Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijacked: Win32.Trojan.Alureon


  • This topic is locked This topic is locked
28 replies to this topic

#1 dadrivr

dadrivr

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 19 July 2009 - 10:35 PM

I believe I have been infected with a trojan (Win32.Trojan.Alureon). When I search something in Google and I click on one of the results, it will sometimes redirect me to other sites. It has been detected by Avast and AVG but neither was able to completely remove it. I have also run Ad-aware, CCleaner, Malwarebytes, Spybot - S&D, & TrendMicro System Clean, but nothing has worked. I have done safe-mode scans and boot scans, but I haven't been able to get rid of the virus. Please help me. Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:06 PM, on 7/19/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nero\Nero 9\InCD\InCD.exe
C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Songbird\songbirditunesagent.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Allway Sync\Bin\syncappw.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nero\Nero 9\NeroDiscCopy9.Gadget\NeroGadgetCMServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Nero\Nero 9\InCD\InCD.exe"
O4 - HKLM\..\Run: [NBHGui] "C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [sbitunesagent] C:\Program Files\Songbird\songbirditunesagent.exe
O4 - HKCU\..\Run: [Allway Sync] "C:\Program Files\Allway Sync\Bin\syncappw.exe" -m
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDSrv) - Nero AG - C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32\nvSCPAPISvr.exe


BC AdBot (Login to Remove)

 


m

#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 20 July 2009 - 11:28 AM

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please don't use code tags when post logs.. Just post logs as it is.. It will be much easier to my eyes.. Please do the following....



Please download The Comedian.exe by Rorschach112 to your desktop
  • Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished
STOP! if you can't complete this step.. Tell me more about it..




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
Please rename the random filename or GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GAMERS result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 dadrivr

dadrivr
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 23 July 2009 - 11:53 PM

I just tried running The_Comedian.exe, but Win Vista gives me an error:

"The_Comedian.exe has stopped working
A problem caused the program to stop working correctly."

Then I went into Safe Mode and successfully ran The_Comedian.exe. Then, I ran Malwarebytes and deleted the detected malware. After reboot, Windows failed to bootup correctly. After entering my password at the windows login screen, the desktop appears, but nothing loads. So I restarted my computer and went back into Safe Mode, where I did another scan of Malwarebytes to find that the malware was re-detected - either it was not successfully deleted or it was recreated sometime after deletion. The following is my Malwarebytes scan log:

Malwarebytes' Anti-Malware 1.39
Database version: 2492
Windows 6.0.6002 Service Pack 2

7/24/2009 2:54:42 PM
mbam-log-2009-07-24 (14-54-42).txt

Scan type: Full Scan (C:\|)
Objects scanned: 272630
Time elapsed: 26 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 37

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\System32\geyekriuintqxc.dll (Trojan.TDSS) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\System32\geyekriuintqxc.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp106437491.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp119152091.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp126424787.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp127291965.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp127327174.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp136119914.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp136155876.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp136306164.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp149092752.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp154938321.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp154998250.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp155036966.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp1569760.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp159230376.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp161305114.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp161399080.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp163137257.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp168065915.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp180759884.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp18945083.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp200108476.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp244312869.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp245882124.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp261369460.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp262315477.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp52490162.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp66514099.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp67305898.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp69126284.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp69136134.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp69164934.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp70927047.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp77058174.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp82098202.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp92729071.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\_avast4_\unp96615556.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.

Edited by dadrivr, 24 July 2009 - 02:56 PM.


#4 dadrivr

dadrivr
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 24 July 2009 - 03:16 PM

From RSIT - log.txt log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Isaac at 2009-07-24 15:12:08
Microsoft® Windows Vista™ Ultimate Service Pack 2
System drive C: has 646 GB (68%) free of 954 GB
Total RAM: 2550 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:12:18 PM, on 7/24/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Nero\Nero 9\InCD\InCD.exe
C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Songbird\songbirditunesagent.exe
C:\Program Files\Allway Sync\Bin\syncappw.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nero\Nero 9\NeroDiscCopy9.Gadget\NeroGadgetCMServer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Isaac\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Isaac.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Nero\Nero 9\InCD\InCD.exe"
O4 - HKLM\..\Run: [NBHGui] "C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [sbitunesagent] C:\Program Files\Songbird\songbirditunesagent.exe
O4 - HKCU\..\Run: [Allway Sync] "C:\Program Files\Allway Sync\Bin\syncappw.exe" -m
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDSrv) - Nero AG - C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32\nvSCPAPISvr.exe

--
End of file - 7879 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\AutoSmartDefrag.job
C:\Windows\tasks\AWC Startup.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\SmartDefrag.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-06-10 13785632]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-03-24 7289376]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-14 148888]
"QuickTime Task"=C:\Program Files\QuickTime Alternative\QTTask.exe [2009-05-26 413696]
"InCD"=C:\Program Files\Nero\Nero 9\InCD\InCD.exe [2009-05-08 1116696]
"NBHGui"=C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe [2009-05-08 1593880]
"avast!"=C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2009-02-05 81000]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-10-11 29984]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-10-11 46368]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-08-31 328992]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-11-05 741376]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-10-30 77824]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"sbitunesagent"=C:\Program Files\Songbird\songbirditunesagent.exe [2009-06-16 229376]
"Allway Sync"=C:\Program Files\Allway Sync\Bin\syncappw.exe [2009-05-05 79576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-14 1948440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Users\Isaac\AppData\Roaming\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload]
C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe [2008-06-09 397456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]

