


We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy


Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.


Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.

* Please download erunt-setup.exe to your desktop.
* Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
* Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.



We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{C4069E3A-68F1-403E-B40E-20066696354B}"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}]
    :commands
    [EmptyTemp]
    [Reboot]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.


Now, some questions on the access issues. First, are you logged in as the administrator on the computer? e.g. Is there another account? Is there more access with that account? Is it just My Computer/folders? Can you launch programs? Can you access the control panel?


Please reply with:
  • Confirmation you removed one of the antiviruses.
  • Let me know how the FlashDisinfector went.
  • OTM log
  • GMER log
  • Fresh RSIT log.
  • Remaining symptoms...e.g., do you still have the access issue? And answers to the access issues questions I had above.
Thanks!


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 Pobb

Pobb
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 02 July 2009 - 07:56 AM

Hi Etavares,
  • Confirmation you removed one of the antiviruses. done
  • Let me know how the FlashDisinfector went. It seemed to go okay - I dont have the flash drive any more so can't check it
  • OTM log below

    All processes killed
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{C4069E3A-68F1-403E-B40E-20066696354B} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32768 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Piers1
    ->Temp folder emptied: 304554733 bytes
    ->Temporary Internet Files folder emptied: 354907586 bytes
    ->Java cache emptied: 28037977 bytes
    ->FireFox cache emptied: 58102927 bytes
    ->Google Chrome cache emptied: 51120448 bytes
    ->Apple Safari cache emptied: 193262324 bytes

    %systemdrive% .tmp files removed: 0 bytes
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\300 scheduled to be deleted on reboot.
    Windows Temp folder emptied: 698368 bytes

    RecycleBin emptied: 1045393 bytes

    Total Files Cleaned = 945.95 mb


    OTM by OldTimer - Version 3.0.0.2 log created on 07012009_104205

    Files moved on Reboot...
    File C:\WINDOWS\temp\hsperfdata_SYSTEM\300 not found!

    Registry entries deleted on Reboot...


  • GMER log below

    GMER 1.0.15.14972 - http://www.gmer.net
    Rootkit scan 2009-07-01 16:16:22
    Windows 5.1.2600 Service Pack 2


    ---- System - GMER 1.0.15 ----

    SSDT E1A31090 ZwConnectPort
    SSDT spzv.sys ZwCreateKey [0xF73BC0E0]
    SSDT spzv.sys ZwEnumerateKey [0xF73DACA2]
    SSDT spzv.sys ZwEnumerateValueKey [0xF73DB030]
    SSDT spzv.sys ZwOpenKey [0xF73BC0C0]
    SSDT spzv.sys ZwQueryKey [0xF73DB108]
    SSDT spzv.sys ZwQueryValueKey [0xF73DAF88]
    SSDT spzv.sys ZwSetValueKey [0xF73DB19A]

    INT 0x62 ? 865D9BF8
    INT 0x74 ? 863DFF00
    INT 0x84 ? 863DFF00
    INT 0xA4 ? 863DFF00

    ---- Kernel code sections - GMER 1.0.15 ----

    ? spzv.sys The system cannot find the file specified. !
    .text USBPORT.SYS!DllUnload F6DA762C 5 Bytes JMP 863DF4E0
    .text ae3i7vdy.SYS F6794384 1 Byte [20]
    .text ae3i7vdy.SYS F6794384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
    .text ae3i7vdy.SYS F67943AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
    .text ae3i7vdy.SYS F67943C4 3 Bytes [00, 00, 00]
    .text ae3i7vdy.SYS F67943C9 1 Byte [00]
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\SearchIndexer.exe[616] kernel32.dll!WriteFile 7C810D97 7 Bytes JMP 00D51B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)
    .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[5728] kernel32.dll!ExitProcess 7C81CDEA 5 Bytes JMP 05052422 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
    .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[5728] USER32.dll!MessageBoxA 7E45058A 5 Bytes JMP 050523CC C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
    .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[5728] USER32.dll!MessageBoxW 7E46630A 5 Bytes JMP 050523F7 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73BD040] spzv.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73BD13C] spzv.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73BD0BE] spzv.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73BD7FC] spzv.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73BD6D2] spzv.sys
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73CD048] spzv.sys
    IAT \SystemRoot\System32\Drivers\ae3i7vdy.SYS[HAL.dll!KfAcquireSpinLock] 0A64D90F
    IAT \SystemRoot\System32\Drivers\ae3i7vdy.SYS[HAL.dll!READ_PORT_UCHAR] 046FD406
    IAT \SystemRoot\System32\Drivers\ae3i7vdy.SYS[HAL.dll!KeGetCurrentIrql] 1672C31D
    IAT \SystemRoot\System32\Drivers\ae3i7vdy.SYS[HAL.dll!KfRaiseIrql] 1879CE14
    IAT \SystemRoot\System32\Drivers\ae3i7vdy.SYS[HAL.dll!KfLowerIrql] 3248ED2B
    IAT \SystemRoot\System32\Drivers\ae3i7vdy.SYS[HAL.dll!HalGetInterruptVector] 3C43E022
    IAT \SystemRoot\System32\Drivers\ae3i7vdy.SYS[HAL.dll!HalTranslateBusAddress] 2E5EF739
    IAT \SystemRoot\System32\Drivers\ae3i7vdy.SYS[HAL.dll!KeStallExecutionProcessor] 2055FA30
    IAT \SystemRoot\System32\Drivers\ae3i7vdy.SYS[HAL.dll!KfReleaseSpinLock] EC01B79A
    IAT \SystemRoot\System32\Drivers\ae3i7vdy.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] E20ABA93
    IAT \SystemRoot\System32\Drivers\ae3i7vdy.SYS[HAL.dll!READ_PORT_USHORT] F017AD88
    IAT \SystemRoot\System32\Drivers\ae3i7vdy.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] FE1CA081
    IAT \SystemRoot\System32\Drivers\ae3i7vdy.SYS[HAL.dll!WRITE_PORT_UCHAR] D42D83BE
    IAT \SystemRoot\System32\Drivers\ae3i7vdy.SYS[WMILIB.SYS!WmiSystemControl] C83B99AC
    IAT \SystemRoot\System32\Drivers\ae3i7vdy.SYS[WMILIB.SYS!WmiCompleteRequest] C63094A5

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 865D81F8

    AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

    Device \FileSystem\Fastfat \FatCdrom 85EAA500
    Device \Driver\NetBT \Device\NetBT_Tcpip_{20AB9EE2-5A92-4E81-909E-46434AA12E7D} 85E98500

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

    Device \Driver\usbuhci \Device\USBPDO-0 863E5500
    Device \Driver\usbuhci \Device\USBPDO-1 863E5500
    Device \Driver\sptd \Device\1222194650 spzv.sys
    Device \Driver\usbuhci \Device\USBPDO-2 863E5500
    Device \Driver\usbuhci \Device\USBPDO-3 863E5500
    Device \Driver\PCI_PNP8400 \Device\00000054 spzv.sys
    Device \Driver\usbehci \Device\USBPDO-4 863F6500

    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\NetBT \Device\NetBT_Tcpip_{38AD3E13-CF95-4543-B705-7513A8ACC1D6} 85E98500
    Device \Driver\Ftdisk \Device\HarddiskVolume1 8656C1F8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 8656C1F8
    Device \Driver\Cdrom \Device\CdRom0 863E2500
    Device \Driver\Cdrom \Device\CdRom1 863E2500
    Device \Driver\atapi \Device\Ide\IdePort0 865D91F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 865D91F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 865D91F8
    Device \Driver\Ftdisk \Device\HarddiskVolume3 8656C1F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{B26637AA-8189-4022-9FFB-4072FF47C475} 85E98500
    Device \Driver\NetBT \Device\NetBt_Wins_Export 85E98500
    Device \Driver\NetBT \Device\NetbiosSmb 85E98500

    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\usbuhci \Device\USBFDO-0 863E5500
    Device \Driver\usbuhci \Device\USBFDO-1 863E5500
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85EAD500
    Device \Driver\usbuhci \Device\USBFDO-2 863E5500
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 85EAD500
    Device \Driver\usbuhci \Device\USBFDO-3 863E5500
    Device \Driver\usbehci \Device\USBFDO-4 863F6500
    Device \Driver\Ftdisk \Device\FtControl 8656C1F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{3CE799C8-A65B-4390-A42D-1300AD30114E} 85E98500
    Device \Driver\ae3i7vdy \Device\Scsi\ae3i7vdy1Port1Path0Target0Lun0 86144500
    Device \Driver\ae3i7vdy \Device\Scsi\ae3i7vdy1 86144500
    Device \FileSystem\Fastfat \Fat 85EAA500

    AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

    Device \FileSystem\Cdfs \Cdfs 85EC8500

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 292618
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x10 0xE6 0xC0 0xEC ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x12 0x43 0x26 0x67 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9E 0x04 0x74 0xEC ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{20AB9EE2-5A92-4E81-909E-46434AA12E7D}@LeaseObtainedTime 1246431568
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{20AB9EE2-5A92-4E81-909E-46434AA12E7D}@T1 1246431695
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{20AB9EE2-5A92-4E81-909E-46434AA12E7D}@T2 1246431791
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{20AB9EE2-5A92-4E81-909E-46434AA12E7D}@LeaseTerminatesTime 1246431823
    Reg HKLM\SYSTEM\CurrentControlSet\Services\{20AB9EE2-5A92-4E81-909E-46434AA12E7D}\Parameters\Tcpip@LeaseObtainedTime 1246431568
    Reg HKLM\SYSTEM\CurrentControlSet\Services\{20AB9EE2-5A92-4E81-909E-46434AA12E7D}\Parameters\Tcpip@T1 1246431695
    Reg HKLM\SYSTEM\CurrentControlSet\Services\{20AB9EE2-5A92-4E81-909E-46434AA12E7D}\Parameters\Tcpip@T2 1246431791
    Reg HKLM\SYSTEM\CurrentControlSet\Services\{20AB9EE2-5A92-4E81-909E-46434AA12E7D}\Parameters\Tcpip@LeaseTerminatesTime 1246431823
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x10 0xE6 0xC0 0xEC ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x12 0x43 0x26 0x67 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9E 0x04 0x74 0xEC ...

