Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware help plz


  • This topic is locked This topic is locked
17 replies to this topic

#1 desertuchiha

desertuchiha

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 AM

Posted 02 July 2009 - 11:17 PM

well my computer is acting very strange like pop ups and im getting false security messages and being misdirrected intentionally. so im guessing this is malware/trojan so can someone please help


DDS (Ver_09-06-26.01) - NTFSx86
Run by admin at 0:05:11.69 on Fri 07/03/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1507 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\WINDOWS\System32\nwtray.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - h:\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [NWTRAY] NWTRAY.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRunOnce: [*Restore] c:\windows\system32\rstrui.exe /runonce
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn111\wpn111.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\tew-424ub\WlanCU.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 85.255.112.206,85.255.112.116
TCP: {B4A1F145-2136-4C55-AA17-B3538094F96A} = 85.255.112.206,85.255.112.116
TCP: {CC6E4E90-CA67-4021-BC18-02881FAABDBA} = 85.255.112.206,85.255.112.116
TCP: {D5B689AC-EAEA-45AF-B779-BF7035E3D3BA} = 85.255.112.206,85.255.112.116
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll
LSA: Authentication Packages = msv1_0 ncv1_0

================= FIREFOX ===================

FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\n6hwkgtn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\n6hwkgtn.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\n6hwkgtn.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-2 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-10 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-2 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-2 298776]
R2 NCFSD;Novell Client File System Redirector;c:\program files\novell\client\xtier\drivers\ncfsd.sys [2008-9-23 81424]
R2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\novell\client\xtier\drivers\ncioctl.sys [2008-9-23 52752]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-11-26 193840]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNIMP50.sys [2009-2-7 21504]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNISP50.sys [2009-2-7 20480]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-4-3 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2009-1-20 42512]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [2007-7-19 281088]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111v.sys [2009-2-7 870400]

=============== Created Last 30 ================

2009-07-02 23:07 <DIR> --d----- c:\users\admin\appdata\roaming\GetRightToGo
2009-06-25 13:21 <DIR> --d----- c:\program files\Norton Security Scan
2009-06-24 16:10 <DIR> --d----- c:\windows\system32\Adobe
2009-06-22 09:57 <DIR> --d----- c:\programdata\AVG Security Toolbar
2009-06-22 09:57 <DIR> --d----- c:\progra~2\AVG Security Toolbar
2009-06-11 14:55 2,034,688 a------- c:\windows\system32\win32k.sys
2009-06-11 14:55 623,616 a------- c:\windows\system32\localspl.dll
2009-06-11 14:54 1,638,912 a------- c:\windows\system32\mshtml.tlb
2009-06-11 14:54 1,469,440 a------- c:\windows\system32\inetcpl.cpl
2009-06-11 14:54 915,456 a------- c:\windows\system32\wininet.dll
2009-06-11 14:54 71,680 a------- c:\windows\system32\iesetup.dll
2009-06-11 14:54 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-06-08 12:09 <DIR> --d----- c:\windows\system32\eu-ES
2009-06-08 12:09 <DIR> --d----- c:\windows\system32\ca-ES
2009-06-08 12:09 <DIR> --d----- c:\windows\system32\vi-VN
2009-06-08 11:47 <DIR> --d----- c:\windows\system32\EventProviders
2009-06-08 11:45 800,768 a------- c:\windows\system32\advapi32.dll
2009-06-08 11:44 1,541,120 a------- c:\windows\system32\onex.dll
2009-06-08 11:43 289,792 a------- c:\windows\system32\atmfd.dll

==================== Find3M ====================

2009-07-02 19:28 155,205 a------- c:\programdata\nvModes.dat
2009-07-02 19:28 155,205 a------- c:\progra~2\nvModes.dat
2009-06-22 09:56 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-22 09:56 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-08 12:19 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-08 12:19 86,016 a------- c:\windows\inf\infstor.dat
2009-06-08 12:19 51,200 a------- c:\windows\inf\infpub.dat
2009-06-08 12:08 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-05 17:34 40,367 a------- c:\windows\scunin.dat
2009-05-05 17:34 94,208 a------- c:\windows\ScUnin.exe
2009-04-11 02:33 986,600 a------- c:\windows\system32\winload.exe
2009-04-11 02:33 926,184 a------- c:\windows\system32\winresume.exe
2009-04-11 02:33 614,376 a------- c:\windows\system32\ci.dll
2009-04-11 02:32 50,664 a------- c:\windows\system32\PSHED.DLL
2009-04-11 02:32 3,601,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-11 02:32 3,549,672 a------- c:\windows\system32\ntoskrnl.exe
2009-04-11 02:32 438,744 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-04-11 02:32 245,736 a------- c:\windows\system32\clfs.sys
2009-04-11 02:32 177,128 a------- c:\windows\system32\halmacpi.dll
2009-04-11 02:32 140,776 a------- c:\windows\system32\halacpi.dll
2009-04-11 02:32 17,896 a------- c:\windows\system32\kd1394.dll
2009-04-11 02:32 19,944 a------- c:\windows\system32\kdusb.dll
2009-04-11 02:32 17,384 a------- c:\windows\system32\kdcom.dll
2009-04-11 02:27 627,200 a------- c:\windows\system32\sethc.exe
2009-04-11 02:22 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-04-11 02:21 37,376 a------- c:\windows\system32\cdd.dll
2009-04-11 01:03 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 01:03 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 00:57 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-11 00:54 2,048 a------- c:\windows\system32\mferror.dll
2009-04-11 00:39 16,384 a------- c:\windows\system32\iscsilog.dll
2009-04-11 00:27 2,560 a------- c:\windows\system32\msimsg.dll
2009-04-11 00:12 617,984 a------- c:\windows\system32\adtschema.dll
2009-04-10 21:59 107,612 a------- c:\windows\system32\StructuredQuerySchema.bin
2009-02-07 11:29 78,191 a------- c:\users\admin\appdata\roaming\nvModes.dat
2008-09-16 14:14 61,224 a------- c:\users\admin\GoToAssistDownloadHelper.exe
2008-09-15 16:42 56 a---h--- c:\programdata\ezsidmv.dat
2008-09-15 16:42 56 a---h--- c:\progra~2\ezsidmv.dat
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 0:06:50.70 ===============

Edited by desertuchiha, 02 July 2009 - 11:23 PM.


BC AdBot (Login to Remove)

 


m

#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 09 July 2009 - 02:55 AM

Hello and :thumbup2: to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.

-----------------------------------------------------------

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:)

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:37 AM

Posted 14 July 2009 - 10:34 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,200 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:37 AM

Posted 15 July 2009 - 03:05 PM

Thank you Net_Surfer,, thread reopened
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 desertuchiha

desertuchiha
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 AM

Posted 15 July 2009 - 03:20 PM

ok so i apologize for having such a long period of inactivity, i was away the past few days in a hectic schedule but here is my recent log


DDS (Ver_09-06-26.01) - NTFSx86
Run by admin at 13:46:38.75 on Wed 07/15/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1497 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\nwtray.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\AVG\AVG8\avgcfgex.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\chris\Downloads\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - h:\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [NWTRAY] NWTRAY.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRunOnce: [*Restore] c:\windows\system32\rstrui.exe /runonce
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn111\wpn111.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\tew-424ub\WlanCU.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 85.255.112.206,85.255.112.116
TCP: {B4A1F145-2136-4C55-AA17-B3538094F96A} = 85.255.112.206,85.255.112.116
TCP: {CC6E4E90-CA67-4021-BC18-02881FAABDBA} = 85.255.112.206,85.255.112.116
TCP: {D5B689AC-EAEA-45AF-B779-BF7035E3D3BA} = 85.255.112.206,85.255.112.116
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll
LSA: Authentication Packages = msv1_0 ncv1_0

================= FIREFOX ===================

FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\n6hwkgtn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\n6hwkgtn.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\n6hwkgtn.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-2 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-10 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-2 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-2 298776]
R2 NCFSD;Novell Client File System Redirector;c:\program files\novell\client\xtier\drivers\ncfsd.sys [2008-9-23 81424]
R2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\novell\client\xtier\drivers\ncioctl.sys [2008-9-23 52752]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 XTSvcMgr;Novell XTier Service Manager;c:\program files\novell\client\xtier\services\xtsvcmgr.exe [2008-9-23 16656]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-11-26 193840]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNIMP50.sys [2009-2-7 21504]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNISP50.sys [2009-2-7 20480]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-4-3 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2009-1-20 42512]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [2007-7-19 281088]
S3 SolarWinds TFTP Server;SolarWinds TFTP Server;c:\users\admin\appdata\roaming\solarwinds\tftpserver\SolarWinds TFTP Server.exe [2008-7-25 61440]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2008-11-14 200704]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111v.sys [2009-2-7 870400]

=============== Created Last 30 ================

2009-07-02 23:07 <DIR> --d----- c:\users\admin\appdata\roaming\GetRightToGo
2009-06-25 13:21 <DIR> --d----- c:\program files\Norton Security Scan
2009-06-24 16:10 <DIR> --d----- c:\windows\system32\Adobe
2009-06-22 09:57 <DIR> --d----- c:\programdata\AVG Security Toolbar
2009-06-22 09:57 <DIR> --d----- c:\progra~2\AVG Security Toolbar

==================== Find3M ====================

2009-07-15 12:29 155,205 a------- c:\programdata\nvModes.dat
2009-07-15 12:29 155,205 a------- c:\progra~2\nvModes.dat
2009-06-22 09:56 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-22 09:56 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-08 12:19 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-08 12:19 86,016 a------- c:\windows\inf\infstor.dat
2009-06-08 12:19 51,200 a------- c:\windows\inf\infpub.dat
2009-06-08 12:08 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-05 17:34 40,367 a------- c:\windows\scunin.dat
2009-05-05 17:34 94,208 a------- c:\windows\ScUnin.exe
2009-04-23 08:15 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 08:14 623,616 a------- c:\windows\system32\localspl.dll
2009-04-21 07:39 2,034,688 a------- c:\windows\system32\win32k.sys
2009-02-07 11:29 78,191 a------- c:\users\admin\appdata\roaming\nvModes.dat
2008-09-16 14:14 61,224 a------- c:\users\admin\GoToAssistDownloadHelper.exe
2008-09-15 16:42 56 a---h--- c:\programdata\ezsidmv.dat
2008-09-15 16:42 56 a---h--- c:\progra~2\ezsidmv.dat
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:46:56.16 ===============

#6 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 15 July 2009 - 03:24 PM

Hello desertuchiha, and :) to Bleeping Computer Malware Removal Forum, My Nick is Net_Surfer I'll be glad to help you with your computer problems.