C:\Users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-07-19 233888]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rbadza.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rbadza.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoResolveTrack"=
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
""="C:\Windows\system32\rundll32.exe:*:Enabled:rundll32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62ff0594-6fa9-11de-8e3c-806e6f6e6963}]
shell\AutoRun\command - D:\setup.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2009-07-24 15:01:24 ----D---- C:\Windows\ERDNT
2009-07-24 07:16:57 ----D---- C:\Program Files\ERUNT
2009-07-24 07:13:11 ----A---- C:\Windows\ntbtlog.txt
2009-07-23 23:54:11 ----D---- C:\rsit
2009-07-23 21:46:02 ----D---- C:\Program Files\iPod
2009-07-18 00:55:05 ----RD---- C:\Users\Isaac\AppData\Roaming\Brother
2009-07-18 00:40:54 ----A---- C:\Windows\BRWMARK.INI
2009-07-18 00:38:27 ----A---- C:\Windows\Brpfx04a.ini
2009-07-18 00:38:27 ----A---- C:\Windows\brpcfx.ini
2009-07-18 00:36:30 ----A---- C:\Windows\system32\BrWia07b.dll
2009-07-18 00:36:30 ----A---- C:\Windows\system32\BrUsi07b.dll
2009-07-18 00:36:30 ----A---- C:\Windows\system32\BRTCPCON.DLL
2009-07-18 00:36:30 ----A---- C:\Windows\system32\BRRBTOOL.EXE
2009-07-18 00:36:30 ----A---- C:\Windows\system32\BROSNMP.DLL
2009-07-18 00:36:30 ----A---- C:\Windows\system32\BRLMW03A.INI
2009-07-18 00:36:30 ----A---- C:\Windows\system32\BRLMW03A.DLL
2009-07-18 00:36:30 ----A---- C:\Windows\system32\BRLM03A.DLL
2009-07-18 00:36:29 ----N---- C:\Windows\system32\brinsstr.dll
2009-07-18 00:35:34 ----N---- C:\Windows\system32\BrDctF2S.dll
2009-07-18 00:35:34 ----N---- C:\Windows\system32\BrDctF2L.dll
2009-07-18 00:35:34 ----N---- C:\Windows\system32\BrDctF2.dll
2009-07-18 00:35:28 ----A---- C:\Windows\Brfaxrx.ini
2009-07-18 00:35:27 ----N---- C:\Windows\system32\NSSearch.dll
2009-07-18 00:35:27 ----N---- C:\Windows\system32\BrMuSNMP.dll
2009-07-18 00:35:27 ----N---- C:\Windows\system32\BrMfNt.dll
2009-07-18 00:35:27 ----N---- C:\Windows\system32\BrfxD05a.dll
2009-07-18 00:35:27 ----N---- C:\Windows\system32\BRCrypt.dll
2009-07-18 00:35:27 ----D---- C:\Program Files\Brother
2009-07-18 00:35:27 ----A---- C:\Windows\brunin03.dll
2009-07-18 00:34:45 ----D---- C:\Program Files\Nuance
2009-07-18 00:33:36 ----A---- C:\Windows\maxlink.ini
2009-07-18 00:33:31 ----D---- C:\ProgramData\InstallShield
2009-07-18 00:32:56 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2009-07-18 00:32:48 ----D---- C:\Program Files\ScanSoft
2009-07-18 00:32:47 ----D---- C:\ProgramData\ScanSoft
2009-07-18 00:27:23 ----D---- C:\ProgramData\Brother
2009-07-17 23:14:20 ----D---- C:\Users\Isaac\AppData\Roaming\Sync App Settings
2009-07-16 19:52:55 ----D---- C:\Users\Isaac\AppData\Roaming\Songbird2
2009-07-16 19:51:35 ----D---- C:\Users\Isaac\AppData\Roaming\Media Player Classic
2009-07-16 14:54:03 ----A---- C:\Windows\system32\aswBoot.exe
2009-07-16 14:54:01 ----D---- C:\Program Files\Alwil Software
2009-07-16 06:54:08 ----A---- C:\bexdzxux.txt
2009-07-15 23:10:01 ----HD---- C:\Windows\PIF
2009-07-15 21:32:41 ----D---- C:\ProgramData\19523284
2009-07-15 20:20:19 ----D---- C:\Users\Isaac\AppData\Roaming\Nero
2009-07-15 19:55:54 ----A---- C:\Windows\Irremote.ini
2009-07-15 19:45:56 ----D---- C:\Program Files\Nero
2009-07-15 19:45:38 ----D---- C:\ProgramData\Nero
2009-07-15 19:45:37 ----D---- C:\Program Files\Common Files\Nero
2009-07-15 18:29:00 ----D---- C:\Program Files\PowerISO
2009-07-15 18:24:15 ----A---- C:\Windows\system32\t2embed.dll
2009-07-15 18:24:15 ----A---- C:\Windows\system32\lpk.dll
2009-07-15 18:24:15 ----A---- C:\Windows\system32\fontsub.dll
2009-07-15 18:24:15 ----A---- C:\Windows\system32\dciman32.dll
2009-07-15 18:24:15 ----A---- C:\Windows\system32\atmfd.dll
2009-07-15 00:20:23 ----HD---- C:\$AVG8.VAULT$
2009-07-15 00:09:45 ----D---- C:\ProgramData\Sync App Settings
2009-07-15 00:07:44 ----D---- C:\Users\Isaac\AppData\Roaming\Xilisoft Corporation
2009-07-15 00:04:48 ----D---- C:\Program Files\Xilisoft
2009-07-15 00:02:03 ----D---- C:\ProgramData\TEMP
2009-07-15 00:01:57 ----D---- C:\ProgramData\Easy CD-DA Extractor
2009-07-15 00:01:48 ----D---- C:\Windows\Easy CD-DA Extractor 12
2009-07-15 00:01:48 ----D---- C:\Program Files\Easy CD-DA Extractor 12
2009-07-14 23:58:40 ----D---- C:\Users\Isaac\AppData\Roaming\Ulead Systems
2009-07-14 23:55:19 ----D---- C:\ProgramData\InterVideo
2009-07-14 23:55:19 ----A---- C:\Windows\system32\IVIresizeW7.dll
2009-07-14 23:55:19 ----A---- C:\Windows\system32\IVIresizePX.dll
2009-07-14 23:55:19 ----A---- C:\Windows\system32\IVIresizeP6.dll
2009-07-14 23:55:19 ----A---- C:\Windows\system32\IVIresizeM6.dll