    ---- EOF - GMER 1.0.15 ----


  • Fresh RSIT log. below

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Piers1 at 2009-07-02 16:55:42
    Microsoft Windows XP Home Edition Service Pack 2
    System drive C: has 16 GB (18%) free of 88 GB
    Total RAM: 1014 MB (22% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:55:46, on 02/07/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\xampp\apache\bin\httpd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\xampp\mysql\bin\mysqld.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\xampp\apache\bin\httpd.exe
    C:\Program Files\Hotspot Shield\bin\openvpntray.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Piers1\Desktop\RSIT.exe
    C:\Documents and Settings\Piers1\Desktop\Piers1.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8081
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Piers1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Global Startup: WD Anywhere Backup Launcher.lnk = ?
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3CE799C8-A65B-4390-A42D-1300AD30114E}: NameServer = 10.11.64.1
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1c98757411a9d1c) (gupdate1c98757411a9d1c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

    --
    End of file - 12673 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Google Software Updater.job
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2622300698-2743463601-4225773032-1006Core.job
    C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2622300698-2743463601-4225773032-1006UA.job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{4EC9A910-F76E-41B8-AAF6-4DABE357E80C}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
    FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
    Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-26 668656]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-09 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-09 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
    FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
    Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2009-06-12 218160]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-07-19 94208]
    "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-07-19 77824]
    "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-07-19 114688]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
    "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-04-13 88209]
    "Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2005-02-08 159744]
    "hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-11-16 503808]
    "HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
    "QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2005-12-12 94208]
    "eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2005-12-07 409600]
    "Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-03-29 233534]
    "RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
    "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-02-29 66680]
    "vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2004-03-12 124128]
    "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
    "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-01 29744]
    "WD Drive Manager"=C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2008-04-18 430080]
    "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-09 148888]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
    "Google Update"=C:\Documents and Settings\Piers1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 133104]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    c:\program files\steam\steam.exe [2008-12-17 1410296]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
    C:\PROGRA~1\Hp\DIGITA~1\bin\hpqthb08.exe [2005-09-24 73728]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
    C:\PROGRA~1\Microtek\SCANWI~1\SCANNE~1.EXE []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
    C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe []

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    WD Anywhere Backup Launcher.lnk - C:\WINDOWS\Installer\{649C4B1A-6A76-499A-9AEC-0C9530FA7D2C}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe
    Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

    C:\Documents and Settings\Piers1\Start Menu\Programs\Startup
    ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxdev.dll [2005-07-19 135168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    C:\WINDOWS\system32\NavLogon.dll [2004-03-12 83176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=36
    "NoViewOnDrive"=4
    "NoDriveAutoRun"=FFFFFFFF
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
    "C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
    "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
    "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
    "C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
    "C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
    "C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
    "C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
    "C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
    "C:\Program Files\Steam\steamapps\common\football manager 2009\fm.exe"="C:\Program Files\Steam\steamapps\common\football manager 2009\fm.exe:*:Enabled:Football Manager 2009"
    "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Documents and Settings\Piers1\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Piers1\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
    "C:\Documents and Settings\Piers1\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Piers1\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
    "C:\xampp\apache\bin\httpd.exe"="C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    ======File associations======

    .js - edit -
    .js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

    ======List of files/folders created in the last 1 months======

    2009-07-01 10:13:17 ----D---- C:\_OTM
    2009-07-01 10:10:27 ----D---- C:\Program Files\ERUNT
    2009-07-01 09:54:27 ----RASHD---- C:\autorun.inf
    2009-06-29 08:42:05 ----D---- C:\rsit
    2009-06-27 17:30:31 ----D---- C:\Program Files\Common Files\NSV
    2009-06-24 09:22:04 ----D---- C:\Program Files\Microsoft Works
    2009-06-22 10:54:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
    2009-06-22 10:54:04 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
    2009-06-22 10:53:49 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
    2009-06-22 10:53:22 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
    2009-06-22 10:24:06 ----HDC---- C:\WINDOWS\ie8
    2009-06-22 09:04:19 ----SHD---- C:\RECYCLER
    2009-06-22 01:05:25 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-06-22 00:32:27 ----D---- C:\Documents and Settings\Piers1\Application Data\Malwarebytes
    2009-06-22 00:32:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-06-22 00:32:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-06-22 00:12:31 ----D---- C:\WINDOWS\BDOSCAN8
    2009-06-21 17:25:24 ----D---- C:\Program Files\Alwil Software
    2009-06-21 17:04:22 ----A---- C:\ComboFix.txt
    2009-06-21 16:32:57 ----A---- C:\Boot.bak
    2009-06-21 16:32:40 ----D---- C:\cmdcons
    2009-06-21 16:30:36 ----A---- C:\WINDOWS\zip.exe
    2009-06-21 16:30:36 ----A---- C:\WINDOWS\SWREG.exe
    2009-06-21 16:30:36 ----A---- C:\WINDOWS\sed.exe
    2009-06-21 16:30:36 ----A---- C:\WINDOWS\PEV.exe
    2009-06-21 16:30:36 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-06-21 16:30:36 ----A---- C:\WINDOWS\grep.exe
    2009-06-21 16:30:35 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-06-21 16:30:35 ----A---- C:\WINDOWS\SWSC.exe
    2009-06-21 16:30:24 ----D---- C:\WINDOWS\ERDNT
    2009-06-21 16:30:15 ----D---- C:\Qoobox
    2009-06-21 15:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
    2009-06-21 15:36:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
    2009-06-21 15:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
    2009-06-21 15:35:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
    2009-06-21 15:35:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
    2009-06-21 15:34:52 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
    2009-06-21 14:16:25 ----D---- C:\Documents and Settings\Piers1\Application Data\Flock
    2009-06-21 14:12:10 ----D---- C:\Program Files\Flock
    2009-06-19 09:27:11 ----A---- C:\WINDOWS\system32\SpOrder.dll
    2009-06-19 08:57:52 ----A---- C:\WINDOWS\MyProg.ini
    2009-06-11 09:17:41 ----D---- C:\Program Files\RocketDock
    2009-06-08 15:50:21 ----A---- C:\WINDOWS\system32\Vb40032.dll
    2009-06-08 15:50:16 ----A---- C:\WINDOWS\system32\VB5DB.DLL
    2009-06-08 15:49:50 ----D---- C:\Program Files\CVision
    2009-06-03 23:22:05 ----D---- C:\WINDOWS\IUConnect
    2009-06-03 23:21:56 ----A---- C:\WINDOWS\system32\SMACKW32.DLL
    2009-06-03 21:52:05 ----A---- C:\WINDOWS\SETUP32.INI
    2009-06-03 17:57:19 ----D---- C:\Program Files\Notepad++
    2009-06-03 17:57:19 ----D---- C:\Documents and Settings\Piers1\Application Data\Notepad++

    ======List of files/folders modified in the last 1 months======

    2009-07-02 16:55:05 ----D---- C:\WINDOWS\Prefetch
    2009-07-02 16:39:12 ----D---- C:\Program Files\Mozilla Firefox
    2009-07-02 16:36:31 ----D---- C:\WINDOWS\Temp
    2009-07-02 13:54:17 ----A---- C:\WINDOWS\wincmd.ini
    2009-07-02 11:35:00 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-07-02 11:19:42 ----A---- C:\WINDOWS\wcx_ftp.ini
    2009-07-02 11:19:02 ----D---- C:\Documents and Settings\Piers1\Application Data\Adobe
    2009-07-02 10:29:14 ----ASH---- C:\hpqp.ini
    2009-07-01 16:59:44 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-07-01 16:34:24 ----SD---- C:\WINDOWS\Tasks
    2009-07-01 16:34:24 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
    2009-07-01 11:26:51 ----D---- C:\Program Files\Symantec AntiVirus
    2009-07-01 10:47:05 ----A---- C:\XP_TV.ini
    2009-07-01 10:42:56 ----D---- C:\WINDOWS\system32
    2009-07-01 10:42:55 ----D---- C:\WINDOWS
    2009-07-01 10:20:58 ----D---- C:\WINDOWS\system32\CatRoot_bak
    2009-07-01 10:20:58 ----D---- C:\WINDOWS\system32\CatRoot
    2009-07-01 10:20:54 ----HD---- C:\WINDOWS\inf
    2009-07-01 10:10:27 ----RD---- C:\Program Files
    2009-07-01 09:36:44 ----HD---- C:\Config.Msi
    2009-07-01 09:34:29 ----D---- C:\Program Files\FlashGet
    2009-07-01 09:30:56 ----SHD---- C:\WINDOWS\Installer
    2009-07-01 09:30:55 ----D---- C:\Documents and Settings\Piers1\Application Data\Mozilla
    2009-07-01 09:08:24 ----D---- C:\WINDOWS\system32\drivers
    2009-06-27 17:30:31 ----D---- C:\Program Files\Common Files
    2009-06-24 09:24:07 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-06-22 10:54:21 ----RSHD---- C:\WINDOWS\system32\dllcache
    2009-06-22 10:54:12 ----A---- C:\WINDOWS\imsins.BAK
    2009-06-22 10:54:02 ----HD---- C:\WINDOWS\$hf_mig$
    2009-06-22 10:32:29 ----D---- C:\WINDOWS\system32\en-US
    2009-06-22 10:32:24 ----D---- C:\WINDOWS\Media
    2009-06-22 10:32:24 ----D---- C:\Program Files\Internet Explorer
    2009-06-22 10:32:23 ----D---- C:\WINDOWS\Help
    2009-06-22 10:29:57 ----D---- C:\WINDOWS\ie8updates
    2009-06-22 01:22:25 ----D---- C:\WINDOWS\system
    2009-06-22 00:12:38 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-06-21 23:59:18 ----D---- C:\WINDOWS\system32\config
    2009-06-21 23:56:00 ----D---- C:\WINDOWS\system32\Restore
    2009-06-21 16:55:37 ----A---- C:\WINDOWS\system.ini
    2009-06-21 16:41:12 ----D---- C:\WINDOWS\AppPatch
    2009-06-21 16:32:57 ----RASH---- C:\boot.ini
    2009-06-21 15:43:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-06-21 15:40:24 ----A---- C:\WINDOWS\win.ini
    2009-06-21 15:38:16 ----D---- C:\WINDOWS\system32\wbem
    2009-06-16 14:30:17 ----RSD---- C:\WINDOWS\Fonts
    2009-06-12 13:16:32 ----D---- C:\Program Files\Hotspot Shield
    2009-06-12 13:16:26 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2009-06-08 15:49:49 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-06-03 23:32:02 ----D---- C:\Program Files\Common Files\Macromedia
    2009-06-03 23:31:56 ----D---- C:\WINDOWS\Downloaded Installations
    2009-06-03 23:31:56 ----D---- C:\Program Files\Macromedia
    2009-06-03 21:44:24 ----D---- C:\Program Files\MagicISO