I will be working on your Malware issues, this may or may not solve other issues you may have with your machine.

Sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to.

Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.


You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown Here.

-----------------------------------------------------------

Please be patient and I'd be grateful if you would note the following:

The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.

1. Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic.
2. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
3. All of my posts need to be checked by my coach before they are posted here your benefit will be "four eyes and two brains" looking into your problem, but my responses may be somewhat delayed so please be patient while I attempt to remove your malware.
4. Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.


In the meantime Please, Do NOT install any new programs or update anything unless told to do so while we are fixing your problem.

Please give me some time to review your logs and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay
.

Kind regards
Net_Surfer

:thumbup2:
Edit: Sorry I just notice you posted a fresh log. but I will need the other log also the: attach log also. if you can not find it, then delete DDS from your system download DDS again and scan your computer with it and post the logs back here.

Edited by Net_Surfer, 15 July 2009 - 03:33 PM.


#7 desertuchiha

desertuchiha
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 AM

Posted 15 July 2009 - 03:34 PM

well i did do another DDS run again but i have the attach here.

Attached Files



#8 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 15 July 2009 - 03:38 PM

Thank you. :thumbup2:

I will review your logs and propose a fix, then I will wait for my coach to approve the fix.

You may get an email from us today or tomorrow.

Please stay with us until we tell you that you are free of malware.

Thanks again.

Net_Surfer

#9 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 15 July 2009 - 04:52 PM

We need to see more information about what is happening in your machine. Please perform the following scan:

Run random's system information tool (RSIT)

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Please note that it is important that RSIT be run and a log created while in normal mode. *If you run it and create your log while in safe mode, you will be asked to redo it again properly.
  • Download: random's system information tool (RSIT) by random/random and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open.
Please post the contents of both here in your next reply.

log.txt
(<<--- will be maximized) and info.txt (<<--- will be minimized)

Thank you.
Net_Surfer


#10 desertuchiha

desertuchiha
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 AM

Posted 15 July 2009 - 05:26 PM

uhh well i ran it by acccident forgetting to turn off the antivirus and internet disabled so i quit both logs and tried again but this time it gave me 1 log

Logfile of random's system information tool 1.06 (written by random/random)
Run by admin at 2009-07-15 18:23:29
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 31 GB (27%) free of 116 GB
Total RAM: 3006 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:30 PM, on 7/15/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\WINDOWS\System32\nwtray.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\chris\Downloads\RSIT.exe
C:\Program Files\trend micro\admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - H:\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe /runonce
O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-198265525-190521773-2524946464-1001\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun (User 'chris')
O4 - HKUS\S-1-5-21-198265525-190521773-2524946464-1001\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'chris')
O4 - HKUS\S-1-5-21-198265525-190521773-2524946464-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'chris')
O4 - S-1-5-21-198265525-190521773-2524946464-1001 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'chris')
O4 - S-1-5-21-198265525-190521773-2524946464-1001 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'chris')
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - H:\DRM Converter\YouTubeRipper.dll (file missing)
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - H:\DRM Converter\YouTubeRipper.dll (file missing)
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O15 - Trusted IP range: 192.168.254.1
O15 - Trusted IP range: 192.168.253.1
O15 - Trusted IP range: 192.168.252.1
O15 - Trusted IP range: 192.168.251.1
O15 - Trusted IP range: http://192.168.251.1
O15 - Trusted IP range: 192.168.253.254
O15 - Trusted IP range: 192.168.254.254
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4A1F145-2136-4C55-AA17-B3538094F96A}: NameServer = 85.255.112.206,85.255.112.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC6E4E90-CA67-4021-BC18-02881FAABDBA}: NameServer = 85.255.112.206,85.255.112.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5B689AC-EAEA-45AF-B779-BF7035E3D3BA}: NameServer = 85.255.112.206,85.255.112.116
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.206,85.255.112.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.206,85.255.112.116
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SolarWinds TFTP Server - SolarWinds - C:\Users\admin\AppData\Roaming\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\Windows\system32\snmvtsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Novell XTier Service Manager (XTSvcMgr) - Novell, Inc. - C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe

--
End of file - 15330 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\HPCeeScheduleForadmin.job
C:\Windows\tasks\Norton Security Scan for admin.job
C:\Windows\tasks\User_Feed_Synchronization-{28F2219B-392B-4DCA-B2F7-A2FE98B09387}.job
C:\Windows\tasks\User_Feed_Synchronization-{446A449C-7372-4D5C-9CCD-41DD2508E0E4}.job
C:\Windows\tasks\User_Feed_Synchronization-{F932C1F9-CCEE-4F8E-B32E-73CCD54BA4FD}.job
C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-11 1443112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-01 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA102584-3B97-47e7-B9BC-75D54C110A7D}]
Tunebite_WebRipPlugin Class - H:\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-18 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-22 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-28 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-15 505136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-18 259696]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-08-17 218408]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-06-02 80896]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]
"NWTRAY"=C:\Windows\system32\NWTRAY.EXE [2008-09-23 30480]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-22 1948440]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-10-10 206128]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-12-19 468264]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-04 13556256]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-04 92704]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-12-12 642856]
"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2008-12-14 467240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"*Restore"=C:\Windows\System32\rstrui.exe [2008-01-20 318464]
"*WerKernelReporting"=C:\Windows\SYSTEM32\WerFault.exe [2009-04-11 217088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-08-23 455968]
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-10-01 1783136]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-08-11 21741864]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-25 39408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe
Wireless Configuration Utility.lnk - C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
ncv1_0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e171ef8-d3c6-11dd-b11b-0021860ee38e}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7d3fb19-8a8d-11dd-b3bf-0021860ee38e}]
shell\AutoRun\command - G:\LaunchU3.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2009-07-15 18:17:05 ----D---- C:\Program Files\trend micro
2009-07-15 18:17:04 ----D---- C:\rsit
2009-07-02 23:07:18 ----D---- C:\Users\admin\AppData\Roaming\GetRightToGo
2009-06-25 13:21:38 ----D---- C:\Program Files\Norton Security Scan
2009-06-24 16:10:59 ----D---- C:\Windows\system32\Adobe
2009-06-22 09:57:25 ----D---- C:\ProgramData\AVG Security Toolbar
2009-06-11 14:55:03 ----A---- C:\Windows\system32\localspl.dll
2009-06-11 14:55:01 ----A---- C:\Windows\system32\mshtml.dll
2009-06-11 14:55:00 ----A---- C:\Windows\system32\iertutil.dll
2009-06-11 14:55:00 ----A---- C:\Windows\system32\ieframe.dll
2009-06-11 14:54:59 ----A---- C:\Windows\system32\wininet.dll
2009-06-11 14:54:59 ----A---- C:\Windows\system32\urlmon.dll
2009-06-11 14:54:59 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-11 14:54:59 ----A---- C:\Windows\system32\ieui.dll
2009-06-11 14:54:59 ----A---- C:\Windows\system32\iesetup.dll
2009-06-11 14:54:59 ----A---- C:\Windows\system32\iernonce.dll
2009-06-11 14:54:59 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-11 14:54:59 ----A---- C:\Windows\system32\ie4uinit.exe
2009-06-11 14:54:57 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-08 12:09:21 ----D---- C:\Windows\system32\eu-ES
2009-06-08 12:09:21 ----D---- C:\Windows\system32\ca-ES
2009-06-08 12:09:13 ----D---- C:\Windows\system32\vi-VN
2009-06-08 11:47:44 ----D---- C:\Windows\system32\EventProviders
2009-06-08 11:46:43 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-06-08 11:46:40 ----A---- C:\Windows\system32\SLsvc.exe
2009-06-08 11:46:40 ----A---- C:\Windows\system32\SLCExt.dll
2009-06-08 11:46:38 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-06-08 11:46:38 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-06-08 11:46:37 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-06-08 11:46:33 ----A---- C:\Windows\system32\mssrch.dll
2009-06-08 11:46:31 ----A---- C:\Windows\system32\tquery.dll
2009-06-08 11:46:30 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-06-08 11:46:30 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-06-08 11:46:30 ----A---- C:\Windows\system32\lsasrv.dll
2009-06-08 11:46:29 ----A---- C:\Windows\system32\scavenge.dll
2009-06-08 11:46:29 ----A---- C:\Windows\system32\RMActivate.exe
2009-06-08 11:46:28 ----A---- C:\Windows\system32\msi.dll
2009-06-08 11:46:27 ----A---- C:\Windows\system32\WscEapPr.dll
2009-06-08 11:46:27 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-06-08 11:46:27 ----A---- C:\Windows\system32\secproc_isv.dll
2009-06-08 11:46:27 ----A---- C:\Windows\system32\imapi2fs.dll
2009-06-08 11:46:26 ----A---- C:\Windows\system32\sysmain.dll
2009-06-08 11:46:25 ----A---- C:\Windows\system32\mf.dll
2009-06-08 11:46:25 ----A---- C:\Windows\system32\icardagt.exe
2009-06-08 11:46:25 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-06-08 11:46:24 ----A---- C:\Windows\system32\spreview.exe
2009-06-08 11:46:24 ----A---- C:\Windows\system32\spinstall.exe
2009-06-08 11:46:24 ----A---- C:\Windows\system32\EhStorShell.dll
2009-06-08 11:46:23 ----A---- C:\Windows\system32\spwizui.dll
2009-06-08 11:46:23 ----A---- C:\Windows\system32\secproc.dll
2009-06-08 11:46:23 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-06-08 11:46:23 ----A---- C:\Windows\system32\drmv2clt.dll
2009-06-08 11:46:21 ----A---- C:\Windows\system32\shell32.dll
2009-06-08 11:46:20 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-06-08 11:46:20 ----A---- C:\Windows\system32\p2psvc.dll
2009-06-08 11:46:19 ----A---- C:\Windows\system32\mssvp.dll
2009-06-08 11:46:18 ----A---- C:\Windows\system32\mscoree.dll
2009-06-08 11:46:17 ----A---- C:\Windows\system32\mssphtb.dll
2009-06-08 11:46:17 ----A---- C:\Windows\system32\mssph.dll
2009-06-08 11:46:17 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-06-08 11:46:17 ----A---- C:\Windows\system32\imapi2.dll
2009-06-08 11:46:16 ----A---- C:\Windows\system32\sdohlp.dll
2009-06-08 11:46:16 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-06-08 11:46:15 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-06-08 11:46:15 ----A---- C:\Windows\system32\esent.dll
2009-06-08 11:46:15 ----A---- C:\Windows\system32\DevicePairing.dll
2009-06-08 11:46:14 ----A---- C:\Windows\system32\sperror.dll
2009-06-08 11:46:14 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-06-08 11:46:13 ----A---- C:\Windows\system32\wevtsvc.dll
2009-06-08 11:46:13 ----A---- C:\Windows\system32\SLC.dll
2009-06-08 11:46:13 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-06-08 11:46:13 ----A---- C:\Windows\system32\korwbrkr.dll
2009-06-08 11:46:13 ----A---- C:\Windows\system32\IasMigReader.exe
2009-06-08 11:46:12 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-06-08 11:46:11 ----A---- C:\Windows\system32\wmp.dll
2009-06-08 11:46:11 ----A---- C:\Windows\system32\msshsq.dll
2009-06-08 11:46:10 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-06-08 11:46:10 ----A---- C:\Windows\system32\msjet40.dll
2009-06-08 11:46:10 ----A---- C:\Windows\system32\MPSSVC.dll
2009-06-08 11:46:09 ----A---- C:\Windows\system32\Query.dll
2009-06-08 11:46:09 ----A---- C:\Windows\system32\qmgr.dll
2009-06-08 11:46:09 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-06-08 11:46:09 ----A---- C:\Windows\system32\msxml6.dll
2009-06-08 11:46:08 ----A---- C:\Windows\system32\P2PGraph.dll
2009-06-08 11:46:08 ----A---- C:\Windows\system32\ole32.dll
2009-06-08 11:46:08 ----A---- C:\Windows\system32\ntdll.dll
2009-06-08 11:46:08 ----A---- C:\Windows\system32\msexch40.dll
2009-06-08 11:46:08 ----A---- C:\Windows\system32\diagperf.dll
2009-06-08 11:46:07 ----A---- C:\Windows\system32\srchadmin.dll
2009-06-08 11:46:07 ----A---- C:\Windows\system32\msxml3.dll
2009-06-08 11:46:06 ----A---- C:\Windows\system32\winload.exe
2009-06-08 11:46:06 ----A---- C:\Windows\system32\uDWM.dll
2009-06-08 11:46:06 ----A---- C:\Windows\system32\mmc.exe
2009-06-08 11:46:06 ----A---- C:\Windows\system32\mblctr.exe
2009-06-08 11:46:06 ----A---- C:\Windows\system32\EncDec.dll
2009-06-08 11:46:05 ----A---- C:\Windows\system32\riched20.dll
2009-06-08 11:46:05 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-06-08 11:46:05 ----A---- C:\Windows\system32\fdBth.dll
2009-06-08 11:46:05 ----A---- C:\Windows\system32\dfsr.exe
2009-06-08 11:46:04 ----A---- C:\Windows\system32\RacEngn.dll
2009-06-08 11:46:03 ----A---- C:\Windows\system32\kernel32.dll
2009-06-08 11:46:02 ----A---- C:\Windows\system32\spoolss.dll
2009-06-08 11:46:02 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-06-08 11:46:02 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-06-08 11:46:02 ----A---- C:\Windows\system32\schedsvc.dll
2009-06-08 11:46:02 ----A---- C:\Windows\system32\milcore.dll
2009-06-08 11:46:02 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-06-08 11:46:02 ----A---- C:\Windows\system32\CertEnroll.dll
2009-06-08 11:46:01 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-06-08 11:46:01 ----A---- C:\Windows\system32\msvcp60.dll
2009-06-08 11:46:01 ----A---- C:\Windows\system32\msjtes40.dll
2009-06-08 11:46:01 ----A---- C:\Windows\system32\fsquirt.exe
2009-06-08 11:46:01 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2009-06-08 11:46:00 ----A---- C:\Windows\system32\WinSAT.exe
2009-06-08 11:46:00 ----A---- C:\Windows\system32\infocardapi.dll
2009-06-08 11:46:00 ----A---- C:\Windows\system32\gpedit.dll
2009-06-08 11:45:59 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-06-08 11:45:59 ----A---- C:\Windows\system32\mstext40.dll
2009-06-08 11:45:59 ----A---- C:\Windows\system32\Magnify.exe
2009-06-08 11:45:59 ----A---- C:\Windows\system32\es.dll
2009-06-08 11:45:59 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2009-06-08 11:45:59 ----A---- C:\Windows\system32\advapi32.dll
2009-06-08 11:45:57 ----A---- C:\Windows\system32\WMPhoto.dll
2009-06-08 11:45:57 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-06-08 11:45:57 ----A---- C:\Windows\system32\WebClnt.dll
2009-06-08 11:45:57 ----A---- C:\Windows\system32\slwmi.dll
2009-06-08 11:45:57 ----A---- C:\Windows\system32\msxbde40.dll