2009-07-14 23:55:19 ----A---- C:\Windows\system32\IVIresizeA6.dll
2009-07-14 23:55:19 ----A---- C:\Windows\system32\IVIresize.dll
2009-07-14 23:54:57 ----D---- C:\Program Files\Windows Media Components
2009-07-14 23:54:00 ----D---- C:\ProgramData\Ulead Systems
2009-07-14 23:54:00 ----D---- C:\Program Files\Common Files\Ulead Systems
2009-07-14 23:52:36 ----D---- C:\Program Files\Corel
2009-07-14 23:46:53 ----A---- C:\Windows\system32\DfSdkBt64.exe
2009-07-14 23:46:53 ----A---- C:\Windows\system32\DfSdkBt.exe
2009-07-14 23:46:49 ----D---- C:\Program Files\Ashampoo
2009-07-14 23:43:17 ----D---- C:\Program Files\Allway Sync
2009-07-14 23:41:29 ----D---- C:\Program Files\MSXML 4.0
2009-07-14 23:41:25 ----D---- C:\Program Files\Common Files\Microsoft Games
2009-07-14 23:20:33 ----D---- C:\Program Files\ASUS
2009-07-14 23:19:21 ----A---- C:\Windows\Ascd_tmp.ini
2009-07-14 22:57:15 ----D---- C:\Program Files\Activision
2009-07-14 22:52:47 ----A---- C:\Windows\File Renamer - Basic Uninstaller.exe
2009-07-14 22:52:45 ----D---- C:\Program Files\File Renamer
2009-07-14 22:52:25 ----D---- C:\!KillBox
2009-07-14 22:51:48 ----D---- C:\Program Files\Camtech
2009-07-14 22:50:31 ----D---- C:\Users\Isaac\AppData\Roaming\WinRAR
2009-07-14 22:49:29 ----D---- C:\Program Files\WinRAR
2009-07-14 22:47:26 ----D---- C:\Program Files\CCleaner
2009-07-14 22:45:28 ----D---- C:\Users\Isaac\AppData\Roaming\Desktopicon
2009-07-14 22:45:27 ----D---- C:\Program Files\Unlocker
2009-07-14 22:43:00 ----D---- C:\Users\Isaac\AppData\Roaming\Malwarebytes
2009-07-14 22:42:54 ----D---- C:\ProgramData\Malwarebytes
2009-07-14 22:42:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-14 22:41:52 ----HDC---- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-14 22:41:24 ----D---- C:\ProgramData\Lavasoft
2009-07-14 22:41:24 ----D---- C:\Program Files\Lavasoft
2009-07-14 22:34:36 ----D---- C:\Users\Isaac\AppData\Roaming\IObit
2009-07-14 22:34:36 ----D---- C:\Program Files\IObit
2009-07-14 22:33:37 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-07-14 22:33:37 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-14 22:30:25 ----D---- C:\Program Files\SpeedFan
2009-07-14 22:29:48 ----D---- C:\Program Files\Trend Micro
2009-07-14 22:21:25 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-07-14 22:21:13 ----D---- C:\Windows\system32\IOSUBSYS
2009-07-14 22:20:49 ----D---- C:\Program Files\MusicBrainz Picard
2009-07-14 22:20:35 ----D---- C:\Program Files\TagScanner
2009-07-14 22:13:19 ----D---- C:\ProgramData\Sling Media
2009-07-14 22:13:19 ----D---- C:\Program Files\Sling Media
2009-07-14 22:11:37 ----D---- C:\ProgramData\Last.fm
2009-07-14 22:10:44 ----D---- C:\Windows\Downloaded Installations
2009-07-14 22:07:06 ----D---- C:\Users\Isaac\AppData\Roaming\Apple Computer
2009-07-14 22:06:08 ----DC---- C:\Windows\system32\DRVSTORE
2009-07-14 22:06:08 ----A---- C:\Windows\system32\GEARAspi.dll
2009-07-14 22:05:29 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-14 22:05:29 ----D---- C:\Program Files\iTunes
2009-07-14 22:04:04 ----D---- C:\Program Files\Last.fm
2009-07-14 22:03:51 ----D---- C:\Program Files\Bonjour
2009-07-14 22:02:28 ----D---- C:\Program Files\Apple Software Update
2009-07-14 22:00:03 ----D---- C:\Program Files\Common Files\Apple
2009-07-14 22:00:02 ----D---- C:\ProgramData\Apple
2009-07-14 21:58:16 ----D---- C:\Program Files\VideoLAN
2009-07-14 21:55:44 ----D---- C:\Program Files\Songbird
2009-07-14 21:51:20 ----D---- C:\ProgramData\Apple Computer
2009-07-14 21:51:18 ----D---- C:\Program Files\QuickTime Alternative
2009-07-14 21:50:09 ----D---- C:\Users\Isaac\AppData\Roaming\Real
2009-07-14 21:50:09 ----D---- C:\ProgramData\Real
2009-07-14 21:50:09 ----D---- C:\Program Files\Real Alternative
2009-07-14 21:50:09 ----A---- C:\Windows\system32\pndx5032.dll
2009-07-14 21:50:09 ----A---- C:\Windows\system32\pndx5016.dll
2009-07-14 21:50:09 ----A---- C:\Windows\system32\msvcp71.dll
2009-07-14 21:46:45 ----A---- C:\Windows\system32\unrar.dll
2009-07-14 21:46:44 ----A---- C:\Windows\avisplitter.ini
2009-07-14 21:46:43 ----A---- C:\Windows\system32\yv12vfw.dll
2009-07-14 21:46:43 ----A---- C:\Windows\system32\xvidvfw.dll
2009-07-14 21:46:43 ----A---- C:\Windows\system32\xvidcore.dll
2009-07-14 21:46:43 ----A---- C:\Windows\system32\vp7vfw.dll
2009-07-14 21:46:43 ----A---- C:\Windows\system32\vp6vfw.dll
2009-07-14 21:46:43 ----A---- C:\Windows\system32\qt-dx331.dll
2009-07-14 21:46:43 ----A---- C:\Windows\system32\huffyuv.dll
2009-07-14 21:46:43 ----A---- C:\Windows\system32\dpl100.dll
2009-07-14 21:46:43 ----A---- C:\Windows\system32\divx.dll
2009-07-14 21:46:42 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2009-07-14 21:46:42 ----A---- C:\Windows\system32\ff_vfw.dll