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-28 36096]
    R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
    R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-03-11 263616]
    R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
    R2 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
    R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-10-06 129280]
    R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-04-13 1066278]
    R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-01-31 109319]
    R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-01-15 23848]
    R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-07-09 25280]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 HssDrv;Hotspot Shield Helper Miniport; C:\WINDOWS\system32\DRIVERS\HssDrv.sys [2009-05-20 33840]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-07-19 1049180]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090626.016\naveng.sys []
    R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090626.016\navex15.sys []
    R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
    R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
    R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
    R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
    R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-03-11 16288]
    R3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2006-10-26 27136]
    R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
    R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-10-18 3298432]
    S3 ae3i7vdy;ae3i7vdy; C:\WINDOWS\system32\drivers\ae3i7vdy.sys []
    S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
    S3 aujasnkj;aujasnkj; \??\C:\DOCUME~1\Piers1\LOCALS~1\Temp\aujasnkj.sys []
    S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-18 56648]
    S3 catchme;catchme; \??\C:\DOCUME~1\Piers1\LOCALS~1\Temp\catchme.sys []
    S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
    S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
    S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
    S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
    S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2008-01-30 11520]
    S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apache2.2;Apache2.2; C:\xampp\apache\bin\httpd.exe [2008-12-10 24636]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-02-29 242808]
    R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2004-03-12 29928]
    R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-06-01 94256]
    R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2005-11-28 98304]
    R2 HssSrv;Hotspot Shield Helper Service; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2009-06-01 331312]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-09 152984]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-11-15 73728]
    R2 mysql;mysql; C:\xampp\mysql\bin\mysqld.exe [2009-03-16 6562432]
    R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
    R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2004-03-12 1221864]
    R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
    R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-04-18 102400]
    R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
    S2 gupdate1c98757411a9d1c;Google Update Service (gupdate1c98757411a9d1c); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-05 133104]
    S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 183280]
    S2 vvdsvc;VJVodServices; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-02-29 255096]
    S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-02-29 87160]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 FileZilla Server;FileZilla Server FTP server; c:\xampp\FileZillaFTP\FileZillaServer.exe [2009-03-03 691200]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-04 654848]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-01 29744]
    S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\Shared\hpqwmi.exe [2005-06-14 98304]
    S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2009-06-01 34352]
    S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192]
    S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-03-11 193760]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]

    -----------------EOF-----------------


  • Remaining symptoms...e.g., do you still have the access issue? yep
  • First, are you logged in as the administrator on the computer? e.g. Is there another account? I'm the only user
  • Is there more access with that account? I'm the only user
  • Is it just My Computer/folders? Can access My Computer just no folders
  • Can you launch programs? yes, I can run all programs but cannot save anything anywhere but the desktop
  • Can you access the control panel? yes

Edited by Pobb, 02 July 2009 - 08:00 AM.


#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 PM

Posted 04 July 2009 - 03:12 PM

Hi Pobb-

Thanks for the information. Now, let's see if we can get access back to your drive. It may take a couple of steps.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Are you able to access C:\ now?

Thanks!


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 Pobb

Pobb
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 05 July 2009 - 10:32 AM

ComboFix 09-07-04.08 - Piers1 05/07/2009 19:13.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1014.441 [GMT 4:00]
Running from: c:\documents and settings\Piers1\Desktop\ComboFix1.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mlfcache.dat

.
((((((((((((((((((((((((( Files Created from 2009-06-05 to 2009-07-05 )))))))))))))))))))))))))))))))
.

2009-07-05 15:06 . 2009-07-05 15:10 -------- d-s---w- C:\ComboFix
2009-07-03 13:18 . 2009-06-19 09:03 2797468 ----a-w- c:\documents and settings\Piers1\Application Data\Mozilla\Firefox\Profiles\i42fbsnf.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
2009-07-01 12:27 . 2009-07-01 12:27 -------- d-sh--w- c:\documents and settings\Piers1\UserData
2009-07-01 06:13 . 2009-07-01 06:13 -------- d-----w- C:\_OTM
2009-07-01 06:10 . 2009-07-01 06:10 -------- d-----w- c:\program files\ERUNT
2009-07-01 05:45 . 2009-05-04 11:07 2298680 ----a-w- c:\documents and settings\Piers1\Application Data\Mozilla\Firefox\Profiles\i42fbsnf.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-07-01 05:45 . 2008-03-04 14:52 286720 ----a-w- c:\documents and settings\Piers1\Application Data\Mozilla\Firefox\Profiles\i42fbsnf.default\extensions\firefox@tvunetworks.com\plugins\libcurl.dll
2009-07-01 05:45 . 2007-10-31 05:39 59904 ----a-w- c:\documents and settings\Piers1\Application Data\Mozilla\Firefox\Profiles\i42fbsnf.default\extensions\firefox@tvunetworks.com\plugins\zlib1.dll
2009-07-01 05:45 . 2007-05-17 09:58 143360 ----a-w- c:\documents and settings\Piers1\Application Data\Mozilla\Firefox\Profiles\i42fbsnf.default\extensions\firefox@tvunetworks.com\plugins\libexpatw.dll
2009-07-01 05:45 . 2006-10-18 13:32 499712 ----a-w- c:\documents and settings\Piers1\Application Data\Mozilla\Firefox\Profiles\i42fbsnf.default\extensions\firefox@tvunetworks.com\plugins\msvcp71.dll
2009-07-01 05:45 . 2006-10-18 13:32 348160 ----a-w- c:\documents and settings\Piers1\Application Data\Mozilla\Firefox\Profiles\i42fbsnf.default\extensions\firefox@tvunetworks.com\plugins\msvcr71.dll
2009-07-01 05:45 . 2006-10-16 14:44 196608 ----a-w- c:\documents and settings\Piers1\Application Data\Mozilla\Firefox\Profiles\i42fbsnf.default\extensions\firefox@tvunetworks.com\plugins\ssleay32.dll
2009-07-01 05:45 . 2006-10-16 14:44 1028096 ----a-w- c:\documents and settings\Piers1\Application Data\Mozilla\Firefox\Profiles\i42fbsnf.default\extensions\firefox@tvunetworks.com\plugins\libeay32.dll
2009-07-01 05:45 . 2008-12-03 21:25 120832 ----a-w- c:\documents and settings\Piers1\Application Data\Mozilla\Firefox\Profiles\i42fbsnf.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-07-01 04:35 . 2009-07-01 04:38 -------- d-----w- c:\documents and settings\Piers1\Local Settings\Application Data\Temp
2009-06-29 04:42 . 2009-06-29 04:43 -------- d-----w- C:\rsit
2009-06-27 13:30 . 2009-06-27 13:30 -------- d-----w- c:\program files\Common Files\NSV
2009-06-24 05:22 . 2009-06-24 05:22 -------- d-----w- c:\program files\Microsoft Works
2009-06-22 22:26 . 2009-06-22 22:26 -------- d-sh--w- c:\documents and settings\Piers1\IECompatCache
2009-06-22 11:23 . 2009-06-22 11:23 239088 ----a-w- c:\documents and settings\Piers1\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-06-22 06:35 . 2009-06-22 06:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-22 06:33 . 2009-06-22 06:33 -------- d-sh--w- c:\documents and settings\Piers1\IETldCache
2009-06-22 06:24 . 2009-06-22 06:27 -------- dc-h--w- c:\windows\ie8
2009-06-22 06:16 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-22 06:16 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-22 06:16 . 2009-04-30 21:22 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-06-22 06:16 . 2009-04-30 21:22 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-06-22 06:15 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-21 20:32 . 2009-06-21 20:32 -------- d-----w- c:\documents and settings\Piers1\Application Data\Malwarebytes
2009-06-21 20:32 . 2009-06-17 07:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-21 20:32 . 2009-06-21 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-21 20:32 . 2009-06-21 20:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-21 20:32 . 2009-06-17 07:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-21 20:12 . 2009-06-21 20:14 -------- d-----w- c:\windows\BDOSCAN8
2009-06-21 19:59 . 2009-06-21 19:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-21 13:25 . 2009-06-21 13:25 -------- d-----w- c:\program files\Alwil Software
2009-06-21 10:54 . 2009-06-21 10:54 -------- d-----w- c:\documents and settings\Piers1\.housecall6.6
2009-06-21 10:16 . 2009-06-21 10:16 -------- d-----w- c:\documents and settings\Piers1\Local Settings\Application Data\Flock
2009-06-21 10:16 . 2009-06-21 10:16 -------- d-----w- c:\documents and settings\Piers1\Application Data\Flock
2009-06-21 10:12 . 2009-06-21 11:10 -------- d-----w- c:\program files\Flock
2009-06-19 05:27 . 2009-06-19 05:27 8704 ----a-w- c:\windows\system32\SpOrder.dll
2009-06-11 05:17 . 2009-06-11 05:18 -------- d-----w- c:\program files\RocketDock
2009-06-08 11:50 . 1998-06-26 04:46 722192 ----a-w- c:\windows\system32\Vb40032.dll
2009-06-08 11:50 . 1998-06-17 20:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-06-08 11:49 . 2009-06-08 11:49 -------- d-----w- c:\program files\CVision