2009-06-08 11:45:57 ----A---- C:\Windows\system32\msexcl40.dll
2009-06-08 11:45:57 ----A---- C:\Windows\system32\comsvcs.dll
2009-06-08 11:45:56 ----A---- C:\Windows\system32\vssapi.dll
2009-06-08 11:45:56 ----A---- C:\Windows\system32\NetProjW.dll
2009-06-08 11:45:56 ----A---- C:\Windows\system32\mstscax.dll
2009-06-08 11:45:56 ----A---- C:\Windows\system32\authui.dll
2009-06-08 11:45:55 ----A---- C:\Windows\system32\propsys.dll
2009-06-08 11:45:55 ----A---- C:\Windows\system32\PresentationHost.exe
2009-06-08 11:45:55 ----A---- C:\Windows\system32\newdev.dll
2009-06-08 11:45:55 ----A---- C:\Windows\system32\msrepl40.dll
2009-06-08 11:45:54 ----A---- C:\Windows\system32\rpcss.dll
2009-06-08 11:45:54 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-08 11:45:54 ----A---- C:\Windows\system32\iasrecst.dll
2009-06-08 11:45:54 ----A---- C:\Windows\system32\gpsvc.dll
2009-06-08 11:45:54 ----A---- C:\Windows\system32\eudcedit.exe
2009-06-08 11:45:54 ----A---- C:\Windows\system32\crypt32.dll
2009-06-08 11:45:54 ----A---- C:\Windows\explorer.exe
2009-06-08 11:45:53 ----A---- C:\Windows\system32\setupapi.dll
2009-06-08 11:45:53 ----A---- C:\Windows\system32\mspbde40.dll
2009-06-08 11:45:53 ----A---- C:\Windows\system32\msltus40.dll
2009-06-08 11:45:53 ----A---- C:\Windows\system32\davclnt.dll
2009-06-08 11:45:53 ----A---- C:\Windows\system32\d3d9.dll
2009-06-08 11:45:52 ----A---- C:\Windows\system32\wevtapi.dll
2009-06-08 11:45:52 ----A---- C:\Windows\system32\shlwapi.dll
2009-06-08 11:45:52 ----A---- C:\Windows\system32\msrd3x40.dll
2009-06-08 11:45:52 ----A---- C:\Windows\system32\msdtctm.dll
2009-06-08 11:45:52 ----A---- C:\Windows\system32\mfc42.dll
2009-06-08 11:45:52 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-06-08 11:45:52 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-06-08 11:45:52 ----A---- C:\Windows\system32\browseui.dll
2009-06-08 11:45:51 ----A---- C:\Windows\system32\user32.dll
2009-06-08 11:45:51 ----A---- C:\Windows\system32\photowiz.dll
2009-06-08 11:45:51 ----A---- C:\Windows\system32\nlhtml.dll
2009-06-08 11:45:50 ----A---- C:\Windows\system32\samsrv.dll
2009-06-08 11:45:50 ----A---- C:\Windows\system32\quartz.dll
2009-06-08 11:45:50 ----A---- C:\Windows\system32\ci.dll
2009-06-08 11:45:49 ----A---- C:\Windows\system32\win32spl.dll
2009-06-08 11:45:49 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-06-08 11:45:49 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-06-08 11:45:49 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-06-08 11:45:49 ----A---- C:\Windows\system32\oleaut32.dll
2009-06-08 11:45:49 ----A---- C:\Windows\system32\netshell.dll
2009-06-08 11:45:49 ----A---- C:\Windows\system32\msv1_0.dll
2009-06-08 11:45:49 ----A---- C:\Windows\system32\kerberos.dll
2009-06-08 11:45:49 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-06-08 11:45:49 ----A---- C:\Windows\system32\compcln.exe
2009-06-08 11:45:48 ----A---- C:\Windows\system32\xmlfilter.dll
2009-06-08 11:45:48 ----A---- C:\Windows\system32\winhttp.dll
2009-06-08 11:45:48 ----A---- C:\Windows\system32\telnet.exe
2009-06-08 11:45:48 ----A---- C:\Windows\system32\mswstr10.dll
2009-06-08 11:45:48 ----A---- C:\Windows\system32\emdmgmt.dll
2009-06-08 11:45:48 ----A---- C:\Windows\system32\audiosrv.dll
2009-06-08 11:45:48 ----A---- C:\Windows\system32\apds.dll
2009-06-08 11:45:47 ----A---- C:\Windows\system32\VSSVC.exe
2009-06-08 11:45:47 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-06-08 11:45:47 ----A---- C:\Windows\system32\msvcrt.dll
2009-06-08 11:45:47 ----A---- C:\Windows\system32\msctf.dll
2009-06-08 11:45:47 ----A---- C:\Windows\system32\mfc42u.dll
2009-06-08 11:45:47 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-06-08 11:45:47 ----A---- C:\Windows\system32\gdi32.dll
2009-06-08 11:45:46 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-06-08 11:45:46 ----A---- C:\Windows\system32\SLUI.exe
2009-06-08 11:45:46 ----A---- C:\Windows\system32\msrd2x40.dll
2009-06-08 11:45:46 ----A---- C:\Windows\system32\eapphost.dll
2009-06-08 11:45:45 ----A---- C:\Windows\system32\winresume.exe
2009-06-08 11:45:45 ----A---- C:\Windows\system32\shdocvw.dll
2009-06-08 11:45:45 ----A---- C:\Windows\system32\propdefs.dll
2009-06-08 11:45:45 ----A---- C:\Windows\system32\odbc32.dll
2009-06-08 11:45:44 ----A---- C:\Windows\system32\wevtutil.exe
2009-06-08 11:45:44 ----A---- C:\Windows\system32\mssitlb.dll
2009-06-08 11:45:44 ----A---- C:\Windows\system32\dbgeng.dll
2009-06-08 11:45:43 ----A---- C:\Windows\system32\WsmSvc.dll
2009-06-08 11:45:43 ----A---- C:\Windows\system32\swprv.dll
2009-06-08 11:45:43 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-06-08 11:45:42 ----A---- C:\Windows\system32\vds.exe
2009-06-08 11:45:42 ----A---- C:\Windows\system32\usp10.dll
2009-06-08 11:45:42 ----A---- C:\Windows\system32\netlogon.dll
2009-06-08 11:45:42 ----A---- C:\Windows\system32\msscb.dll
2009-06-08 11:45:42 ----A---- C:\Windows\system32\msctfp.dll
2009-06-08 11:45:42 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-06-08 11:45:42 ----A---- C:\Windows\system32\drvinst.exe
2009-06-08 11:45:42 ----A---- C:\Windows\system32\devmgr.dll
2009-06-08 11:45:42 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-06-08 11:45:42 ----A---- C:\Windows\system32\adsldpc.dll
2009-06-08 11:45:41 ----A---- C:\Windows\system32\WSDApi.dll
2009-06-08 11:45:41 ----A---- C:\Windows\system32\Wldap32.dll
2009-06-08 11:45:41 ----A---- C:\Windows\system32\wcnwiz.dll
2009-06-08 11:45:41 ----A---- C:\Windows\system32\schannel.dll
2009-06-08 11:45:41 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-06-08 11:45:41 ----A---- C:\Windows\system32\evr.dll
2009-06-08 11:45:41 ----A---- C:\Windows\system32\BFE.DLL
2009-06-08 11:45:40 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-06-08 11:45:40 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-06-08 11:45:39 ----A---- C:\Windows\system32\wercon.exe
2009-06-08 11:45:39 ----A---- C:\Windows\system32\services.exe
2009-06-08 11:45:38 ----A---- C:\Windows\system32\wcncsvc.dll
2009-06-08 11:45:38 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-06-08 11:45:38 ----A---- C:\Windows\system32\msjter40.dll
2009-06-08 11:45:38 ----A---- C:\Windows\system32\msdtcprx.dll
2009-06-08 11:45:38 ----A---- C:\Windows\system32\msdrm.dll
2009-06-08 11:45:38 ----A---- C:\Windows\system32\mimefilt.dll
2009-06-08 11:45:38 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-06-08 11:45:38 ----A---- C:\Windows\system32\comdlg32.dll
2009-06-08 11:45:38 ----A---- C:\Windows\system32\certcli.dll
2009-06-08 11:45:38 ----A---- C:\Windows\system32\adtschema.dll
2009-06-08 11:45:37 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-06-08 11:45:37 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-06-08 11:45:37 ----A---- C:\Windows\system32\taskeng.exe
2009-06-08 11:45:37 ----A---- C:\Windows\system32\rtffilt.dll
2009-06-08 11:45:37 ----A---- C:\Windows\system32\reg.exe
2009-06-08 11:45:37 ----A---- C:\Windows\system32\mswdat10.dll
2009-06-08 11:45:37 ----A---- C:\Windows\system32\dnsapi.dll
2009-06-08 11:45:37 ----A---- C:\Windows\system32\certutil.exe
2009-06-08 11:45:36 ----A---- C:\Windows\system32\w32time.dll
2009-06-08 11:45:36 ----A---- C:\Windows\system32\msshooks.dll
2009-06-08 11:45:36 ----A---- C:\Windows\system32\msscntrs.dll
2009-06-08 11:45:36 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-06-08 11:45:36 ----A---- C:\Windows\system32\bthserv.dll
2009-06-08 11:45:36 ----A---- C:\Windows\system32\bcrypt.dll
2009-06-08 11:45:35 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-06-08 11:45:35 ----A---- C:\Windows\system32\rsaenh.dll
2009-06-08 11:45:35 ----A---- C:\Windows\system32\msstrc.dll
2009-06-08 11:45:35 ----A---- C:\Windows\system32\msihnd.dll
2009-06-08 11:45:35 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-06-08 11:45:34 ----A---- C:\Windows\system32\inetcomm.dll
2009-06-08 11:45:33 ----A---- C:\Windows\system32\netapi32.dll
2009-06-08 11:45:33 ----A---- C:\Windows\system32\mtxclu.dll
2009-06-08 11:45:33 ----A---- C:\Windows\system32\mscories.dll
2009-06-08 11:45:33 ----A---- C:\Windows\system32\inetpp.dll
2009-06-08 11:45:33 ----A---- C:\Windows\system32\hidserv.dll
2009-06-08 11:45:33 ----A---- C:\Windows\system32\fundisc.dll
2009-06-08 11:45:33 ----A---- C:\Windows\system32\dfshim.dll
2009-06-08 11:45:33 ----A---- C:\Windows\system32\cryptsvc.dll
2009-06-08 11:45:32 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-06-08 11:45:32 ----A---- C:\Windows\system32\termsrv.dll
2009-06-08 11:45:32 ----A---- C:\Windows\system32\profsvc.dll
2009-06-08 11:45:32 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-06-08 11:45:31 ----A---- C:\Windows\system32\gameux.dll
2009-06-08 11:45:30 ----A---- C:\Windows\system32\wdc.dll
2009-06-08 11:45:30 ----A---- C:\Windows\system32\shsvcs.dll
2009-06-08 11:45:30 ----A---- C:\Windows\system32\msiexec.exe
2009-06-08 11:45:30 ----A---- C:\Windows\system32\imapi.dll
2009-06-08 11:45:30 ----A---- C:\Windows\system32\chsbrkr.dll
2009-06-08 11:45:29 ----A---- C:\Windows\system32\rasmans.dll
2009-06-08 11:45:29 ----A---- C:\Windows\system32\pnidui.dll
2009-06-08 11:45:29 ----A---- C:\Windows\system32\iassdo.dll
2009-06-08 11:45:28 ----A---- C:\Windows\system32\spoolsv.exe
2009-06-08 11:45:28 ----A---- C:\Windows\system32\icardres.dll
2009-06-08 11:45:28 ----A---- C:\Windows\system32\autofmt.exe
2009-06-08 11:45:27 ----A---- C:\Windows\system32\wersvc.dll
2009-06-08 11:45:27 ----A---- C:\Windows\system32\scrrun.dll
2009-06-08 11:45:27 ----A---- C:\Windows\system32\PSHED.DLL
2009-06-08 11:45:26 ----A---- C:\Windows\system32\slmgr.vbs
2009-06-08 11:45:26 ----A---- C:\Windows\system32\pdh.dll
2009-06-08 11:45:26 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-06-08 11:45:26 ----A---- C:\Windows\system32\azroles.dll
2009-06-08 11:45:25 ----A---- C:\Windows\system32\pidgenx.dll
2009-06-08 11:45:25 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-06-08 11:45:22 ----A---- C:\Windows\system32\wmpmde.dll
2009-06-08 11:45:22 ----A---- C:\Windows\system32\winlogon.exe
2009-06-08 11:45:22 ----A---- C:\Windows\system32\SyncCenter.dll
2009-06-08 11:45:20 ----A---- C:\Windows\system32\SLUINotify.dll
2009-06-08 11:45:20 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-06-08 11:45:20 ----A---- C:\Windows\system32\comuid.dll
2009-06-08 11:45:19 ----A---- C:\Windows\system32\certmgr.dll
2009-06-08 11:45:18 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-06-08 11:45:18 ----A---- C:\Windows\system32\sethc.exe
2009-06-08 11:45:18 ----A---- C:\Windows\system32\ncrypt.dll