2009-07-14 21:46:41 ----D---- C:\Program Files\K-Lite Codec Pack
2009-07-14 21:41:27 ----A---- C:\Windows\system32\javaws.exe
2009-07-14 21:41:27 ----A---- C:\Windows\system32\javaw.exe
2009-07-14 21:41:27 ----A---- C:\Windows\system32\java.exe
2009-07-14 21:41:27 ----A---- C:\Windows\system32\deploytk.dll
2009-07-14 21:41:01 ----D---- C:\Program Files\Java
2009-07-14 21:39:09 ----D---- C:\Program Files\uTorrent
2009-07-14 21:38:23 ----D---- C:\Users\Isaac\AppData\Roaming\uTorrent
2009-07-14 21:32:08 ----D---- C:\ProgramData\Adobe
2009-07-14 21:30:52 ----D---- C:\Program Files\Common Files\Adobe
2009-07-14 21:30:52 ----D---- C:\Program Files\Adobe
2009-07-14 21:29:56 ----D---- C:\Users\Isaac\AppData\Roaming\Google
2009-07-14 21:23:14 ----D---- C:\Program Files\Google
2009-07-14 21:21:43 ----D---- C:\Program Files\GPower 3.1
2009-07-14 21:12:52 ----D---- C:\Program Files\Common Files\Skype
2009-07-14 21:12:51 ----RD---- C:\Program Files\Skype
2009-07-14 21:12:48 ----D---- C:\ProgramData\Skype
2009-07-14 00:21:39 ----A---- C:\Windows\system32\avgrsstx.dll
2009-07-14 00:21:26 ----D---- C:\ProgramData\avg8
2009-07-14 00:21:26 ----D---- C:\Program Files\AVG
2009-07-14 00:15:13 ----D---- C:\Program Files\MozBackup
2009-07-14 00:13:18 ----D---- C:\Users\Isaac\AppData\Roaming\Mozilla
2009-07-14 00:13:14 ----D---- C:\Program Files\Mozilla Firefox
2009-07-14 00:06:01 ----D---- C:\Windows\system32\RTCOM
2009-07-14 00:05:12 ----A---- C:\Windows\system32\WavesLib.dll
2009-07-14 00:05:12 ----A---- C:\Windows\system32\SRSWOW.dll
2009-07-14 00:05:12 ----A---- C:\Windows\system32\SRSTSXT.dll
2009-07-14 00:05:12 ----A---- C:\Windows\system32\SRSTSHD.dll
2009-07-14 00:05:12 ----A---- C:\Windows\system32\SRSHP360.dll
2009-07-14 00:05:12 ----A---- C:\Windows\system32\RTPCEE32.dll
2009-07-14 00:05:12 ----A---- C:\Windows\system32\RtkPgExt.dll
2009-07-14 00:05:12 ----A---- C:\Windows\system32\RtkCoInst.dll
2009-07-14 00:05:12 ----A---- C:\Windows\system32\RtkApoApi.dll
2009-07-14 00:05:12 ----A---- C:\Windows\system32\RtkAPO.dll
2009-07-14 00:05:12 ----A---- C:\Windows\system32\MaxxAudioEQ.dll
2009-07-14 00:05:12 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2009-07-14 00:05:12 ----A---- C:\Windows\system32\MaxxAudioAPO.dll
2009-07-14 00:05:11 ----A---- C:\Windows\system32\FMAPO.dll
2009-07-14 00:05:11 ----A---- C:\Windows\system32\AERTARen.dll
2009-07-14 00:05:11 ----A---- C:\Windows\system32\AERTACap.dll
2009-07-14 00:05:09 ----A---- C:\Windows\RtlExUpd.dll
2009-07-13 23:55:22 ----D---- C:\NVIDIA
2009-07-13 23:45:40 ----D---- C:\Users\Isaac\AppData\Roaming\Macromedia
2009-07-13 23:45:40 ----D---- C:\Users\Isaac\AppData\Roaming\Adobe
2009-07-13 23:45:39 ----D---- C:\Windows\system32\Macromed
2009-07-13 23:35:08 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-07-13 23:35:08 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-07-13 23:35:08 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-07-13 23:35:07 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-07-13 23:35:07 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2009-07-13 23:35:06 ----A---- C:\Windows\system32\XAudio2_3.dll
2009-07-13 23:35:06 ----A---- C:\Windows\system32\XAudio2_2.dll
2009-07-13 23:35:06 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2009-07-13 23:35:06 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2009-07-13 23:35:06 ----A---- C:\Windows\system32\xactengine3_4.dll
2009-07-13 23:35:06 ----A---- C:\Windows\system32\xactengine3_3.dll
2009-07-13 23:35:06 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2009-07-13 23:35:06 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2009-07-13 23:35:06 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-07-13 23:35:06 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-07-13 23:35:06 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-07-13 23:35:05 ----A---- C:\Windows\system32\xactengine3_2.dll
2009-07-13 23:35:05 ----A---- C:\Windows\system32\d3dx10_39.dll
2009-07-13 23:35:05 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2009-07-13 23:35:04 ----A---- C:\Windows\system32\XAudio2_1.dll
2009-07-13 23:35:04 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2009-07-13 23:35:03 ----A---- C:\Windows\system32\xactengine3_1.dll
2009-07-13 23:35:03 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2009-07-13 23:35:02 ----A---- C:\Windows\system32\D3DX9_38.dll
2009-07-13 23:35:02 ----A---- C:\Windows\system32\d3dx10_38.dll
2009-07-13 23:35:02 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2009-07-13 23:35:01 ----A---- C:\Windows\system32\XAudio2_0.dll
2009-07-13 23:35:00 ----A---- C:\Windows\system32\xactengine3_0.dll