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 15:04 . 2008-07-01 07:44 -------- d-----w- c:\program files\Symantec AntiVirus
2009-07-04 17:17 . 2009-02-05 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-03 13:18 . 2008-07-12 11:47 169936 ----a-w- c:\documents and settings\Piers1\Application Data\Mozilla\Firefox\Profiles\i42fbsnf.default\FlashGot.exe
2009-07-01 05:34 . 2008-07-02 10:33 -------- d-----w- c:\program files\FlashGet
2009-06-24 05:41 . 2008-07-01 08:22 291272 ----a-w- c:\documents and settings\Piers1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-24 05:24 . 2008-07-01 11:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-12 09:16 . 2008-07-29 14:59 -------- d-----w- c:\program files\Hotspot Shield
2009-06-08 11:49 . 2006-07-06 03:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-07 05:10 . 2009-06-03 13:57 -------- d-----w- c:\documents and settings\Piers1\Application Data\Notepad++
2009-06-03 19:32 . 2009-01-04 11:53 -------- d-----w- c:\program files\Common Files\Macromedia
2009-06-03 19:31 . 2009-01-04 11:53 -------- d-----w- c:\program files\Macromedia
2009-06-03 17:44 . 2008-07-01 10:48 -------- d-----w- c:\program files\MagicISO
2009-06-03 13:58 . 2009-06-03 13:57 -------- d-----w- c:\program files\Notepad++
2009-05-30 16:53 . 2008-07-26 15:10 -------- d-----w- c:\program files\TVUPlayer
2009-05-30 14:55 . 2009-05-30 14:54 5589408 ----a-w- c:\documents and settings\Piers1\Application Data\TVU Networks\TVU AutoUpgrade\TVUPlayer2.4.5.3.exe
2009-05-26 11:58 . 2008-07-01 13:21 -------- d-----w- c:\documents and settings\Piers1\Application Data\U3
2009-05-20 19:54 . 2009-04-10 08:57 33840 ----a-w- c:\windows\system32\drivers\hssdrv.sys
2009-05-18 12:06 . 2009-05-18 12:06 -------- d-----w- c:\program files\MSECache
2009-05-17 16:37 . 2008-07-01 09:18 -------- d-----w- c:\program files\Google
2009-05-13 05:15 . 2004-08-04 08:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:44 . 2004-08-04 08:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 09:58 . 2004-08-04 08:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-04 08:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 06:25 . 2009-04-09 05:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-09 06:15 . 2009-04-09 05:42 152576 ----a-w- c:\documents and settings\Piers1\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2008-09-01 06:47 . 2008-07-03 09:25 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-07-14 03:49 . 2008-07-01 18:11 22 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((( SnapShot@2009-06-21_12.55.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-01 06:44 . 2009-07-01 06:44 16384 c:\windows\Temp\Perflib_Perfdata_520.dat
- 2006-02-20 03:09 . 2008-06-12 07:27 26144 c:\windows\system32\spupdsvc.exe
+ 2006-02-20 03:09 . 2009-01-07 14:21 26144 c:\windows\system32\spupdsvc.exe
+ 2006-02-20 02:59 . 2009-01-07 14:20 16928 c:\windows\system32\spmsg.dll
- 2006-02-20 02:59 . 2008-06-12 07:27 16928 c:\windows\system32\spmsg.dll
+ 2004-08-04 08:00 . 2009-03-08 00:31 46592 c:\windows\system32\pngfilt.dll
+ 2006-06-29 04:05 . 2009-01-07 14:20 23552 c:\windows\system32\normaliz.dll
- 2006-06-29 04:05 . 2008-06-12 07:27 23552 c:\windows\system32\normaliz.dll
+ 2006-06-28 13:59 . 2009-01-07 14:20 24576 c:\windows\system32\nlsdl.dll
- 2006-06-28 13:59 . 2008-06-12 07:27 24576 c:\windows\system32\nlsdl.dll
- 2004-08-04 08:00 . 2008-08-21 23:05 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-04 08:00 . 2009-03-08 00:31 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-04 08:00 . 2009-03-08 00:31 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-04 08:00 . 2009-03-08 00:31 45568 c:\windows\system32\mshta.exe
- 2004-08-04 08:00 . 2008-08-21 23:04 45568 c:\windows\system32\mshta.exe
+ 2007-08-13 14:36 . 2009-03-08 00:31 13312 c:\windows\system32\msfeedssync.exe
- 2007-08-13 14:36 . 2008-08-21 23:05 13312 c:\windows\system32\msfeedssync.exe
+ 2007-08-13 14:54 . 2009-03-08 00:31 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-04 08:00 . 2008-08-21 23:08 43008 c:\windows\system32\licmgr10.dll
+ 2004-08-04 08:00 . 2009-03-08 00:34 43008 c:\windows\system32\licmgr10.dll
+ 2004-08-04 08:00 . 2009-04-30 21:22 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 08:00 . 2009-03-08 00:32 94720 c:\windows\system32\inseng.dll
- 2004-08-04 08:00 . 2008-08-21 23:06 94720 c:\windows\system32\inseng.dll
+ 2004-08-04 08:00 . 2009-03-08 00:31 34816 c:\windows\system32\imgutil.dll
+ 2007-08-13 14:39 . 2009-03-08 00:32 36864 c:\windows\system32\ieudinit.exe
- 2007-08-13 14:39 . 2008-08-21 23:06 36864 c:\windows\system32\ieudinit.exe
+ 2004-08-04 08:00 . 2009-03-08 00:32 71680 c:\windows\system32\iesetup.dll
- 2004-08-04 08:00 . 2008-08-21 23:06 71680 c:\windows\system32\iesetup.dll
+ 2004-08-04 08:00 . 2009-03-08 00:32 55808 c:\windows\system32\iernonce.dll
- 2004-08-04 08:00 . 2008-08-21 23:06 55808 c:\windows\system32\iernonce.dll
- 2006-06-29 04:05 . 2008-06-12 07:27 26112 c:\windows\system32\idndl.dll
+ 2006-06-29 04:05 . 2009-01-07 14:20 26112 c:\windows\system32\idndl.dll
+ 2007-08-13 14:36 . 2009-03-08 00:31 59904 c:\windows\system32\icardie.dll
+ 2008-04-21 07:03 . 2009-03-08 00:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2007-08-13 14:01 . 2009-03-08 00:31 48128 c:\windows\system32\dllcache\mshtmler.dll
- 2007-08-13 14:01 . 2008-08-21 23:05 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2008-04-21 07:03 . 2009-03-08 00:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-13 14:32 . 2009-03-08 00:31 45568 c:\windows\system32\dllcache\mshta.exe
- 2007-08-13 14:32 . 2008-08-21 23:04 45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-08-13 14:44 . 2009-03-08 00:34 43008 c:\windows\system32\dllcache\licmgr10.dll
- 2007-08-13 14:44 . 2008-08-21 23:08 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-04-21 07:03 . 2009-04-30 21:22 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2008-04-21 07:03 . 2008-08-21 23:06 94720 c:\windows\system32\dllcache\inseng.dll
+ 2008-04-21 07:03 . 2009-03-08 00:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2007-08-13 14:36 . 2009-03-08 00:31 34816 c:\windows\system32\dllcache\imgutil.dll
- 2007-08-13 14:39 . 2008-08-21 23:06 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-13 14:39 . 2009-03-08 00:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-13 14:39 . 2009-03-08 00:32 55808 c:\windows\system32\dllcache\iernonce.dll
- 2007-08-13 14:39 . 2008-08-21 23:06 55808 c:\windows\system32\dllcache\iernonce.dll
- 2007-08-13 14:18 . 2008-08-21 23:00 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2007-08-13 14:18 . 2009-03-08 00:24 68608 c:\windows\system32\dllcache\hmmapi.dll
- 2007-08-13 14:42 . 2008-08-21 23:07 18944 c:\windows\system32\dllcache\corpol.dll
+ 2007-08-13 14:42 . 2009-03-08 00:33 18944 c:\windows\system32\dllcache\corpol.dll
- 2007-08-13 14:39 . 2008-08-21 23:06 72704 c:\windows\system32\dllcache\admparse.dll
+ 2007-08-13 14:39 . 2009-03-08 00:32 72704 c:\windows\system32\dllcache\admparse.dll
- 2004-08-04 08:00 . 2008-08-21 23:07 18944 c:\windows\system32\corpol.dll
+ 2004-08-04 08:00 . 2009-03-08 00:33 18944 c:\windows\system32\corpol.dll
+ 2009-06-23 04:52 . 2009-06-23 04:52 78562 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
- 2008-07-04 13:25 . 2009-01-16 15:16 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-06-04 12:15 . 2009-06-04 12:15 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-06-04 11:45 . 2009-06-04 11:45 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2004-08-04 08:00 . 2009-03-08 00:32 72704 c:\windows\system32\admparse.dll
- 2004-08-04 08:00 . 2008-08-21 23:06 72704 c:\windows\system32\admparse.dll
+ 2008-07-31 16:03 . 2008-07-31 16:03 55296 c:\windows\Installer\c77dc8.msi
+ 2008-07-01 11:20 . 2008-07-01 11:20 48128 c:\windows\Installer\51f43.msi
+ 2009-06-27 18:26 . 2009-06-27 18:26 22528 c:\windows\Installer\17886438.msi
+ 2009-04-20 12:01 . 2009-04-20 12:01 86528 c:\windows\Installer\162dd847.msi
- 2008-07-01 11:26 . 2008-07-01 11:26 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-07-01 11:26 . 2009-06-24 05:23 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-07-01 11:26 . 2009-06-24 05:23 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-07-01 11:26 . 2008-07-01 11:26 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-07-01 11:26 . 2008-07-01 11:26 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-07-01 11:26 . 2009-06-24 05:23 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-06-22 06:30 . 2009-03-08 00:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll
+ 2009-06-22 06:29 . 2009-03-08 00:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll
+ 2009-06-22 06:26 . 2009-03-08 10:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2009-06-22 06:24 . 2007-08-13 14:36 44544 c:\windows\ie8\pngfilt.dll
- 2009-01-14 07:44 . 2007-08-13 14:36 44544 c:\windows\ie8\pngfilt.dll
- 2009-01-14 07:44 . 2007-08-13 14:01 48128 c:\windows\ie8\mshtmler.dll
+ 2009-06-22 06:24 . 2007-08-13 14:01 48128 c:\windows\ie8\mshtmler.dll
- 2009-01-14 07:44 . 2007-08-13 14:32 45568 c:\windows\ie8\mshta.exe
+ 2009-06-22 06:24 . 2007-08-13 14:32 45568 c:\windows\ie8\mshta.exe
- 2009-01-14 07:44 . 2007-08-13 14:36 12288 c:\windows\ie8\msfeedssync.exe
+ 2009-06-22 06:24 . 2007-08-13 14:36 12288 c:\windows\ie8\msfeedssync.exe
- 2009-01-14 07:44 . 2007-08-13 14:54 50688 c:\windows\ie8\msfeedsbs.dll
+ 2009-06-22 06:24 . 2007-08-13 14:54 50688 c:\windows\ie8\msfeedsbs.dll
+ 2009-06-22 06:24 . 2007-08-13 14:44 40960 c:\windows\ie8\licmgr10.dll
- 2009-01-14 07:44 . 2007-08-13 14:44 40960 c:\windows\ie8\licmgr10.dll
+ 2009-06-22 06:24 . 2007-08-13 14:54 27136 c:\windows\ie8\jsproxy.dll
- 2009-01-14 07:44 . 2007-08-13 14:54 27136 c:\windows\ie8\jsproxy.dll
+ 2009-06-22 06:24 . 2007-08-13 14:39 92672 c:\windows\ie8\inseng.dll
- 2009-01-14 07:44 . 2007-08-13 14:39 92672 c:\windows\ie8\inseng.dll
- 2009-01-14 07:44 . 2007-08-13 14:36 36352 c:\windows\ie8\imgutil.dll
+ 2009-06-22 06:24 . 2007-08-13 14:36 36352 c:\windows\ie8\imgutil.dll
- 2009-01-14 07:44 . 2007-08-13 14:39 55296 c:\windows\ie8\iesetup.dll