2009-06-08 11:45:18 ----A---- C:\Windows\system32\kd1394.dll
2009-06-08 11:45:18 ----A---- C:\Windows\system32\iassam.dll
2009-06-08 11:45:17 ----A---- C:\Windows\system32\wisptis.exe
2009-06-08 11:45:17 ----A---- C:\Windows\system32\untfs.dll
2009-06-08 11:45:17 ----A---- C:\Windows\system32\spp.dll
2009-06-08 11:45:17 ----A---- C:\Windows\system32\scrobj.dll
2009-06-08 11:45:17 ----A---- C:\Windows\system32\rtutils.dll
2009-06-08 11:45:16 ----A---- C:\Windows\system32\taskcomp.dll
2009-06-08 11:45:16 ----A---- C:\Windows\system32\dwm.exe
2009-06-08 11:45:15 ----A---- C:\Windows\system32\autochk.exe
2009-06-08 11:45:10 ----A---- C:\Windows\system32\iasnap.dll
2009-06-08 11:45:08 ----A---- C:\Windows\system32\printui.dll
2009-06-08 11:45:01 ----A---- C:\Windows\system32\autoconv.exe
2009-06-08 11:44:59 ----A---- C:\Windows\system32\wow32.dll
2009-06-08 11:44:59 ----A---- C:\Windows\system32\winsrv.dll
2009-06-08 11:44:59 ----A---- C:\Windows\system32\userenv.dll
2009-06-08 11:44:59 ----A---- C:\Windows\system32\onex.dll
2009-06-08 11:44:59 ----A---- C:\Windows\system32\kdcom.dll
2009-06-08 11:44:59 ----A---- C:\Windows\system32\cscript.exe
2009-06-08 11:44:59 ----A---- C:\Windows\system32\basecsp.dll
2009-06-08 11:44:59 ----A---- C:\Windows\system32\audiodg.exe
2009-06-08 11:44:58 ----A---- C:\Windows\system32\osk.exe
2009-06-08 11:44:58 ----A---- C:\Windows\system32\mswsock.dll
2009-06-08 11:44:58 ----A---- C:\Windows\system32\kdusb.dll
2009-06-08 11:44:57 ----A---- C:\Windows\system32\winmm.dll
2009-06-08 11:44:57 ----A---- C:\Windows\system32\spcmsg.dll
2009-06-08 11:44:57 ----A---- C:\Windows\system32\RelMon.dll
2009-06-08 11:44:57 ----A---- C:\Windows\system32\rdpencom.dll
2009-06-08 11:44:56 ----A---- C:\Windows\system32\WinSCard.dll
2009-06-08 11:44:56 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-06-08 11:44:56 ----A---- C:\Windows\system32\offfilt.dll
2009-06-08 11:44:56 ----A---- C:\Windows\system32\msftedit.dll
2009-06-08 11:44:55 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-06-08 11:44:54 ----A---- C:\Windows\system32\wsepno.dll
2009-06-08 11:44:54 ----A---- C:\Windows\system32\WerFault.exe
2009-06-08 11:44:54 ----A---- C:\Windows\system32\Utilman.exe
2009-06-08 11:44:54 ----A---- C:\Windows\system32\stobject.dll
2009-06-08 11:44:54 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-06-08 11:44:54 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-06-08 11:44:54 ----A---- C:\Windows\system32\mfplat.dll
2009-06-08 11:44:54 ----A---- C:\Windows\system32\diskraid.exe
2009-06-08 11:44:54 ----A---- C:\Windows\system32\apphelp.dll
2009-06-08 11:44:53 ----A---- C:\Windows\system32\wiaservc.dll
2009-06-08 11:44:53 ----A---- C:\Windows\system32\sysclass.dll
2009-06-08 11:44:53 ----A---- C:\Windows\system32\SndVol.exe
2009-06-08 11:44:53 ----A---- C:\Windows\system32\prnntfy.dll
2009-06-08 11:44:53 ----A---- C:\Windows\system32\msnetobj.dll
2009-06-08 11:44:53 ----A---- C:\Windows\system32\mscms.dll
2009-06-08 11:44:53 ----A---- C:\Windows\system32\mcmde.dll
2009-06-08 11:44:53 ----A---- C:\Windows\system32\adsmsext.dll
2009-06-08 11:44:52 ----A---- C:\Windows\system32\wscript.exe
2009-06-08 11:44:52 ----A---- C:\Windows\system32\ulib.dll
2009-06-08 11:44:52 ----A---- C:\Windows\system32\secur32.dll
2009-06-08 11:44:52 ----A---- C:\Windows\system32\odbccp32.dll
2009-06-08 11:44:52 ----A---- C:\Windows\system32\iasdatastore.dll
2009-06-08 11:44:52 ----A---- C:\Windows\system32\dsound.dll
2009-06-08 11:44:52 ----A---- C:\Windows\system32\cryptui.dll
2009-06-08 11:44:51 ----A---- C:\Windows\system32\wscntfy.dll
2009-06-08 11:44:51 ----A---- C:\Windows\system32\wlansvc.dll
2009-06-08 11:44:51 ----A---- C:\Windows\system32\rastapi.dll
2009-06-08 11:44:51 ----A---- C:\Windows\system32\pnpsetup.dll
2009-06-08 11:44:51 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-06-08 11:44:51 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-06-08 11:44:51 ----A---- C:\Windows\system32\fdProxy.dll
2009-06-08 11:44:51 ----A---- C:\Windows\system32\brcpl.dll
2009-06-08 11:44:50 ----A---- C:\Windows\system32\wscsvc.dll
2009-06-08 11:44:50 ----A---- C:\Windows\system32\wlangpui.dll
2009-06-08 11:44:50 ----A---- C:\Windows\system32\vdsdyn.dll
2009-06-08 11:44:50 ----A---- C:\Windows\system32\rastls.dll
2009-06-08 11:44:50 ----A---- C:\Windows\system32\netiohlp.dll
2009-06-08 11:44:50 ----A---- C:\Windows\system32\logman.exe
2009-06-08 11:44:50 ----A---- C:\Windows\system32\iashlpr.dll
2009-06-08 11:44:50 ----A---- C:\Windows\system32\gpapi.dll
2009-06-08 11:44:50 ----A---- C:\Windows\system32\diskpart.exe
2009-06-08 11:44:49 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-06-08 11:44:49 ----A---- C:\Windows\system32\regsvc.dll
2009-06-08 11:44:49 ----A---- C:\Windows\system32\rasapi32.dll
2009-06-08 11:44:49 ----A---- C:\Windows\system32\ntprint.dll
2009-06-08 11:44:48 ----A---- C:\Windows\system32\zipfldr.dll
2009-06-08 11:44:48 ----A---- C:\Windows\system32\wusa.exe
2009-06-08 11:44:48 ----A---- C:\Windows\system32\wshext.dll
2009-06-08 11:44:48 ----A---- C:\Windows\system32\wpccpl.dll
2009-06-08 11:44:48 ----A---- C:\Windows\system32\mscorier.dll
2009-06-08 11:44:48 ----A---- C:\Windows\system32\iasrad.dll
2009-06-08 11:44:48 ----A---- C:\Windows\system32\findstr.exe
2009-06-08 11:44:47 ----A---- C:\Windows\system32\rasdlg.dll
2009-06-08 11:44:47 ----A---- C:\Windows\system32\netcenter.dll
2009-06-08 11:44:46 ----A---- C:\Windows\system32\wsnmp32.dll
2009-06-08 11:44:46 ----A---- C:\Windows\system32\wer.dll
2009-06-08 11:44:46 ----A---- C:\Windows\system32\themecpl.dll
2009-06-08 11:44:46 ----A---- C:\Windows\system32\iassvcs.dll
2009-06-08 11:44:43 ----A---- C:\Windows\system32\uxsms.dll
2009-06-08 11:44:43 ----A---- C:\Windows\system32\tsbyuv.dll
2009-06-08 11:44:43 ----A---- C:\Windows\system32\srvsvc.dll
2009-06-08 11:44:43 ----A---- C:\Windows\system32\ntmarta.dll
2009-06-08 11:44:43 ----A---- C:\Windows\system32\mssprxy.dll
2009-06-08 11:44:42 ----A---- C:\Windows\system32\slcc.dll
2009-06-08 11:44:42 ----A---- C:\Windows\system32\scansetting.dll
2009-06-08 11:44:42 ----A---- C:\Windows\system32\powrprof.dll
2009-06-08 11:44:42 ----A---- C:\Windows\system32\msutb.dll
2009-06-08 11:44:42 ----A---- C:\Windows\system32\mstsc.exe
2009-06-08 11:44:42 ----A---- C:\Windows\system32\mstlsapi.dll
2009-06-08 11:44:42 ----A---- C:\Windows\system32\iasads.dll
2009-06-08 11:44:41 ----A---- C:\Windows\system32\powercpl.dll
2009-06-08 11:44:41 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-06-08 11:44:41 ----A---- C:\Windows\system32\networkmap.dll
2009-06-08 11:44:41 ----A---- C:\Windows\system32\iasacct.dll
2009-06-08 11:44:40 ----A---- C:\Windows\system32\wlanhlp.dll
2009-06-08 11:44:40 ----A---- C:\Windows\system32\newdev.exe
2009-06-08 11:44:40 ----A---- C:\Windows\system32\dot3svc.dll
2009-06-08 11:44:40 ----A---- C:\Windows\system32\connect.dll
2009-06-08 11:44:40 ----A---- C:\Windows\system32\authz.dll
2009-06-08 11:44:39 ----A---- C:\Windows\system32\themeui.dll
2009-06-08 11:44:39 ----A---- C:\Windows\system32\systemcpl.dll
2009-06-08 11:44:39 ----A---- C:\Windows\system32\sud.dll
2009-06-08 11:44:39 ----A---- C:\Windows\system32\pcaui.dll
2009-06-08 11:44:39 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-06-08 11:44:38 ----A---- C:\Windows\system32\samlib.dll
2009-06-08 11:44:37 ----A---- C:\Windows\system32\usercpl.dll
2009-06-08 11:44:37 ----A---- C:\Windows\system32\mmci.dll
2009-06-08 11:44:36 ----A---- C:\Windows\system32\wlanpref.dll
2009-06-08 11:44:36 ----A---- C:\Windows\system32\rpchttp.dll
2009-06-08 11:44:36 ----A---- C:\Windows\system32\qdvd.dll
2009-06-08 11:44:36 ----A---- C:\Windows\system32\autoplay.dll
2009-06-08 11:44:35 ----A---- C:\Windows\system32\wpcao.dll
2009-06-08 11:44:35 ----A---- C:\Windows\system32\regapi.dll
2009-06-08 11:44:35 ----A---- C:\Windows\system32\msinfo32.exe
2009-06-08 11:44:34 ----A---- C:\Windows\system32\vdsutil.dll
2009-06-08 11:44:34 ----A---- C:\Windows\system32\tapisrv.dll
2009-06-08 11:44:34 ----A---- C:\Windows\system32\scksp.dll
2009-06-08 11:44:33 ----A---- C:\Windows\system32\wscisvif.dll
2009-06-08 11:44:33 ----A---- C:\Windows\system32\scesrv.dll
2009-06-08 11:44:33 ----A---- C:\Windows\system32\rekeywiz.exe
2009-06-08 11:44:33 ----A---- C:\Windows\system32\psisdecd.dll
2009-06-08 11:44:33 ----A---- C:\Windows\system32\oleprn.dll
2009-06-08 11:44:33 ----A---- C:\Windows\system32\mpr.dll
2009-06-08 11:44:33 ----A---- C:\Windows\system32\imm32.dll
2009-06-08 11:44:33 ----A---- C:\Windows\system32\iaspolcy.dll
2009-06-08 11:44:33 ----A---- C:\Windows\system32\feclient.dll
2009-06-08 11:44:33 ----A---- C:\Windows\system32\Faultrep.dll
2009-06-08 11:44:33 ----A---- C:\Windows\system32\dot3msm.dll
2009-06-08 11:44:33 ----A---- C:\Windows\system32\DeviceEject.exe
2009-06-08 11:44:33 ----A---- C:\Windows\system32\AudioSes.dll
2009-06-08 11:44:32 ----A---- C:\Windows\system32\sdclt.exe
2009-06-08 11:44:32 ----A---- C:\Windows\system32\ncryptui.dll
2009-06-08 11:44:32 ----A---- C:\Windows\system32\dpapimig.exe
2009-06-08 11:44:31 ----A---- C:\Windows\system32\rasgcw.dll
2009-06-08 11:44:31 ----A---- C:\Windows\system32\qedit.dll
2009-06-08 11:44:31 ----A---- C:\Windows\system32\pnpui.dll
2009-06-08 11:44:31 ----A---- C:\Windows\system32\perfdisk.dll
2009-06-08 11:44:31 ----A---- C:\Windows\system32\hdwwiz.exe
2009-06-08 11:44:31 ----A---- C:\Windows\system32\certreq.exe
2009-06-08 11:44:30 ----A---- C:\Windows\system32\TSTheme.exe
2009-06-08 11:44:30 ----A---- C:\Windows\system32\spwinsat.dll
2009-06-08 11:44:30 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-06-08 11:44:30 ----A---- C:\Windows\system32\scecli.dll
2009-06-08 11:44:30 ----A---- C:\Windows\system32\rasplap.dll
2009-06-08 11:44:30 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-06-08 11:44:29 ----A---- C:\Windows\system32\whealogr.dll
2009-06-08 11:44:29 ----A---- C:\Windows\system32\tcpmon.dll
2009-06-08 11:44:29 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-06-08 11:44:29 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-06-08 11:44:29 ----A---- C:\Windows\system32\fdWSD.dll
2009-06-08 11:44:29 ----A---- C:\Windows\system32\cmmon32.exe
2009-06-08 11:44:28 ----A---- C:\Windows\system32\srcore.dll
2009-06-08 11:44:28 ----A---- C:\Windows\system32\SnippingTool.exe
2009-06-08 11:44:28 ----A---- C:\Windows\system32\SCardSvr.dll
2009-06-08 11:44:28 ----A---- C:\Windows\system32\raschap.dll
2009-06-08 11:44:28 ----A---- C:\Windows\system32\fontext.dll