2009-07-13 23:35:00 ----A---- C:\Windows\system32\xactengine2_10.dll
2009-07-13 23:35:00 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2009-07-13 23:35:00 ----A---- C:\Windows\system32\D3DX9_37.dll
2009-07-13 23:35:00 ----A---- C:\Windows\system32\d3dx10_37.dll
2009-07-13 23:35:00 ----A---- C:\Windows\system32\d3dx10_36.dll
2009-07-13 23:35:00 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2009-07-13 23:35:00 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2009-07-13 23:34:59 ----A---- C:\Windows\system32\xactengine2_9.dll
2009-07-13 23:34:59 ----A---- C:\Windows\system32\xactengine2_8.dll
2009-07-13 23:34:59 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2009-07-13 23:34:59 ----A---- C:\Windows\system32\d3dx9_36.dll
2009-07-13 23:34:59 ----A---- C:\Windows\system32\d3dx9_35.dll
2009-07-13 23:34:59 ----A---- C:\Windows\system32\d3dx9_34.dll
2009-07-13 23:34:59 ----A---- C:\Windows\system32\d3dx10_35.dll
2009-07-13 23:34:59 ----A---- C:\Windows\system32\d3dx10_34.dll
2009-07-13 23:34:59 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2009-07-13 23:34:59 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2009-07-13 23:34:58 ----A---- C:\Windows\system32\xinput1_3.dll
2009-07-13 23:34:58 ----A---- C:\Windows\system32\xactengine2_7.dll
2009-07-13 23:34:58 ----A---- C:\Windows\system32\xactengine2_6.dll
2009-07-13 23:34:58 ----A---- C:\Windows\system32\d3dx9_33.dll
2009-07-13 23:34:58 ----A---- C:\Windows\system32\d3dx10_33.dll
2009-07-13 23:34:58 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2009-07-13 23:34:57 ----A---- C:\Windows\system32\xactengine2_5.dll
2009-07-13 23:34:57 ----A---- C:\Windows\system32\d3dx10.dll
2009-07-13 23:34:56 ----A---- C:\Windows\system32\xactengine2_4.dll
2009-07-13 23:34:56 ----A---- C:\Windows\system32\x3daudio1_1.dll
2009-07-13 23:34:56 ----A---- C:\Windows\system32\d3dx9_31.dll
2009-07-13 23:34:55 ----A---- C:\Windows\system32\xinput1_2.dll
2009-07-13 23:34:55 ----A---- C:\Windows\system32\xinput1_1.dll
2009-07-13 23:34:55 ----A---- C:\Windows\system32\xactengine2_3.dll
2009-07-13 23:34:55 ----A---- C:\Windows\system32\xactengine2_2.dll
2009-07-13 23:34:54 ----A---- C:\Windows\system32\xactengine2_1.dll
2009-07-13 23:34:50 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-07-13 23:34:49 ----A---- C:\Windows\system32\xactengine2_0.dll
2009-07-13 23:34:49 ----A---- C:\Windows\system32\x3daudio1_0.dll
2009-07-13 23:34:49 ----A---- C:\Windows\system32\d3dx9_29.dll
2009-07-13 23:34:49 ----A---- C:\Windows\system32\d3dx9_28.dll
2009-07-13 23:34:49 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-07-13 23:34:48 ----A---- C:\Windows\system32\d3dx9_26.dll
2009-07-13 23:34:48 ----A---- C:\Windows\system32\d3dx9_25.dll
2009-07-13 23:34:48 ----A---- C:\Windows\system32\d3dx9_24.dll
2009-07-13 23:34:37 ----D---- C:\Program Files\EVGA Precision
2009-07-13 23:33:41 ----D---- C:\Windows\system32\AGEIA
2009-07-13 23:33:41 ----D---- C:\Program Files\AGEIA Technologies
2009-07-13 23:33:20 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-13 23:31:13 ----D---- C:\Program Files\Microsoft Works
2009-07-13 23:30:51 ----D---- C:\Program Files\Common Files\DESIGNER
2009-07-13 23:30:43 ----D---- C:\Program Files\Microsoft.NET
2009-07-13 23:18:09 ----D---- C:\Windows\system32\eu-ES
2009-07-13 23:18:09 ----D---- C:\Windows\system32\ca-ES
2009-07-13 23:18:08 ----D---- C:\Windows\system32\vi-VN
2009-07-13 23:08:37 ----D---- C:\Windows\system32\EventProviders
2009-07-13 23:08:06 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-07-13 23:08:05 ----A---- C:\Windows\system32\SLCExt.dll
2009-07-13 23:08:04 ----A---- C:\Windows\system32\SLsvc.exe
2009-07-13 23:08:03 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-07-13 23:08:03 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-07-13 23:08:03 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-07-13 23:08:01 ----A---- C:\Windows\system32\mssrch.dll
2009-07-13 23:08:00 ----A---- C:\Windows\system32\tquery.dll
2009-07-13 23:08:00 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-07-13 23:08:00 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-07-13 23:08:00 ----A---- C:\Windows\system32\lsasrv.dll
2009-07-13 23:07:59 ----A---- C:\Windows\system32\scavenge.dll
2009-07-13 23:07:59 ----A---- C:\Windows\system32\RMActivate.exe
2009-07-13 23:07:59 ----A---- C:\Windows\system32\msi.dll
2009-07-13 23:07:58 ----A---- C:\Windows\system32\WscEapPr.dll
2009-07-13 23:07:58 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-07-13 23:07:58 ----A---- C:\Windows\system32\sysmain.dll
2009-07-13 23:07:58 ----A---- C:\Windows\system32\secproc_isv.dll
2009-07-13 23:07:58 ----A---- C:\Windows\system32\imapi2fs.dll