+ 2009-06-22 06:24 . 2007-08-13 14:39 55296 c:\windows\ie8\iesetup.dll
- 2009-01-14 07:44 . 2007-08-13 14:39 43008 c:\windows\ie8\iernonce.dll
+ 2009-06-22 06:24 . 2007-08-13 14:39 43008 c:\windows\ie8\iernonce.dll
+ 2009-06-22 06:24 . 2007-08-13 14:45 78336 c:\windows\ie8\ieencode.dll
- 2009-01-14 07:44 . 2007-08-13 14:45 78336 c:\windows\ie8\ieencode.dll
+ 2009-06-22 06:24 . 2007-08-13 14:39 54784 c:\windows\ie8\ie4uinit.exe
- 2009-01-14 07:44 . 2007-08-13 14:39 54784 c:\windows\ie8\ie4uinit.exe
+ 2009-06-22 06:24 . 2007-08-13 14:36 61952 c:\windows\ie8\icardie.dll
- 2009-01-14 07:44 . 2007-08-13 14:36 61952 c:\windows\ie8\icardie.dll
+ 2009-06-22 06:24 . 2007-08-13 14:18 60416 c:\windows\ie8\hmmapi.dll
- 2009-01-14 07:44 . 2007-08-13 14:18 60416 c:\windows\ie8\hmmapi.dll
- 2009-01-14 07:44 . 2007-08-13 14:42 17408 c:\windows\ie8\corpol.dll
+ 2009-06-22 06:24 . 2007-08-13 14:42 17408 c:\windows\ie8\corpol.dll
- 2009-01-14 07:44 . 2007-08-13 14:39 71680 c:\windows\ie8\admparse.dll
+ 2009-06-22 06:24 . 2007-08-13 14:39 71680 c:\windows\ie8\admparse.dll
+ 2009-01-05 11:44 . 2009-01-05 11:44 53248 c:\windows\bdoscandel.exe
+ 2009-06-21 20:14 . 2009-06-21 20:14 86016 c:\windows\BDOSCAN8\librtvr.dll
+ 2009-06-21 20:14 . 2009-06-21 20:14 27136 c:\windows\BDOSCAN8\avxt.dll
+ 2009-06-21 20:14 . 2009-06-21 20:14 10240 c:\windows\BDOSCAN8\avxs.dll
+ 2009-06-21 20:14 . 2009-06-21 20:14 45056 c:\windows\BDOSCAN8\avxdisk.dll
- 2008-07-04 13:25 . 2009-01-16 15:17 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2009-06-04 12:17 . 2009-06-04 12:17 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2009-06-22 06:29 . 2009-03-08 00:35 2048 c:\windows\ie8updates\KB971180-IE8\iecompat.dll
+ 2009-07-01 06:12 . 2009-07-01 06:12 8192 c:\windows\ERDNT\01-07-2009\Users\00000004\UsrClass.dat
+ 2009-07-01 06:12 . 2009-07-01 06:12 8192 c:\windows\ERDNT\01-07-2009\Users\00000002\UsrClass.dat
- 2008-04-17 10:37 . 2008-07-03 09:14 351744 c:\windows\system32\xpsp3res.dll
+ 2008-04-17 10:37 . 2009-04-15 09:24 351744 c:\windows\system32\xpsp3res.dll
+ 2008-07-01 11:49 . 2009-01-07 14:21 121856 c:\windows\system32\xmllite.dll
- 2008-07-01 11:49 . 2008-06-12 07:28 121856 c:\windows\system32\xmllite.dll
+ 2007-08-13 14:45 . 2009-03-08 00:34 208384 c:\windows\system32\WinFXDocObj.exe
- 2007-08-13 14:45 . 2008-08-21 23:08 208384 c:\windows\system32\WinFXDocObj.exe
- 2004-08-04 08:00 . 2008-08-21 23:08 236544 c:\windows\system32\webcheck.dll
+ 2004-08-04 08:00 . 2009-03-08 00:34 236544 c:\windows\system32\webcheck.dll
+ 2004-08-04 08:00 . 2009-03-08 00:33 420352 c:\windows\system32\vbscript.dll
- 2004-08-04 08:00 . 2008-08-21 23:07 105984 c:\windows\system32\url.dll
+ 2004-08-04 08:00 . 2009-03-08 00:34 105984 c:\windows\system32\url.dll
+ 2009-06-21 19:56 . 2009-06-21 19:58 405112 c:\windows\system32\Restore\rstrlog.dat
+ 2004-08-04 08:00 . 2009-03-08 00:34 109568 c:\windows\system32\occache.dll
+ 2004-08-04 08:00 . 2009-03-08 00:32 611840 c:\windows\system32\mstime.dll
+ 2004-08-04 08:00 . 2009-03-08 00:34 193536 c:\windows\system32\msrating.dll
- 2004-08-04 08:00 . 2008-08-21 23:07 193536 c:\windows\system32\msrating.dll
+ 2004-08-04 08:00 . 2009-03-08 00:22 156160 c:\windows\system32\msls31.dll
- 2004-08-04 08:00 . 2008-08-21 22:57 156160 c:\windows\system32\msls31.dll
+ 2007-08-13 14:54 . 2009-03-08 00:32 594432 c:\windows\system32\msfeeds.dll
+ 2008-08-05 13:55 . 2009-01-07 14:20 265720 c:\windows\system32\msdbg2.dll
- 2008-08-05 13:55 . 2008-08-05 13:55 265720 c:\windows\system32\msdbg2.dll
+ 2004-08-04 08:00 . 2009-03-08 00:33 726528 c:\windows\system32\jscript.dll
+ 2007-08-13 14:54 . 2009-03-08 00:22 164352 c:\windows\system32\ieui.dll
+ 2004-08-04 08:00 . 2009-03-08 00:31 183808 c:\windows\system32\iepeers.dll
+ 2004-08-04 08:00 . 2009-04-30 21:22 385536 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 08:27 . 2009-03-08 00:11 445952 c:\windows\system32\ieapfltr.dll
- 2004-08-04 08:00 . 2008-08-21 23:06 163840 c:\windows\system32\ieakui.dll
+ 2004-08-04 08:00 . 2009-03-08 00:32 163840 c:\windows\system32\ieakui.dll
+ 2004-08-04 08:00 . 2009-03-08 00:33 229376 c:\windows\system32\ieaksie.dll
+ 2004-08-04 08:00 . 2009-03-08 00:33 125952 c:\windows\system32\ieakeng.dll
+ 2004-08-04 08:00 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 08:00 . 2009-03-08 00:31 216064 c:\windows\system32\dxtrans.dll
+ 2004-08-04 08:00 . 2009-03-08 00:31 348160 c:\windows\system32\dxtmsft.dll
+ 2008-04-21 07:04 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\wininet.dll
- 2007-08-13 14:54 . 2008-08-21 23:08 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 14:54 . 2009-03-08 00:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 14:54 . 2009-03-08 00:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2007-12-18 14:40 . 2009-03-08 00:33 420352 c:\windows\system32\dllcache\vbscript.dll
- 2007-08-13 14:44 . 2008-08-21 23:07 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-13 14:44 . 2009-03-08 00:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 14:20 . 2009-01-07 14:20 134144 c:\windows\system32\dllcache\sqmapi.dll
- 2008-06-12 07:27 . 2008-06-12 07:27 134144 c:\windows\system32\dllcache\sqmapi.dll
- 2009-01-14 08:36 . 2007-07-09 13:09 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-01-14 08:36 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2007-08-13 14:44 . 2009-03-08 00:34 109568 c:\windows\system32\dllcache\occache.dll
+ 2008-04-21 07:03 . 2009-03-08 00:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-04-21 07:03 . 2009-03-08 00:34 193536 c:\windows\system32\dllcache\msrating.dll
- 2008-04-21 07:03 . 2008-08-21 23:07 193536 c:\windows\system32\dllcache\msrating.dll
+ 2007-08-13 14:54 . 2009-03-08 00:22 156160 c:\windows\system32\dllcache\msls31.dll
- 2007-08-13 14:54 . 2008-08-21 22:57 156160 c:\windows\system32\dllcache\msls31.dll
+ 2009-05-07 15:44 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2006-05-18 05:24 . 2009-03-08 00:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2007-08-13 14:43 . 2009-03-08 10:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2008-04-21 07:03 . 2009-03-08 00:31 183808 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 14:39 . 2009-04-30 21:22 385536 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 13:56 . 2009-03-08 00:32 163840 c:\windows\system32\dllcache\ieakui.dll
- 2007-08-13 13:56 . 2008-08-21 23:06 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 14:39 . 2009-03-08 00:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 14:39 . 2009-03-08 00:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-13 14:39 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-21 07:03 . 2009-03-08 00:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2008-04-21 07:03 . 2009-03-08 00:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-13 14:39 . 2009-03-08 00:32 128512 c:\windows\system32\dllcache\advpack.dll
- 2007-08-13 14:39 . 2008-08-21 23:06 128512 c:\windows\system32\dllcache\advpack.dll
- 2004-08-04 08:00 . 2008-08-21 23:06 128512 c:\windows\system32\advpack.dll
+ 2004-08-04 08:00 . 2009-03-08 00:32 128512 c:\windows\system32\advpack.dll
+ 2009-06-04 11:45 . 2009-06-04 11:45 132472 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
- 2008-07-04 13:25 . 2009-01-16 15:16 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2009-06-04 12:15 . 2009-06-04 12:15 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2009-06-05 11:38 . 2009-06-05 11:38 468408 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe
- 2008-07-04 13:25 . 2009-01-16 15:18 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2009-06-04 12:17 . 2009-06-04 12:17 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2009-06-04 12:16 . 2009-06-04 12:16 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2009-06-05 11:34 . 2009-06-05 11:34 714752 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2009-06-04 12:15 . 2009-06-04 12:15 614400 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2009-06-05 11:38 . 2009-06-05 11:38 202168 c:\windows\system32\Adobe\Director\SwDir.dll
- 2008-07-04 13:25 . 2009-01-16 15:25 202168 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2009-06-04 12:17 . 2009-06-04 12:17 131072 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2009-01-17 08:43 . 2009-01-17 08:43 432640 c:\windows\Installer\f378bd9.msi
+ 2008-07-29 04:54 . 2008-07-29 04:54 301056 c:\windows\Installer\c4b331b.msi
+ 2008-07-29 04:54 . 2008-07-29 04:54 966144 c:\windows\Installer\c4b3305.msi
+ 2009-04-09 06:25 . 2009-04-09 06:25 598016 c:\windows\Installer\a228ab1.msi
+ 2008-09-05 20:46 . 2008-09-05 20:46 836096 c:\windows\Installer\6849866b.msi
+ 2008-07-01 11:22 . 2008-07-01 11:22 501248 c:\windows\Installer\51f9d.msi
+ 2008-07-01 11:21 . 2008-07-01 11:21 501248 c:\windows\Installer\51f7d.msi
+ 2008-07-01 11:21 . 2008-07-01 11:21 506880 c:\windows\Installer\51f75.msi
+ 2008-07-01 11:20 . 2008-07-01 11:20 516608 c:\windows\Installer\51f6c.msi
+ 2008-07-01 11:20 . 2008-07-01 11:20 513024 c:\windows\Installer\51f63.msi
+ 2008-07-01 11:20 . 2008-07-01 11:20 501248 c:\windows\Installer\51f53.msi
+ 2008-07-01 11:18 . 2008-07-01 11:18 501248 c:\windows\Installer\51f20.msi
+ 2006-02-20 03:22 . 2006-02-20 03:22 654848 c:\windows\Installer\41034.msi
+ 2006-02-20 03:20 . 2006-02-20 03:20 227840 c:\windows\Installer\41022.msi
+ 2006-02-20 03:20 . 2006-02-20 03:20 838144 c:\windows\Installer\4101b.msi
+ 2006-02-20 03:19 . 2006-02-20 03:19 226304 c:\windows\Installer\40f9f.msi
+ 2009-01-14 09:18 . 2009-01-14 09:18 289792 c:\windows\Installer\3f07a3.msi
+ 2008-07-30 05:20 . 2008-07-30 05:20 806400 c:\windows\Installer\2ca6c4.msi
+ 2008-07-30 05:19 . 2008-07-30 05:19 810496 c:\windows\Installer\2ca6be.msi
+ 2009-01-22 12:20 . 2009-01-22 12:20 486400 c:\windows\Installer\29bdf924.msi
+ 2009-07-01 05:30 . 2009-07-01 05:30 288768 c:\windows\Installer\292dbdd8.msi
+ 2008-07-31 05:12 . 2008-07-31 05:12 431104 c:\windows\Installer\278f717.msi
+ 2008-07-29 13:04 . 2008-07-29 13:04 792064 c:\windows\Installer\168e575.msi
+ 2006-02-20 03:35 . 2006-02-20 03:35 322048 c:\windows\Installer\168c70.msi