2009-06-08 11:44:28 ----A---- C:\Windows\system32\conime.exe
2009-06-08 11:44:28 ----A---- C:\Windows\system32\cmdial32.dll
2009-06-08 11:44:27 ----A---- C:\Windows\system32\wiaaut.dll
2009-06-08 11:44:27 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-06-08 11:44:26 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-06-08 11:44:26 ----A---- C:\Windows\system32\wlanui.dll
2009-06-08 11:44:25 ----A---- C:\Windows\system32\shwebsvc.dll
2009-06-08 11:44:25 ----A---- C:\Windows\system32\rasppp.dll
2009-06-08 11:44:25 ----A---- C:\Windows\system32\PnPutil.exe
2009-06-08 11:44:25 ----A---- C:\Windows\system32\dsprop.dll
2009-06-08 11:44:24 ----A---- C:\Windows\system32\wlanmsm.dll
2009-06-08 11:44:24 ----A---- C:\Windows\system32\shsetup.dll
2009-06-08 11:44:24 ----A---- C:\Windows\system32\oobefldr.dll
2009-06-08 11:44:24 ----A---- C:\Windows\system32\dimsroam.dll
2009-06-08 11:44:23 ----A---- C:\Windows\system32\rasmontr.dll
2009-06-08 11:44:23 ----A---- C:\Windows\system32\mscandui.dll
2009-06-08 11:44:23 ----A---- C:\Windows\system32\modemui.dll
2009-06-08 11:44:22 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-06-08 11:44:22 ----A---- C:\Windows\system32\dataclen.dll
2009-06-08 11:44:22 ----A---- C:\Windows\system32\chtbrkr.dll
2009-06-08 11:44:21 ----A---- C:\Windows\system32\WSDMon.dll
2009-06-08 11:44:21 ----A---- C:\Windows\system32\wmpeffects.dll
2009-06-08 11:44:21 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-06-08 11:44:21 ----A---- C:\Windows\system32\smss.exe
2009-06-08 11:44:21 ----A---- C:\Windows\system32\rdpwsx.dll
2009-06-08 11:44:21 ----A---- C:\Windows\system32\netplwiz.dll
2009-06-08 11:44:21 ----A---- C:\Windows\system32\credui.dll
2009-06-08 11:44:21 ----A---- C:\Windows\system32\blackbox.dll
2009-06-08 11:44:20 ----A---- C:\Windows\system32\certprop.dll
2009-06-08 11:44:19 ----A---- C:\Windows\system32\wpcsvc.dll
2009-06-08 11:44:19 ----A---- C:\Windows\system32\networkexplorer.dll
2009-06-08 11:44:19 ----A---- C:\Windows\system32\msscp.dll
2009-06-08 11:44:19 ----A---- C:\Windows\system32\logagent.exe
2009-06-08 11:44:19 ----A---- C:\Windows\system32\InkEd.dll
2009-06-08 11:44:19 ----A---- C:\Windows\system32\ifmon.dll
2009-06-08 11:44:19 ----A---- C:\Windows\system32\gpresult.exe
2009-06-08 11:44:19 ----A---- C:\Windows\system32\cipher.exe
2009-06-08 11:44:18 ----A---- C:\Windows\system32\wscapi.dll
2009-06-08 11:44:18 ----A---- C:\Windows\system32\thawbrkr.dll
2009-06-08 11:44:18 ----A---- C:\Windows\system32\msimtf.dll
2009-06-08 11:44:16 ----A---- C:\Windows\system32\softkbd.dll
2009-06-08 11:44:16 ----A---- C:\Windows\system32\sendmail.dll
2009-06-08 11:44:16 ----A---- C:\Windows\system32\msctfui.dll
2009-06-08 11:44:16 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-06-08 11:44:15 ----A---- C:\Windows\system32\puiapi.dll
2009-06-08 11:44:15 ----A---- C:\Windows\system32\olepro32.dll
2009-06-08 11:44:15 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-06-08 11:44:15 ----A---- C:\Windows\system32\dmsynth.dll
2009-06-08 11:44:15 ----A---- C:\Windows\system32\cdd.dll
2009-06-08 11:44:15 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-06-08 11:44:14 ----A---- C:\Windows\system32\wshbth.dll
2009-06-08 11:44:14 ----A---- C:\Windows\system32\version.dll
2009-06-08 11:44:14 ----A---- C:\Windows\system32\SLLUA.exe
2009-06-08 11:44:14 ----A---- C:\Windows\system32\msisip.dll
2009-06-08 11:44:14 ----A---- C:\Windows\system32\mprapi.dll
2009-06-08 11:44:14 ----A---- C:\Windows\system32\input.dll
2009-06-08 11:44:14 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-06-08 11:44:13 ----A---- C:\Windows\system32\fc.exe
2009-06-08 11:44:12 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-06-08 11:44:12 ----A---- C:\Windows\system32\fdSSDP.dll
2009-06-08 11:44:12 ----A---- C:\Windows\system32\dmusic.dll
2009-06-08 11:44:11 ----A---- C:\Windows\system32\wsdchngr.dll
2009-06-08 11:44:11 ----A---- C:\Windows\system32\rrinstaller.exe
2009-06-08 11:44:11 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-06-08 11:44:11 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-06-08 11:44:11 ----A---- C:\Windows\system32\msjint40.dll
2009-06-08 11:44:11 ----A---- C:\Windows\system32\l2nacp.dll
2009-06-08 11:44:11 ----A---- C:\Windows\system32\ftp.exe
2009-06-08 11:44:11 ----A---- C:\Windows\system32\eapp3hst.dll
2009-06-08 11:44:11 ----A---- C:\Windows\system32\cscdll.dll
2009-06-08 11:44:11 ----A---- C:\Windows\system32\cscapi.dll
2009-06-08 11:44:10 ----A---- C:\Windows\system32\Storprop.dll
2009-06-08 11:44:10 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-06-08 11:44:10 ----A---- C:\Windows\system32\rasdial.exe
2009-06-08 11:44:10 ----A---- C:\Windows\system32\rasdiag.dll
2009-06-08 11:44:10 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-06-08 11:44:10 ----A---- C:\Windows\system32\fdWCN.dll
2009-06-08 11:44:10 ----A---- C:\Windows\system32\bthudtask.exe
2009-06-08 11:44:10 ----A---- C:\Windows\system32\bthci.dll
2009-06-08 11:44:09 ----A---- C:\Windows\system32\dot3cfg.dll
2009-06-08 11:44:08 ----A---- C:\Windows\system32\aaclient.dll
2009-06-08 11:44:07 ----A---- C:\Windows\system32\ipconfig.exe
2009-06-08 11:44:07 ----A---- C:\Windows\system32\eappcfg.dll
2009-06-08 11:44:07 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-06-08 11:44:06 ----A---- C:\Windows\system32\tscupgrd.exe
2009-06-08 11:44:06 ----A---- C:\Windows\system32\slcinst.dll
2009-06-08 11:44:06 ----A---- C:\Windows\system32\nslookup.exe
2009-06-08 11:44:06 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-06-08 11:44:06 ----A---- C:\Windows\system32\mfps.dll
2009-06-08 11:44:05 ----A---- C:\Windows\system32\ocsetup.exe
2009-06-08 11:44:05 ----A---- C:\Windows\system32\mmcico.dll
2009-06-08 11:44:05 ----A---- C:\Windows\system32\hbaapi.dll
2009-06-08 11:44:05 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-06-08 11:44:05 ----A---- C:\Windows\system32\fdeploy.dll
2009-06-08 11:44:05 ----A---- C:\Windows\system32\eappgnui.dll
2009-06-08 11:44:04 ----A---- C:\Windows\system32\tsgqec.dll
2009-06-08 11:44:04 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-06-08 11:44:04 ----A---- C:\Windows\system32\mfpmp.exe
2009-06-08 11:44:03 ----A---- C:\Windows\system32\gpupdate.exe
2009-06-08 11:44:03 ----A---- C:\Windows\system32\atmlib.dll
2009-06-08 11:44:02 ----A---- C:\Windows\system32\csrstub.exe
2009-06-08 11:44:02 ----A---- C:\Windows\system32\cbsra.exe
2009-06-08 11:44:02 ----A---- C:\Windows\system32\bitsigd.dll
2009-06-08 11:44:01 ----A---- C:\Windows\system32\NcdProp.dll
2009-06-08 11:44:01 ----A---- C:\Windows\system32\iscsilog.dll
2009-06-08 11:44:00 ----A---- C:\Windows\system32\winrnr.dll
2009-06-08 11:44:00 ----A---- C:\Windows\system32\vdmdbg.dll
2009-06-08 11:44:00 ----A---- C:\Windows\system32\slwga.dll
2009-06-08 11:44:00 ----A---- C:\Windows\system32\odbcconf.dll
2009-06-08 11:44:00 ----A---- C:\Windows\system32\inetppui.dll
2009-06-08 11:43:59 ----A---- C:\Windows\system32\midimap.dll
2009-06-08 11:43:59 ----A---- C:\Windows\system32\atmfd.dll
2009-06-08 11:43:57 ----A---- C:\Windows\system32\wmploc.DLL
2009-06-08 11:43:57 ----A---- C:\Windows\system32\spwmp.dll
2009-06-08 11:43:57 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-06-08 11:43:57 ----A---- C:\Windows\system32\dxmasf.dll
2009-06-08 11:43:56 ----A---- C:\Windows\system32\msimsg.dll
2009-06-08 11:43:56 ----A---- C:\Windows\system32\mferror.dll
2009-06-08 11:43:37 ----A---- C:\Windows\system32\SmiEngine.dll
2009-06-08 11:43:36 ----A---- C:\Windows\system32\wdscore.dll
2009-06-08 11:43:36 ----A---- C:\Windows\system32\PkgMgr.exe
2009-06-08 11:43:33 ----A---- C:\Windows\system32\drvstore.dll
2009-05-27 15:26:03 ----N---- C:\Windows\system32\WindowsAccessBridge.DLL
2009-05-27 15:26:03 ----N---- C:\Windows\system32\JAWTAccessBridge.DLL
2009-05-27 15:26:03 ----N---- C:\Windows\system32\JavaAccessBridge.DLL
2009-05-27 15:25:56 ----D---- C:\Program Files\Cisco Systems
2009-05-09 09:54:14 ----D---- C:\Program Files\Pure Networks
2009-05-09 09:24:55 ----D---- C:\ProgramData\webex
2009-05-09 09:22:21 ----D---- C:\Program Files\Common Files\Pure Networks Shared
2009-05-03 16:24:43 ----A---- C:\Windows\ScUnin.exe
2009-05-01 08:18:19 ----A---- C:\Windows\system32\mshtmler.dll
2009-05-01 08:18:19 ----A---- C:\Windows\system32\mshtmled.dll
2009-05-01 08:18:19 ----A---- C:\Windows\system32\icardie.dll
2009-05-01 08:18:19 ----A---- C:\Windows\system32\admparse.dll
2009-05-01 08:18:18 ----A---- C:\Windows\system32\msls31.dll
2009-05-01 08:18:18 ----A---- C:\Windows\system32\imgutil.dll
2009-05-01 08:18:18 ----A---- C:\Windows\system32\iepeers.dll
2009-05-01 08:18:18 ----A---- C:\Windows\system32\ieakeng.dll
2009-05-01 08:18:18 ----A---- C:\Windows\system32\dxtrans.dll
2009-05-01 08:18:18 ----A---- C:\Windows\system32\dxtmsft.dll
2009-05-01 08:18:18 ----A---- C:\Windows\system32\corpol.dll
2009-05-01 08:18:17 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-05-01 08:18:17 ----A---- C:\Windows\system32\wextract.exe
2009-05-01 08:18:17 ----A---- C:\Windows\system32\webcheck.dll
2009-05-01 08:18:17 ----A---- C:\Windows\system32\occache.dll
2009-05-01 08:18:17 ----A---- C:\Windows\system32\msrating.dll
2009-05-01 08:18:17 ----A---- C:\Windows\system32\msfeedssync.exe
2009-05-01 08:18:17 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-05-01 08:18:17 ----A---- C:\Windows\system32\licmgr10.dll
2009-05-01 08:18:17 ----A---- C:\Windows\system32\inseng.dll
2009-05-01 08:18:17 ----A---- C:\Windows\system32\ieakui.dll
2009-05-01 08:18:17 ----A---- C:\Windows\system32\ieaksie.dll
2009-05-01 08:18:16 ----A---- C:\Windows\system32\vbscript.dll
2009-05-01 08:18:16 ----A---- C:\Windows\system32\pngfilt.dll
2009-05-01 08:18:16 ----A---- C:\Windows\system32\mstime.dll
2009-05-01 08:18:16 ----A---- C:\Windows\system32\msfeeds.dll
2009-05-01 08:18:16 ----A---- C:\Windows\system32\ieapfltr.dll
2009-05-01 08:18:16 ----A---- C:\Windows\system32\advpack.dll
2009-05-01 08:18:15 ----A---- C:\Windows\system32\url.dll
2009-05-01 08:18:15 ----A---- C:\Windows\system32\jscript.dll
2009-05-01 08:18:14 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-05-01 08:18:14 ----A---- C:\Windows\system32\SetDepNx.exe
2009-05-01 08:18:14 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-05-01 08:18:14 ----A---- C:\Windows\system32\PDMSetup.exe
2009-05-01 08:18:14 ----A---- C:\Windows\system32\mshta.exe
2009-05-01 08:18:14 ----A---- C:\Windows\system32\iexpress.exe
2009-05-01 08:18:14 ----A---- C:\Windows\system32\ieUnatt.exe
2009-05-01 08:18:14 ----A---- C:\Windows\system32\iesysprep.dll