2009-07-13 23:07:57 ----A---- C:\Windows\system32\mf.dll
2009-07-13 23:07:57 ----A---- C:\Windows\system32\icardagt.exe
2009-07-13 23:07:57 ----A---- C:\Windows\system32\EhStorShell.dll
2009-07-13 23:07:57 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-07-13 23:07:56 ----A---- C:\Windows\system32\spwizui.dll
2009-07-13 23:07:56 ----A---- C:\Windows\system32\spreview.exe
2009-07-13 23:07:56 ----A---- C:\Windows\system32\spinstall.exe
2009-07-13 23:07:56 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-07-13 23:07:56 ----A---- C:\Windows\system32\drmv2clt.dll
2009-07-13 23:07:55 ----A---- C:\Windows\system32\shell32.dll
2009-07-13 23:07:55 ----A---- C:\Windows\system32\secproc.dll
2009-07-13 23:07:55 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-07-13 23:07:55 ----A---- C:\Windows\system32\p2psvc.dll
2009-07-13 23:07:55 ----A---- C:\Windows\system32\mssvp.dll
2009-07-13 23:07:54 ----A---- C:\Windows\system32\sdohlp.dll
2009-07-13 23:07:54 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-07-13 23:07:54 ----A---- C:\Windows\system32\mssphtb.dll
2009-07-13 23:07:54 ----A---- C:\Windows\system32\mssph.dll
2009-07-13 23:07:54 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-07-13 23:07:54 ----A---- C:\Windows\system32\mscoree.dll
2009-07-13 23:07:54 ----A---- C:\Windows\system32\imapi2.dll
2009-07-13 23:07:53 ----A---- C:\Windows\system32\sperror.dll
2009-07-13 23:07:53 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-07-13 23:07:53 ----A---- C:\Windows\system32\korwbrkr.dll
2009-07-13 23:07:53 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-07-13 23:07:53 ----A---- C:\Windows\system32\esent.dll
2009-07-13 23:07:53 ----A---- C:\Windows\system32\DevicePairing.dll
2009-07-13 23:07:52 ----A---- C:\Windows\system32\wmp.dll
2009-07-13 23:07:52 ----A---- C:\Windows\system32\wevtsvc.dll
2009-07-13 23:07:52 ----A---- C:\Windows\system32\SLC.dll
2009-07-13 23:07:52 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-07-13 23:07:52 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-07-13 23:07:52 ----A---- C:\Windows\system32\msshsq.dll
2009-07-13 23:07:52 ----A---- C:\Windows\system32\IasMigReader.exe
2009-07-13 23:07:51 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-07-13 23:07:51 ----A---- C:\Windows\system32\Query.dll
2009-07-13 23:07:51 ----A---- C:\Windows\system32\qmgr.dll
2009-07-13 23:07:51 ----A---- C:\Windows\system32\pmcsnap.dll
2009-07-13 23:07:51 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-07-13 23:07:51 ----A---- C:\Windows\system32\msxml6.dll
2009-07-13 23:07:51 ----A---- C:\Windows\system32\msjet40.dll
2009-07-13 23:07:51 ----A---- C:\Windows\system32\MPSSVC.dll
2009-07-13 23:07:50 ----A---- C:\Windows\system32\srchadmin.dll
2009-07-13 23:07:50 ----A---- C:\Windows\system32\P2PGraph.dll
2009-07-13 23:07:50 ----A---- C:\Windows\system32\ole32.dll
2009-07-13 23:07:50 ----A---- C:\Windows\system32\ntdll.dll
2009-07-13 23:07:50 ----A---- C:\Windows\system32\msexch40.dll
2009-07-13 23:07:50 ----A---- C:\Windows\system32\diagperf.dll
2009-07-13 23:07:49 ----A---- C:\Windows\system32\winload.exe
2009-07-13 23:07:49 ----A---- C:\Windows\system32\uDWM.dll
2009-07-13 23:07:49 ----A---- C:\Windows\system32\msxml3.dll
2009-07-13 23:07:49 ----A---- C:\Windows\system32\mmc.exe
2009-07-13 23:07:49 ----A---- C:\Windows\system32\mblctr.exe
2009-07-13 23:07:49 ----A---- C:\Windows\system32\EncDec.dll
2009-07-13 23:07:49 ----A---- C:\Windows\system32\dfsr.exe
2009-07-13 23:07:48 ----A---- C:\Windows\system32\riched20.dll
2009-07-13 23:07:48 ----A---- C:\Windows\system32\RacEngn.dll
2009-07-13 23:07:48 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-07-13 23:07:48 ----A---- C:\Windows\system32\fdBth.dll
2009-07-13 23:07:47 ----A---- C:\Windows\system32\spoolss.dll
2009-07-13 23:07:47 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-07-13 23:07:47 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-07-13 23:07:47 ----A---- C:\Windows\system32\schedsvc.dll
2009-07-13 23:07:47 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-07-13 23:07:47 ----A---- C:\Windows\system32\milcore.dll
2009-07-13 23:07:47 ----A---- C:\Windows\system32\kernel32.dll
2009-07-13 23:07:47 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-07-13 23:07:47 ----A---- C:\Windows\system32\CertEnroll.dll
2009-07-13 23:07:46 ----A---- C:\Windows\system32\WinSAT.exe
2009-07-13 23:07:46 ----A---- C:\Windows\system32\msvcp60.dll
2009-07-13 23:07:46 ----A---- C:\Windows\system32\msjtes40.dll
2009-07-13 23:07:46 ----A---- C:\Windows\system32\infocardapi.dll
2009-07-13 23:07:46 ----A---- C:\Windows\system32\gpedit.dll
2009-07-13 23:07:46 ----A---- C:\Windows\system32\fveapi.dll