+ 2006-02-20 03:34 . 2006-02-20 03:34 221184 c:\windows\Installer\168c6b.msi
+ 2006-02-20 03:32 . 2006-02-20 03:32 239104 c:\windows\Installer\168c65.msi
+ 2006-02-20 03:32 . 2006-02-20 03:32 237568 c:\windows\Installer\168c5f.msi
+ 2006-02-20 03:32 . 2006-02-20 03:32 238080 c:\windows\Installer\168c5a.msi
+ 2006-02-20 03:32 . 2006-02-20 03:32 238080 c:\windows\Installer\168c55.msi
+ 2006-02-20 03:32 . 2006-02-20 03:32 238080 c:\windows\Installer\168c50.msi
+ 2006-02-20 03:32 . 2006-02-20 03:32 120832 c:\windows\Installer\168c48.msi
+ 2006-02-20 03:32 . 2006-02-20 03:32 471552 c:\windows\Installer\168c43.msi
+ 2006-02-20 03:32 . 2006-02-20 03:32 664064 c:\windows\Installer\168c3a.msi
+ 2006-02-20 03:32 . 2006-02-20 03:32 121344 c:\windows\Installer\168c2e.msi
+ 2006-02-20 03:32 . 2006-02-20 03:32 239104 c:\windows\Installer\168c29.msi
+ 2006-02-20 03:32 . 2006-02-20 03:32 239104 c:\windows\Installer\168c23.msi
+ 2006-02-20 03:32 . 2006-02-20 03:32 542208 c:\windows\Installer\168c1d.msi
+ 2006-02-20 03:32 . 2006-02-20 03:32 245248 c:\windows\Installer\168b49.msi
+ 2006-02-20 03:32 . 2006-02-20 03:32 324096 c:\windows\Installer\168b43.msi
+ 2006-02-20 03:31 . 2006-02-20 03:31 250368 c:\windows\Installer\168b3c.msi
+ 2006-02-20 03:31 . 2006-02-20 03:31 239616 c:\windows\Installer\168b37.msi
+ 2006-02-20 03:31 . 2006-02-20 03:31 250368 c:\windows\Installer\168b31.msi
+ 2006-02-20 03:31 . 2006-02-20 03:31 240128 c:\windows\Installer\168b2b.msi
+ 2006-02-20 03:31 . 2006-02-20 03:31 239104 c:\windows\Installer\168b26.msi
+ 2006-02-20 03:31 . 2006-02-20 03:31 260096 c:\windows\Installer\168afd.msi
+ 2006-02-20 03:31 . 2006-02-20 03:31 422912 c:\windows\Installer\168af8.msi
+ 2006-02-20 03:31 . 2006-02-20 03:31 121344 c:\windows\Installer\168af3.msi
+ 2007-11-07 11:07 . 2007-11-07 11:07 999936 c:\windows\Installer\162dd850.msp
+ 2007-11-07 10:56 . 2007-11-07 10:56 553472 c:\windows\Installer\162dd84d.msp
+ 2007-11-07 10:58 . 2007-11-07 10:58 908800 c:\windows\Installer\162dd849.msp
+ 2007-11-07 10:54 . 2007-11-07 10:54 507392 c:\windows\Installer\162dd848.msp
+ 2004-08-07 13:04 . 2004-08-07 13:04 264704 c:\windows\Installer\11a3e.msi
+ 2009-03-12 11:06 . 2009-03-12 11:06 329728 c:\windows\Installer\10dcdb42.msi
+ 2008-07-26 10:33 . 2008-07-26 10:33 875520 c:\windows\Installer\1089edb3.msi
+ 2008-07-01 11:26 . 2009-06-24 05:23 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-07-01 11:26 . 2008-07-01 11:26 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-07-01 11:26 . 2009-06-24 05:23 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-07-01 11:26 . 2008-07-01 11:26 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-07-01 11:26 . 2009-06-24 05:23 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-07-01 11:26 . 2008-07-01 11:26 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-07-01 11:26 . 2009-06-24 05:23 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-07-01 11:26 . 2008-07-01 11:26 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-07-01 11:26 . 2009-06-24 05:23 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-07-01 11:26 . 2008-07-01 11:26 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-07-01 11:26 . 2008-07-01 11:26 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-07-01 11:26 . 2009-06-24 05:23 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-07-01 11:26 . 2009-06-24 05:23 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-07-01 11:26 . 2008-07-01 11:26 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-06-22 06:29 . 2007-11-30 12:39 382840 c:\windows\ie8updates\KB971180-IE8\spuninst\updspapi.dll
+ 2009-06-22 06:29 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB971180-IE8\spuninst\spuninst.exe
+ 2009-06-22 06:29 . 2009-03-08 00:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll
+ 2009-06-22 06:30 . 2008-07-09 07:38 382840 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll
+ 2009-06-22 06:30 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe
+ 2009-06-22 06:30 . 2009-03-08 00:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll
+ 2009-06-22 06:30 . 2009-03-08 10:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll
+ 2009-06-22 06:30 . 2009-03-08 00:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe
+ 2009-06-22 06:24 . 2007-08-13 14:54 818688 c:\windows\ie8\wininet.dll
- 2009-01-14 07:44 . 2007-08-13 14:54 818688 c:\windows\ie8\wininet.dll
+ 2009-06-22 06:24 . 2007-08-13 14:45 206336 c:\windows\ie8\winfxdocobj.exe
- 2009-01-14 07:44 . 2007-08-13 14:45 206336 c:\windows\ie8\winfxdocobj.exe
+ 2009-06-22 06:24 . 2007-08-13 14:54 231424 c:\windows\ie8\webcheck.dll
- 2009-01-14 07:44 . 2007-08-13 14:54 231424 c:\windows\ie8\webcheck.dll
+ 2009-06-22 06:24 . 2007-08-13 14:54 765952 c:\windows\ie8\vgx.dll
- 2009-01-14 07:44 . 2007-08-13 14:54 765952 c:\windows\ie8\vgx.dll
+ 2009-06-22 06:24 . 2007-08-13 14:54 413696 c:\windows\ie8\vbscript.dll
- 2009-01-14 07:44 . 2007-08-13 14:54 413696 c:\windows\ie8\vbscript.dll
- 2009-01-14 07:44 . 2007-08-13 14:44 105984 c:\windows\ie8\url.dll
+ 2009-06-22 06:24 . 2007-08-13 14:44 105984 c:\windows\ie8\url.dll
+ 2009-06-22 06:26 . 2009-01-07 14:21 382496 c:\windows\ie8\spuninst\updspapi.dll
- 2009-01-14 07:46 . 2008-06-12 07:28 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-06-22 06:26 . 2009-01-07 14:20 231456 c:\windows\ie8\spuninst\spuninst.exe
- 2009-01-14 07:46 . 2008-06-12 07:27 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-06-22 06:24 . 2006-09-06 13:43 213216 c:\windows\ie8\spuninst.exe
- 2009-01-14 07:44 . 2006-09-06 13:43 213216 c:\windows\ie8\spuninst.exe
- 2009-01-14 07:44 . 2007-08-13 14:44 101376 c:\windows\ie8\occache.dll
+ 2009-06-22 06:24 . 2007-08-13 14:44 101376 c:\windows\ie8\occache.dll
+ 2009-06-22 06:24 . 2007-08-13 14:54 670720 c:\windows\ie8\mstime.dll
- 2009-01-14 07:44 . 2007-08-13 14:54 670720 c:\windows\ie8\mstime.dll
+ 2009-06-22 06:24 . 2007-08-13 14:44 192000 c:\windows\ie8\msrating.dll
- 2009-01-14 07:44 . 2007-08-13 14:44 192000 c:\windows\ie8\msrating.dll
- 2009-01-14 07:44 . 2007-08-13 14:54 156160 c:\windows\ie8\msls31.dll
+ 2009-06-22 06:24 . 2007-08-13 14:54 156160 c:\windows\ie8\msls31.dll
- 2009-01-14 07:44 . 2007-08-13 14:54 475648 c:\windows\ie8\mshtmled.dll
+ 2009-06-22 06:24 . 2007-08-13 14:54 475648 c:\windows\ie8\mshtmled.dll
+ 2009-06-22 06:24 . 2007-08-13 14:54 458752 c:\windows\ie8\msfeeds.dll
- 2009-01-14 07:44 . 2007-08-13 14:54 458752 c:\windows\ie8\msfeeds.dll
- 2009-01-14 07:44 . 2007-08-13 14:38 491520 c:\windows\ie8\jscript.dll
+ 2009-06-22 06:24 . 2007-08-13 14:38 491520 c:\windows\ie8\jscript.dll
- 2009-01-14 07:44 . 2007-08-13 14:43 622080 c:\windows\ie8\iexplore.exe
+ 2009-06-22 06:24 . 2007-08-13 14:43 622080 c:\windows\ie8\iexplore.exe
+ 2009-06-22 06:24 . 2007-08-13 14:54 180736 c:\windows\ie8\ieui.dll
- 2009-01-14 07:44 . 2007-08-13 14:54 180736 c:\windows\ie8\ieui.dll
- 2009-01-14 07:44 . 2007-08-13 14:34 266752 c:\windows\ie8\iertutil.dll
+ 2009-06-22 06:24 . 2007-08-13 14:34 266752 c:\windows\ie8\iertutil.dll
+ 2009-06-22 06:24 . 2007-08-13 14:54 287744 c:\windows\ie8\ieproxy.dll
- 2009-01-14 07:44 . 2007-08-13 14:54 287744 c:\windows\ie8\ieproxy.dll
+ 2009-06-22 06:24 . 2007-08-13 14:54 191488 c:\windows\ie8\iepeers.dll
- 2009-01-14 07:44 . 2007-08-13 14:54 191488 c:\windows\ie8\iepeers.dll
- 2009-01-14 07:44 . 2007-08-13 14:39 382976 c:\windows\ie8\iedkcs32.dll
+ 2009-06-22 06:24 . 2007-08-13 14:39 382976 c:\windows\ie8\iedkcs32.dll
- 2009-01-14 07:44 . 2007-07-11 08:27 383488 c:\windows\ie8\ieapfltr.dll
+ 2009-06-22 06:24 . 2007-07-11 08:27 383488 c:\windows\ie8\ieapfltr.dll
+ 2009-06-22 06:24 . 2007-08-13 13:56 161792 c:\windows\ie8\ieakui.dll
- 2009-01-14 07:44 . 2007-08-13 13:56 161792 c:\windows\ie8\ieakui.dll
+ 2009-06-22 06:24 . 2007-08-13 14:39 229376 c:\windows\ie8\ieaksie.dll
- 2009-01-14 07:44 . 2007-08-13 14:39 229376 c:\windows\ie8\ieaksie.dll
- 2009-01-14 07:44 . 2007-08-13 14:39 152064 c:\windows\ie8\ieakeng.dll
+ 2009-06-22 06:24 . 2007-08-13 14:39 152064 c:\windows\ie8\ieakeng.dll
- 2009-01-14 07:44 . 2007-08-13 14:35 214528 c:\windows\ie8\dxtrans.dll
+ 2009-06-22 06:24 . 2007-08-13 14:35 214528 c:\windows\ie8\dxtrans.dll
- 2009-01-14 07:44 . 2007-08-13 14:35 346624 c:\windows\ie8\dxtmsft.dll
+ 2009-06-22 06:24 . 2007-08-13 14:35 346624 c:\windows\ie8\dxtmsft.dll
- 2009-01-14 07:44 . 2007-08-13 14:39 123904 c:\windows\ie8\advpack.dll
+ 2009-06-22 06:24 . 2007-08-13 14:39 123904 c:\windows\ie8\advpack.dll
+ 2009-07-01 06:48 . 2009-07-01 06:48 217088 c:\windows\ERDNT\AutoBackup\01-07-2009\Users\00000002\UsrClass.dat
+ 2009-07-01 06:48 . 2005-10-20 08:02 163328 c:\windows\ERDNT\AutoBackup\01-07-2009\ERDNT.EXE
+ 2009-07-01 06:12 . 2009-07-01 06:12 217088 c:\windows\ERDNT\01-07-2009\Users\00000006\UsrClass.dat
+ 2009-07-01 06:12 . 2009-07-01 06:12 229376 c:\windows\ERDNT\01-07-2009\Users\00000003\NTUSER.DAT
+ 2009-07-01 06:12 . 2009-07-01 06:12 229376 c:\windows\ERDNT\01-07-2009\Users\00000001\NTUSER.DAT
+ 2009-07-01 06:12 . 2005-10-20 08:02 163328 c:\windows\ERDNT\01-07-2009\ERDNT.EXE
+ 2009-01-05 11:44 . 2009-01-05 11:44 741376 c:\windows\Downloaded Program Files\ipsupd.dll
+ 2009-01-05 11:44 . 2009-01-05 11:44 741376 c:\windows\BDOSCAN8\ipsupd.dll
+ 2004-08-04 08:00 . 2004-08-04 08:00 1326080 c:\windows\system32\webfldrs.msi
+ 2004-08-04 08:00 . 2009-04-30 21:22 1207808 c:\windows\system32\urlmon.dll
+ 2004-08-04 08:00 . 2009-05-13 05:15 5936128 c:\windows\system32\mshtml.dll
+ 2007-08-13 14:34 . 2009-04-30 21:22 1985024 c:\windows\system32\iertutil.dll
+ 2007-02-12 12:10 . 2009-02-06 17:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2004-08-07 13:02 . 2009-07-01 05:37 2364808 c:\windows\system32\FNTCACHE.DAT
- 2004-08-07 13:02 . 2009-06-19 13:30 2364808 c:\windows\system32\FNTCACHE.DAT
+ 2007-03-08 13:47 . 2009-04-17 09:58 1846656 c:\windows\system32\dllcache\win32k.sys
+ 2008-04-21 07:04 . 2009-04-30 21:22 1207808 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-21 07:03 . 2009-05-13 05:15 5936128 c:\windows\system32\dllcache\mshtml.dll