======List of files/folders modified in the last 3 months======

2009-07-15 18:23:20 ----D---- C:\Windows\Temp
2009-07-15 18:17:05 ----RD---- C:\Program Files
2009-07-15 14:42:10 ----D---- C:\Windows\Tasks
2009-07-15 13:13:58 ----HD---- C:\$AVG8.VAULT$
2009-07-15 13:13:12 ----D---- C:\ProgramData\avg8
2009-07-15 12:37:52 ----D---- C:\Windows\System32
2009-07-15 12:37:52 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-15 12:37:51 ----D---- C:\Windows\inf
2009-07-15 07:18:20 ----D---- C:\ProgramData\Google Updater
2009-07-11 20:28:26 ----D---- C:\Windows\system32\catroot2
2009-07-10 02:09:54 ----D---- C:\Users\admin\AppData\Roaming\Skype
2009-07-10 00:09:49 ----D---- C:\Users\admin\AppData\Roaming\skypePM
2009-07-09 18:06:09 ----D---- C:\Windows\Minidump
2009-07-09 18:05:59 ----D---- C:\WINDOWS
2009-07-03 11:40:18 ----SD---- C:\Users\admin\AppData\Roaming\Microsoft
2009-07-03 11:40:18 ----D---- C:\Windows\system32\drivers
2009-07-03 11:40:09 ----HD---- C:\ProgramData
2009-07-02 23:40:42 ----D---- C:\Windows\Prefetch
2009-07-02 23:13:38 ----SHD---- C:\System Volume Information
2009-07-02 19:53:26 ----D---- C:\Windows\system32\Tasks
2009-06-26 18:02:00 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-06-26 12:23:22 ----D---- C:\Program Files\Mozilla Firefox
2009-06-25 21:16:55 ----D---- C:\downloads
2009-06-25 16:00:41 ----D---- C:\Windows\winsxs
2009-06-25 16:00:40 ----D---- C:\Program Files\Internet Explorer
2009-06-25 13:21:42 ----SHD---- C:\Windows\Installer
2009-06-24 16:13:57 ----D---- C:\Windows\system32\catroot
2009-06-22 09:56:39 ----A---- C:\Windows\system32\avgrsstx.dll
2009-06-13 16:15:58 ----D---- C:\Windows\Microsoft.NET
2009-06-13 16:15:34 ----RSD---- C:\Windows\assembly
2009-06-13 16:07:40 ----D---- C:\Windows\ehome
2009-06-11 16:44:01 ----A---- C:\Windows\ntbtlog.txt
2009-06-11 16:10:01 ----D---- C:\Windows\system32\migration
2009-06-08 12:33:46 ----D---- C:\Windows\rescache
2009-06-08 12:20:56 ----SHD---- C:\boot
2009-06-08 12:13:35 ----D---- C:\Program Files\Windows Calendar
2009-06-08 12:13:33 ----D---- C:\Program Files\Windows Mail
2009-06-08 12:13:32 ----D---- C:\Program Files\Movie Maker
2009-06-08 12:13:28 ----D---- C:\Program Files\Windows Sidebar
2009-06-08 12:13:27 ----D---- C:\Program Files\Windows Media Player
2009-06-08 12:13:27 ----D---- C:\Program Files\Windows Collaboration
2009-06-08 12:13:26 ----D---- C:\Program Files\Windows Journal
2009-06-08 12:13:20 ----D---- C:\Program Files\Windows Photo Gallery
2009-06-08 12:13:20 ----D---- C:\Program Files\Common Files\System
2009-06-08 12:13:09 ----D---- C:\Windows\servicing
2009-06-08 12:13:09 ----D---- C:\Program Files\Windows Defender
2009-06-08 12:12:40 ----D---- C:\Windows\system32\XPSViewer
2009-06-08 12:12:40 ----D---- C:\Windows\IME
2009-06-08 12:12:39 ----D---- C:\Windows\system32\sk-SK
2009-06-08 12:12:39 ----D---- C:\Windows\system32\lv-LV
2009-06-08 12:12:39 ----D---- C:\Windows\system32\ko-KR
2009-06-08 12:12:39 ----D---- C:\Windows\system32\hr-HR
2009-06-08 12:12:39 ----D---- C:\Windows\system32\et-EE
2009-06-08 12:12:39 ----D---- C:\Windows\system32\en-US
2009-06-08 12:12:39 ----D---- C:\Windows\system32\da-DK
2009-06-08 12:12:38 ----D---- C:\Windows\system32\oobe
2009-06-08 12:12:38 ----D---- C:\Windows\system32\it-IT
2009-06-08 12:12:38 ----D---- C:\Windows\system32\el-GR
2009-06-08 12:12:38 ----D---- C:\Windows\system32\de-DE
2009-06-08 12:12:31 ----D---- C:\Windows\system32\sv-SE
2009-06-08 12:12:31 ----D---- C:\Windows\system32\setup
2009-06-08 12:12:31 ----D---- C:\Windows\system32\ru-RU
2009-06-08 12:12:31 ----D---- C:\Windows\system32\he-IL
2009-06-08 12:12:31 ----D---- C:\Windows\system32\fr-FR
2009-06-08 12:12:31 ----D---- C:\Windows\system32\fi-FI
2009-06-08 12:12:31 ----D---- C:\Windows\system32\AdvancedInstallers
2009-06-08 12:12:30 ----D---- C:\Windows\system32\zh-CN
2009-06-08 12:12:30 ----D---- C:\Windows\system32\SLUI
2009-06-08 12:12:30 ----D---- C:\Windows\system32\pt-PT
2009-06-08 12:12:30 ----D---- C:\Windows\system32\hu-HU
2009-06-08 12:12:30 ----D---- C:\Windows\system32\cs-CZ
2009-06-08 12:12:29 ----D---- C:\Windows\system32\zh-TW
2009-06-08 12:12:29 ----D---- C:\Windows\system32\uk-UA
2009-06-08 12:12:29 ----D---- C:\Windows\system32\sr-Latn-CS
2009-06-08 12:12:29 ----D---- C:\Windows\system32\sl-SI
2009-06-08 12:12:29 ----D---- C:\Windows\system32\ro-RO
2009-06-08 12:12:29 ----D---- C:\Windows\system32\pl-PL
2009-06-08 12:12:29 ----D---- C:\Windows\system32\manifeststore
2009-06-08 12:12:29 ----D---- C:\Windows\system32\ja-JP
2009-06-08 12:12:29 ----D---- C:\Windows\system32\es-ES
2009-06-08 12:12:29 ----D---- C:\Windows\system32\en
2009-06-08 12:12:29 ----D---- C:\Windows\system32\bg-BG
2009-06-08 12:12:27 ----D---- C:\Windows\system32\th-TH
2009-06-08 12:12:25 ----D---- C:\Windows\system32\wbem
2009-06-08 12:12:25 ----D---- C:\Windows\system32\tr-TR
2009-06-08 12:12:22 ----D---- C:\Windows\system32\nl-NL
2009-06-08 12:12:22 ----D---- C:\Windows\system32\nb-NO
2009-06-08 12:12:22 ----D---- C:\Windows\system32\lt-LT
2009-06-08 12:12:22 ----D---- C:\Windows\system32\ar-SA
2009-06-08 12:12:19 ----D---- C:\Windows\system32\migwiz
2009-06-08 12:12:17 ----D---- C:\Windows\system32\pt-BR
2009-06-08 12:09:34 ----RSD---- C:\Windows\Fonts
2009-06-08 12:09:34 ----D---- C:\Windows\AppPatch
2009-06-08 12:09:13 ----D---- C:\Windows\system32\Boot
2009-06-01 12:51:12 ----A---- C:\Windows\system32\mrt.exe
2009-05-25 07:40:11 ----D---- C:\Program Files\Packet Tracer 5.1
2009-05-09 09:23:15 ----DC---- C:\Windows\system32\DRVSTORE
2009-05-09 09:22:21 ----D---- C:\Program Files\Common Files
2009-05-01 13:07:59 ----D---- C:\Windows\registration
2009-05-01 08:19:48 ----D---- C:\Windows\PolicyDefinitions
2009-05-01 08:09:14 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-01 08:07:48 ----D---- C:\Program Files\Hewlett-Packard
2009-05-01 08:06:17 ----D---- C:\SWSetup
2009-05-01 08:05:38 ----D---- C:\Users\admin\AppData\Roaming\Hewlett-Packard
2009-05-01 08:04:55 ----HD---- C:\System.sav