2009-07-13 23:07:46 ----A---- C:\Windows\system32\es.dll
2009-07-13 23:07:46 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2009-07-13 23:07:45 ----A---- C:\Windows\system32\WMPhoto.dll
2009-07-13 23:07:45 ----A---- C:\Windows\system32\WebClnt.dll
2009-07-13 23:07:45 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-07-13 23:07:45 ----A---- C:\Windows\system32\mstext40.dll
2009-07-13 23:07:45 ----A---- C:\Windows\system32\Magnify.exe
2009-07-13 23:07:45 ----A---- C:\Windows\system32\cscsvc.dll
2009-07-13 23:07:45 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2009-07-13 23:07:45 ----A---- C:\Windows\system32\advapi32.dll
2009-07-13 23:07:44 ----A---- C:\Windows\system32\vssapi.dll
2009-07-13 23:07:44 ----A---- C:\Windows\system32\slwmi.dll
2009-07-13 23:07:44 ----A---- C:\Windows\system32\PresentationHost.exe
2009-07-13 23:07:44 ----A---- C:\Windows\system32\NetProjW.dll
2009-07-13 23:07:44 ----A---- C:\Windows\system32\msxbde40.dll
2009-07-13 23:07:44 ----A---- C:\Windows\system32\mstscax.dll
2009-07-13 23:07:44 ----A---- C:\Windows\system32\msrepl40.dll
2009-07-13 23:07:44 ----A---- C:\Windows\system32\msexcl40.dll
2009-07-13 23:07:44 ----A---- C:\Windows\system32\comsvcs.dll
2009-07-13 23:07:44 ----A---- C:\Windows\system32\authui.dll
2009-07-13 23:07:43 ----A---- C:\Windows\system32\setupapi.dll
2009-07-13 23:07:43 ----A---- C:\Windows\system32\rpcss.dll
2009-07-13 23:07:43 ----A---- C:\Windows\system32\propsys.dll
2009-07-13 23:07:43 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-13 23:07:43 ----A---- C:\Windows\system32\newdev.dll
2009-07-13 23:07:43 ----A---- C:\Windows\system32\mspbde40.dll
2009-07-13 23:07:43 ----A---- C:\Windows\system32\iasrecst.dll
2009-07-13 23:07:43 ----A---- C:\Windows\system32\gpsvc.dll
2009-07-13 23:07:43 ----A---- C:\Windows\system32\eudcedit.exe
2009-07-13 23:07:43 ----A---- C:\Windows\system32\d3d9.dll
2009-07-13 23:07:43 ----A---- C:\Windows\system32\crypt32.dll
2009-07-13 23:07:43 ----A---- C:\Windows\explorer.exe
2009-07-13 23:07:42 ----A---- C:\Windows\system32\shlwapi.dll
2009-07-13 23:07:42 ----A---- C:\Windows\system32\msrd3x40.dll
2009-07-13 23:07:42 ----A---- C:\Windows\system32\msltus40.dll
2009-07-13 23:07:42 ----A---- C:\Windows\system32\msdtctm.dll
2009-07-13 23:07:42 ----A---- C:\Windows\system32\mfc42.dll
2009-07-13 23:07:42 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-07-13 23:07:42 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-07-13 23:07:42 ----A---- C:\Windows\system32\davclnt.dll
2009-07-13 23:07:41 ----A---- C:\Windows\system32\wevtapi.dll
2009-07-13 23:07:41 ----A---- C:\Windows\system32\photowiz.dll
2009-07-13 23:07:41 ----A---- C:\Windows\system32\nlhtml.dll
2009-07-13 23:07:41 ----A---- C:\Windows\system32\browseui.dll
2009-07-13 23:07:40 ----A---- C:\Windows\system32\win32spl.dll
2009-07-13 23:07:40 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-07-13 23:07:40 ----A---- C:\Windows\system32\user32.dll
2009-07-13 23:07:40 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-07-13 23:07:40 ----A---- C:\Windows\system32\samsrv.dll
2009-07-13 23:07:40 ----A---- C:\Windows\system32\quartz.dll
2009-07-13 23:07:40 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-07-13 23:07:40 ----A---- C:\Windows\system32\oleaut32.dll
2009-07-13 23:07:40 ----A---- C:\Windows\system32\msv1_0.dll
2009-07-13 23:07:40 ----A---- C:\Windows\system32\kerberos.dll
2009-07-13 23:07:40 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-07-13 23:07:40 ----A---- C:\Windows\system32\ci.dll
2009-07-13 23:07:39 ----A---- C:\Windows\system32\xmlfilter.dll
2009-07-13 23:07:39 ----A---- C:\Windows\system32\winhttp.dll
2009-07-13 23:07:39 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-07-13 23:07:39 ----A---- C:\Windows\system32\netshell.dll
2009-07-13 23:07:39 ----A---- C:\Windows\system32\mswstr10.dll
2009-07-13 23:07:39 ----A---- C:\Windows\system32\msvcrt.dll
2009-07-13 23:07:39 ----A---- C:\Windows\system32\msctf.dll
2009-07-13 23:07:39 ----A---- C:\Windows\system32\gdi32.dll
2009-07-13 23:07:39 ----A---- C:\Windows\system32\emdmgmt.dll
2009-07-13 23:07:39 ----A---- C:\Windows\system32\compcln.exe
2009-07-13 23:07:39 ----A---- C:\Windows\system32\audiosrv.dll
2009-07-13 23:07:39 ----A---- C:\Windows\system32\apds.dll
2009-07-13 23:07:38 ----A---- C:\Windows\system32\winresume.exe
2009-07-13 23:07:38 ----A---- C:\Windows\system32\wbengine.exe
2009-07-13 23:07:38 ----A---- C:\Windows\system32\VSSVC.exe
2009-07-13 23:07:38 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-07-13 23:07:38 ----A---- C:\Windows\system32\SLUI.exe
2009-07-13 23:07:38 ----A---- C:\Windows\system32\shdocvw.dll
2009-07-13 23:07:38 ----A---- C:\Windows\system32\propdefs.dll