+ 2009-06-04 11:51 . 2009-06-04 11:51 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2009-06-04 11:45 . 2009-06-04 11:45 1886320 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2009-06-04 11:55 . 2009-06-04 11:55 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
- 2008-07-04 13:25 . 2009-01-16 14:58 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2007-05-25 08:08 . 2007-05-25 08:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2008-07-04 08:49 . 2008-07-04 08:49 2428416 c:\windows\Installer\edd1d64.msi
+ 2008-07-04 08:44 . 2008-07-04 08:44 1718272 c:\windows\Installer\edd1d57.msi
+ 2008-07-04 08:43 . 2008-07-04 08:43 1725952 c:\windows\Installer\edd1d51.msi
+ 2008-07-04 08:42 . 2008-07-04 08:42 1954304 c:\windows\Installer\edd1d4b.msi
+ 2008-07-04 08:41 . 2008-07-04 08:41 1826816 c:\windows\Installer\edd1d45.msi
+ 2008-07-04 08:41 . 2008-07-04 08:41 1726976 c:\windows\Installer\edd1d3f.msi
+ 2008-07-04 08:40 . 2008-07-04 08:40 1879040 c:\windows\Installer\edd1d39.msi
+ 2008-07-04 08:40 . 2008-07-04 08:40 1730048 c:\windows\Installer\edd1d33.msi
+ 2008-07-04 08:40 . 2008-07-04 08:40 1761792 c:\windows\Installer\edd1d2d.msi
+ 2008-07-04 08:39 . 2008-07-04 08:39 1735680 c:\windows\Installer\edd1d27.msi
+ 2008-07-04 08:38 . 2008-07-04 08:38 1744384 c:\windows\Installer\edd1d21.msi
+ 2008-07-04 08:38 . 2008-07-04 08:38 1842688 c:\windows\Installer\edd1d1b.msi
+ 2008-07-04 08:37 . 2008-07-04 08:37 2159104 c:\windows\Installer\edd1d14.msi
+ 2008-07-04 08:36 . 2008-07-04 08:36 1715712 c:\windows\Installer\edd1d0e.msi
+ 2008-07-04 08:36 . 2008-07-04 08:36 1715712 c:\windows\Installer\edd1d07.msi
+ 2008-07-04 08:35 . 2008-07-04 08:35 1715712 c:\windows\Installer\edd1cf9.msi
+ 2008-07-04 08:35 . 2008-07-04 08:35 1728000 c:\windows\Installer\edd1cf2.msi
+ 2008-07-04 08:34 . 2008-07-04 08:34 1718272 c:\windows\Installer\edd1cec.msi
+ 2008-07-04 08:34 . 2008-07-04 08:34 1761792 c:\windows\Installer\edd1ce6.msi
+ 2008-07-04 08:33 . 2008-07-04 08:33 1753088 c:\windows\Installer\edd1ce0.msi
+ 2008-07-04 08:33 . 2008-07-04 08:33 1720832 c:\windows\Installer\edd1cda.msi
+ 2008-07-04 08:32 . 2008-07-04 08:32 2595840 c:\windows\Installer\edd1cd4.msi
+ 2008-07-04 08:29 . 2008-07-04 08:29 1826304 c:\windows\Installer\edd1cce.msi
+ 2008-07-04 08:28 . 2008-07-04 08:28 1716736 c:\windows\Installer\edd1cc8.msi
+ 2008-07-04 07:46 . 2008-07-04 07:46 1767424 c:\windows\Installer\eb6165d.msi
+ 2008-11-27 06:40 . 2008-11-27 06:40 2329600 c:\windows\Installer\cfbdc48.msi
+ 2008-07-15 19:12 . 2008-07-15 19:12 1298432 c:\windows\Installer\c77dcf.msp
+ 2008-07-29 05:00 . 2008-07-29 05:00 1072128 c:\windows\Installer\c4b3327.msi
+ 2008-07-29 04:58 . 2008-07-29 04:58 1389056 c:\windows\Installer\c4b3321.msi
+ 2009-01-04 11:53 . 2009-01-04 11:53 4337664 c:\windows\Installer\962b3ec8.msi
+ 2008-07-01 11:22 . 2008-07-01 11:22 1640960 c:\windows\Installer\51fa5.msi
+ 2008-07-01 11:22 . 2008-07-01 11:22 1652736 c:\windows\Installer\51f95.msi
+ 2008-07-01 11:22 . 2008-07-01 11:22 1652736 c:\windows\Installer\51f8d.msi
+ 2008-07-01 11:21 . 2008-07-01 11:21 1652736 c:\windows\Installer\51f85.msi
+ 2008-07-01 11:20 . 2008-07-01 11:20 2319872 c:\windows\Installer\51f5b.msi
+ 2008-07-01 11:20 . 2008-07-01 11:20 1647616 c:\windows\Installer\51f4b.msi
+ 2008-07-01 11:20 . 2008-07-01 11:20 1640960 c:\windows\Installer\51f38.msi
+ 2008-07-01 11:19 . 2008-07-01 11:19 2022912 c:\windows\Installer\51f30.msi
+ 2008-07-01 11:19 . 2008-07-01 11:19 1713152 c:\windows\Installer\51f28.msi
+ 2008-07-01 11:18 . 2008-07-01 11:18 2397184 c:\windows\Installer\51f18.msi
+ 2006-02-20 03:20 . 2006-02-20 03:20 3972608 c:\windows\Installer\4102d.msi
+ 2006-02-20 03:19 . 2006-02-20 03:19 1143808 c:\windows\Installer\40f99.msi
+ 2006-02-20 03:19 . 2006-02-20 03:19 1150464 c:\windows\Installer\40f10.msi
+ 2006-02-20 03:19 . 2006-02-20 03:19 1142272 c:\windows\Installer\40e87.msi
+ 2006-02-20 03:13 . 2006-02-20 03:13 4806656 c:\windows\Installer\40e81.msi
+ 2006-02-20 03:11 . 2006-02-20 03:11 2247680 c:\windows\Installer\40e70.msi
+ 2006-02-20 03:10 . 2006-02-20 03:10 1345536 c:\windows\Installer\40e6b.msi
+ 2008-12-17 12:03 . 2008-12-17 12:03 1098752 c:\windows\Installer\3982216d.msi
+ 2009-01-29 14:26 . 2009-01-29 14:26 4784128 c:\windows\Installer\36878f.msp
+ 2008-09-17 08:31 . 2008-09-17 08:31 2396160 c:\windows\Installer\341823b4.msi
+ 2008-09-17 08:27 . 2008-09-17 08:27 1762816 c:\windows\Installer\341823ad.msi
+ 2008-09-17 08:26 . 2008-09-17 08:26 1781248 c:\windows\Installer\341823a7.msi
+ 2008-09-17 08:25 . 2008-09-17 08:25 1716736 c:\windows\Installer\3418238e.msi
+ 2008-09-17 08:23 . 2008-09-17 08:23 1774080 c:\windows\Installer\34182382.msi
+ 2009-01-21 06:11 . 2009-01-21 06:11 3164160 c:\windows\Installer\233c18a9.msi
+ 2009-01-21 06:06 . 2009-01-21 06:06 1914368 c:\windows\Installer\233c18a2.msi
+ 2009-01-21 06:00 . 2009-01-21 06:00 1725952 c:\windows\Installer\233c189c.msi
+ 2008-07-01 18:07 . 2006-02-20 03:03 5864960 c:\windows\Installer\2067f.msp
+ 2009-03-24 08:42 . 2009-03-24 08:42 4886528 c:\windows\Installer\1f7ba866.msi
+ 2009-03-24 08:33 . 2009-03-24 08:33 1659392 c:\windows\Installer\1f7ba549.msi
+ 2009-03-24 08:32 . 2009-03-24 08:32 1549312 c:\windows\Installer\1f7ba53f.msi
+ 2009-03-24 08:30 . 2009-03-24 08:30 3293696 c:\windows\Installer\1f7ba50a.msi
+ 2004-08-07 13:05 . 2004-08-07 13:05 3443712 c:\windows\Installer\1c9f6.msi
+ 2009-02-05 14:34 . 2009-02-05 14:34 8992256 c:\windows\Installer\18a56e84.msi
+ 2008-07-29 12:55 . 2008-07-29 12:55 4910592 c:\windows\Installer\168e55c.msi
+ 2006-02-20 03:31 . 2006-02-20 03:31 1730048 c:\windows\Installer\168b21.msi
+ 2009-04-20 12:14 . 2009-04-20 12:14 3489280 c:\windows\Installer\164256ab.msi
+ 2007-11-07 10:50 . 2007-11-07 10:50 6055936 c:\windows\Installer\162dd84f.msp
+ 2007-11-07 11:00 . 2007-11-07 11:00 3407360 c:\windows\Installer\162dd84e.msp
+ 2007-11-07 10:46 . 2007-11-07 10:46 3010560 c:\windows\Installer\162dd84c.msp
+ 2007-11-07 11:02 . 2007-11-07 11:02 6473216 c:\windows\Installer\162dd84b.msp
+ 2007-11-07 11:12 . 2007-11-07 11:12 2533376 c:\windows\Installer\162dd84a.msp
+ 2009-05-18 12:08 . 2009-05-18 12:08 1011712 c:\windows\Installer\14d1bb07.msi
+ 2008-07-01 07:45 . 2008-07-01 07:45 4817920 c:\windows\Installer\1488ab.msi
+ 2009-05-17 16:38 . 2009-05-17 16:38 1401344 c:\windows\Installer\109fb5b7.msi
+ 2008-07-26 10:47 . 2008-07-26 10:47 6915584 c:\windows\Installer\10965c8e.msi
+ 2008-07-26 10:34 . 2008-07-26 10:34 1430016 c:\windows\Installer\1089edb9.msi
+ 2008-07-01 11:26 . 2009-06-24 05:23 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-07-01 11:26 . 2008-07-01 11:26 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-07-01 11:26 . 2009-06-24 05:23 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-07-01 11:26 . 2008-07-01 11:26 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-06-22 06:29 . 2009-03-08 00:34 1206784 c:\windows\ie8updates\KB969897-IE8\urlmon.dll
+ 2009-06-22 06:29 . 2009-03-08 00:41 5937152 c:\windows\ie8updates\KB969897-IE8\mshtml.dll
+ 2009-06-22 06:29 . 2009-03-08 00:32 1985024 c:\windows\ie8updates\KB969897-IE8\iertutil.dll
- 2009-01-14 07:44 . 2007-08-13 14:54 1162240 c:\windows\ie8\urlmon.dll
+ 2009-06-22 06:24 . 2007-08-13 14:54 1162240 c:\windows\ie8\urlmon.dll
+ 2009-06-22 06:24 . 2007-08-13 14:54 3578368 c:\windows\ie8\mshtml.dll
- 2009-01-14 07:44 . 2007-08-13 14:54 3578368 c:\windows\ie8\mshtml.dll
- 2009-01-14 07:44 . 2007-08-13 14:54 6049280 c:\windows\ie8\ieframe.dll
+ 2009-06-22 06:24 . 2007-08-13 14:54 6049280 c:\windows\ie8\ieframe.dll
+ 2009-06-22 06:24 . 2007-02-12 12:10 2451312 c:\windows\ie8\ieapfltr.dat
- 2009-01-14 07:44 . 2007-02-12 12:10 2451312 c:\windows\ie8\ieapfltr.dat
+ 2006-02-20 03:22 . 2006-02-20 03:22 2203648 c:\windows\Hewlett-Packard\Setup Files\HP Software Update\{5B5CF8DA-5286-49CF-98B2-4B510922DC08}\HP Software Update.msi
+ 2009-07-01 06:48 . 2009-07-01 06:48 8974336 c:\windows\ERDNT\AutoBackup\01-07-2009\Users\00000001\NTUSER.DAT
+ 2009-07-01 06:12 . 2009-07-01 06:12 8974336 c:\windows\ERDNT\01-07-2009\Users\00000005\NTUSER.DAT
+ 2008-07-01 08:38 . 2008-07-01 08:38 2455552 c:\windows\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi
+ 2008-08-11 12:08 . 2009-06-01 05:51 23635392 c:\windows\system32\MRT.exe
+ 2007-08-13 14:54 . 2009-04-30 21:22 11064832 c:\windows\system32\ieframe.dll
+ 2008-07-01 08:21 . 2006-02-20 03:34 12125696 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\J2SE Runtime Environment 5.0 Update 6.msi
+ 2008-07-01 11:26 . 2008-07-01 11:26 18181632 c:\windows\Installer\51fc2.msi
+ 2008-07-31 05:19 . 2008-07-31 05:19 15256576 c:\windows\Installer\278f730.msp
+ 2008-07-01 18:07 . 2006-02-20 03:00 19204096 c:\windows\Installer\20678.msp
+ 2009-06-22 06:30 . 2009-03-08 00:39 11063808 c:\windows\ie8updates\KB969897-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-06-12 09:16 218160 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="c:\documents and settings\Piers1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-03-29 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-03-12 124128]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-01 29744]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-04-17 430080]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-09 148888]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-04-13 88209]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Piers1\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WD Anywhere Backup Launcher.lnk - c:\windows\Installer\{649C4B1A-6A76-499A-9AEC-0C9530FA7D2C}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe [2008-7-26 9662]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 4 (0x4)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
backup=c:\windows\pss\Microtek Scanner Finder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\football manager 2009\\fm.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Piers1\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Piers1\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
"7206:TCP"= 7206:TCP:BitComet 7206 TCP
"7206:UDP"= 7206:UDP:BitComet 7206 UDP