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-06-22 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-06-22 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-05-01 108552]
R1 NICM;Novell XTCOM Driver; \??\C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [2008-09-23 27152]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 NCFSD;Novell Client File System Redirector; \??\C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [2008-09-23 81424]
R2 NCIOCTL;Novell Xplat IoCtl Driver; \??\C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [2008-09-23 52752]
R2 pnarp;Pure Networks Device Discovery Driver; C:\Windows\system32\DRIVERS\pnarp.sys [2008-12-12 24880]
R2 purendis;Pure Networks Wireless Driver; C:\Windows\system32\DRIVERS\purendis.sys [2008-12-12 26416]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-22 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-12-06 761856]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-11-01 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-11-01 208896]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-04 7606688]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-08-22 1749760]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-11-01 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 80424]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 16168]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\DNIMp50.sys [2006-11-16 21504]
S3 DNISp50;DNISp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\DNISp50.sys [2006-11-16 20480]
S3 DrmCAudio;DrmCAudio; C:\Windows\system32\drivers\DrmCAudio.sys []
S3 DrmCVideo;DrmCVideo; C:\Windows\system32\DRIVERS\DrmCVideo.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-09-09 176640]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 nccache;nccache; \??\C:\Program Files\Novell\Client\XTier\Drivers\nccache.sys [2008-09-23 26640]
S3 nciom;nciom; \??\C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [2008-09-23 60432]
S3 ncp;ncp; \??\C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [2008-09-23 63504]
S3 ncpfsp;ncpfsp; \??\C:\Program Files\Novell\Client\XTier\Drivers\ncpfsp.sys [2008-09-23 62992]
S3 ncpl;ncpl; \??\C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [2008-09-23 40464]
S3 ndm;ndm; \??\C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [2008-09-23 17936]
S3 ndmndap;ndmndap; \??\C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [2008-09-23 65552]
S3 ndslpp;ndslpp; \??\C:\Program Files\Novell\Client\XTier\Drivers\ndslpp.sys [2008-09-23 20496]
S3 niam;niam; \??\C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [2008-09-23 30736]
S3 nipctl;nipctl; \??\C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [2008-09-23 43536]
S3 NPF;Netgroup Packet Filter; C:\Windows\system32\drivers\npf.sys [2008-12-05 42512]
S3 nscm;nscm; \??\C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [2008-09-23 26640]
S3 nsns;nsns; \??\C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [2008-09-23 21008]
S3 nsvccost;nsvccost; \??\C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [2008-09-23 28688]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle; C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-07-19 281088]
S3 Ser2pl;ATEN USB to Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 tbhsd;Tunebite High-Speed Dubbing; C:\Windows\system32\drivers\tbhsd.sys [2008-10-30 44320]
S3 U2SP;USB to Serial Converter Driver(Philips); C:\Windows\system32\DRIVERS\u2s2kxp.sys [2004-05-05 23296]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service; C:\Windows\system32\DRIVERS\WPN111v.sys [2007-06-01 870400]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 xtxplat;xtxplat; \??\C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [2008-09-23 43024]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-06-22 906520]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-22 298776]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-12-12 642856]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-04 203296]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-12-19 271760]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-12-19 112016]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R2 XTSvcMgr;Novell XTier Service Manager; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [2008-09-23 16656]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-10-10 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-22 228656]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-23 181800]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 SolarWinds TFTP Server;SolarWinds TFTP Server; C:\Users\admin\AppData\Roaming\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe [2008-07-25 61440]
S3 SoundMovieServer;SoundMovieServer; C:\Windows\system32\snmvtsvc.exe [2008-11-11 200704]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

-----------------EOF-----------------

what do i do to get that other file now? or is it not that important?

#11 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 15 July 2009 - 05:48 PM

Hello again, :thumbup2:

The other log is not important, I can use the one from DDS.

Question:
Did you put these IP ADDRESS IN IE TRUSTED ZONE???:
O15 - Trusted IP range: 192.168.254.1
O15 - Trusted IP range: 192.168.253.1
O15 - Trusted IP range: 192.168.252.1
O15 - Trusted IP range: 192.168.251.1
O15 - Trusted IP range: http://192.168.251.1
O15 - Trusted IP range: 192.168.253.254
O15 - Trusted IP range: 192.168.254.254


Sorry for the delay. The forum is exceptionally busy. I have reviewed your logs and proposed a fix.

I am patiently waiting for my coach to approve the clean-up.
If possible I would encourage you to minimize use of that computer until we can get it cleaned up. I appreciate your patience.

Regards,
Net_Surfer

:)

#12 desertuchiha

desertuchiha
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 AM

Posted 15 July 2009 - 06:30 PM

no i haven't. i dont use IE. is there a problem?

#13 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 15 July 2009 - 06:34 PM

Yes, you have a dns hijack in your system.

TCP: NameServer = 85.255.112.206,85.255.112.116
TCP: {B4A1F145-2136-4C55-AA17-B3538094F96A} = 85.255.112.206,85.255.112.116
TCP: {CC6E4E90-CA67-4021-BC18-02881FAABDBA} = 85.255.112.206,85.255.112.116
TCP: {D5B689AC-EAEA-45AF-B779-BF7035E3D3BA} = 85.255.112.206,85.255.112.116

inetnum: 85.255.112.0 - 85.255.127.255
netname: UkrTeleGroup
descr: UkrTeleGroup Ltd.
admin-c: UA481-RIPE
tech-c: UA481-RIPE

(Trojan.DNSChanger)DNS Hijack
http://samspade.org/whois/85.255.112.206

I will reply back as soonest my coach approve the fix.

Question:
Are you using: Gilat Communications internet satellite systems - associated with SkyBlaster modem. ???

Thanks.
Net_Surfer.

Edited by Net_Surfer, 15 July 2009 - 06:38 PM.


#14 desertuchiha

desertuchiha
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 AM

Posted 15 July 2009 - 06:39 PM

no not that im aware of. this seems to be getting worse and worse v_v.

#15 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 15 July 2009 - 07:01 PM

Ok...... thanks

Do not worry, we got the tools to take care of this infections.

But like I said it will be a few hours before I can post a fix...

Thanks for waiting.

Net_Surfer




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users