R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [10/12/2008 03:10 24636]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [01/06/2009 22:13 331312]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [18/04/2008 03:57 102400]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [10/04/2009 12:57 33840]
S2 gupdate1c98757411a9d1c;Google Update Service (gupdate1c98757411a9d1c);c:\program files\Google\Update\GoogleUpdate.exe [05/02/2009 10:01 133104]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [03/07/2008 13:25 29744]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [01/06/2009 22:58 34352]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [12/03/2004 15:18 169192]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [26/07/2008 14:33 11520]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 07:01 2799808]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AUJASNKJ
*Deregistered* - aujasnkj

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-05 05:39]

2009-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 06:01]

2009-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 06:01]

2009-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2622300698-2743463601-4225773032-1006Core.job
- c:\documents and settings\Piers1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 15:34]

2009-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2622300698-2743463601-4225773032-1006UA.job
- c:\documents and settings\Piers1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 15:34]

2009-07-05 c:\windows\Tasks\User_Feed_Synchronization-{4EC9A910-F76E-41B8-AAF6-4DABE357E80C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 00:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 127.0.0.1:8081
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {3CE799C8-A65B-4390-A42D-1300AD30114E} = 10.11.64.1
FF - ProfilePath - c:\documents and settings\Piers1\Application Data\Mozilla\Firefox\Profiles\i42fbsnf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.ftp - 86.20.198.207
FF - prefs.js: network.proxy.ftp_port - 7212
FF - prefs.js: network.proxy.gopher - 86.20.198.207
FF - prefs.js: network.proxy.gopher_port - 7212
FF - prefs.js: network.proxy.http - 86.20.198.207
FF - prefs.js: network.proxy.http_port - 7212
FF - prefs.js: network.proxy.socks - 86.20.198.207
FF - prefs.js: network.proxy.socks_port - 7212
FF - prefs.js: network.proxy.ssl - 86.20.198.207
FF - prefs.js: network.proxy.ssl_port - 7212
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Piers1\Application Data\Mozilla\Firefox\Profiles\i42fbsnf.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Piers1\Application Data\Mozilla\Firefox\Profiles\i42fbsnf.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Piers1\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Piers1\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-05 19:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?@???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1600)
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-07-05 19:27
ComboFix-quarantined-files.txt 2009-07-05 15:27
ComboFix2.txt 2009-06-21 13:04

Pre-Run: 12,381,581,312 bytes free
Post-Run: 13,069,688,832 bytes free

735 --- E O F --- 2009-06-22 06:54






same symptoms. Cannot open folders or save documents but can run programs. :thumbup2: helllpppp!!

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 PM

Posted 05 July 2009 - 11:31 AM

Hi Pobb-

Ok, we're getting closer. Next up, please do this:

1. Open Notepad.
2. Copy and paste the text in the box below, (do NOT include the word 'code')
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoViewOnDrive"=-
3. Save it as fixme.reg on your desktop.
4. Double-click fixme.reg to run it.
5. You will be asked if you want to add the information in fixme.reg to the registry. Click YES.
6. You should get a confirmation that the information was successfully added.
7. Reboot.

Now...try to access your files. Any better?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 Pobb

Pobb
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 05 July 2009 - 11:54 PM

You sir, are a gentleman and a scholar Posted Image

Cheers mate, much apprecaited :thumbup2:

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 PM

Posted 06 July 2009 - 06:22 AM

Hi Pobb-

Great! Glad it worked. Now, we'll have two more rounds to make sure your computer is still clean and secure. Please stay with me as it will be important to clean up what we did.

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 14 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 14...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.

The next part is to please run an online antivirus scan. I'd like to see a clean scan before we call your computer clean. Since Kapersky took forever, we'll try ESET online scan for this one.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

In your reply, please post a fresh DDS log and the results of the ESET online scan.

Thanks!


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 PM

Posted 09 July 2009 - 08:11 PM

Hi Pobb-

Have you had a chance to update Java and run the scan?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:21 PM

Posted 11 July 2009 - 08:44 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users