2009-07-13 23:07:38 ----A---- C:\Windows\system32\odbc32.dll
2009-07-13 23:07:38 ----A---- C:\Windows\system32\msrd2x40.dll
2009-07-13 23:07:38 ----A---- C:\Windows\system32\mfc42u.dll
2009-07-13 23:07:38 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-07-13 23:07:38 ----A---- C:\Windows\system32\eapphost.dll
2009-07-13 23:07:38 ----A---- C:\Windows\system32\dbgeng.dll
2009-07-13 23:07:37 ----A---- C:\Windows\system32\wevtutil.exe
2009-07-13 23:07:37 ----A---- C:\Windows\system32\mssitlb.dll
2009-07-13 23:07:36 ----A---- C:\Windows\system32\WsmSvc.dll
2009-07-13 23:07:36 ----A---- C:\Windows\system32\usp10.dll
2009-07-13 23:07:36 ----A---- C:\Windows\system32\swprv.dll
2009-07-13 23:07:36 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-07-13 23:07:35 ----A---- C:\Windows\system32\WFS.exe
2009-07-13 23:07:35 ----A---- C:\Windows\system32\vds.exe
2009-07-13 23:07:35 ----A---- C:\Windows\system32\schannel.dll
2009-07-13 23:07:35 ----A---- C:\Windows\system32\netlogon.dll
2009-07-13 23:07:35 ----A---- C:\Windows\system32\msscb.dll
2009-07-13 23:07:35 ----A---- C:\Windows\system32\msctfp.dll
2009-07-13 23:07:35 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-07-13 23:07:35 ----A---- C:\Windows\system32\drvinst.exe
2009-07-13 23:07:35 ----A---- C:\Windows\system32\devmgr.dll
2009-07-13 23:07:35 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-07-13 23:07:35 ----A---- C:\Windows\system32\BFE.DLL
2009-07-13 23:07:35 ----A---- C:\Windows\system32\adsldpc.dll
2009-07-13 23:07:34 ----A---- C:\Windows\system32\WSDApi.dll
2009-07-13 23:07:34 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-07-13 23:07:34 ----A---- C:\Windows\system32\Wldap32.dll
2009-07-13 23:07:34 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-07-13 23:07:34 ----A---- C:\Windows\system32\wcnwiz.dll
2009-07-13 23:07:34 ----A---- C:\Windows\system32\services.exe
2009-07-13 23:07:34 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-07-13 23:07:34 ----A---- C:\Windows\system32\evr.dll
2009-07-13 23:07:33 ----A---- C:\Windows\system32\wercon.exe
2009-07-13 23:07:33 ----A---- C:\Windows\system32\wcncsvc.dll
2009-07-13 23:07:33 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-07-13 23:07:33 ----A---- C:\Windows\system32\taskeng.exe
2009-07-13 23:07:33 ----A---- C:\Windows\system32\rtffilt.dll
2009-07-13 23:07:33 ----A---- C:\Windows\system32\reg.exe
2009-07-13 23:07:33 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-07-13 23:07:33 ----A---- C:\Windows\system32\mswdat10.dll
2009-07-13 23:07:33 ----A---- C:\Windows\system32\msjter40.dll
2009-07-13 23:07:33 ----A---- C:\Windows\system32\msdtcprx.dll
2009-07-13 23:07:33 ----A---- C:\Windows\system32\msdrm.dll
2009-07-13 23:07:33 ----A---- C:\Windows\system32\mimefilt.dll
2009-07-13 23:07:33 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-07-13 23:07:33 ----A---- C:\Windows\system32\dnsapi.dll
2009-07-13 23:07:33 ----A---- C:\Windows\system32\comdlg32.dll
2009-07-13 23:07:33 ----A---- C:\Windows\system32\certcli.dll
2009-07-13 23:07:33 ----A---- C:\Windows\system32\adtschema.dll
2009-07-13 23:07:32 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-07-13 23:07:32 ----A---- C:\Windows\system32\w32time.dll
2009-07-13 23:07:32 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-07-13 23:07:32 ----A---- C:\Windows\system32\certutil.exe
2009-07-13 23:07:32 ----A---- C:\Windows\system32\bcrypt.dll
2009-07-13 23:07:31 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-07-13 23:07:31 ----A---- C:\Windows\system32\scrptadm.dll
2009-07-13 23:07:31 ----A---- C:\Windows\system32\rsaenh.dll
2009-07-13 23:07:31 ----A---- C:\Windows\system32\netapi32.dll
2009-07-13 23:07:31 ----A---- C:\Windows\system32\mtxclu.dll
2009-07-13 23:07:31 ----A---- C:\Windows\system32\msstrc.dll
2009-07-13 23:07:31 ----A---- C:\Windows\system32\msshooks.dll
2009-07-13 23:07:31 ----A---- C:\Windows\system32\msscntrs.dll
2009-07-13 23:07:31 ----A---- C:\Windows\system32\msihnd.dll
2009-07-13 23:07:31 ----A---- C:\Windows\system32\mscories.dll
2009-07-13 23:07:31 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-07-13 23:07:31 ----A---- C:\Windows\system32\inetpp.dll
2009-07-13 23:07:31 ----A---- C:\Windows\system32\inetcomm.dll
2009-07-13 23:07:31 ----A---- C:\Windows\system32\hidserv.dll
2009-07-13 23:07:31 ----A---- C:\Windows\system32\fundisc.dll
2009-07-13 23:07:31 ----A---- C:\Windows\system32\dfshim.dll
2009-07-13 23:07:31 ----A---- C:\Windows\system32\cryptsvc.dll
2009-07-13 23:07:31 ----A---- C:\Windows\system32\bthserv.dll
2009-07-13 23:07:30 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-07-13 23:07:30 ----A---- C:\Windows\system32\wdc.dll
2009-07-13 23:07:30 ----A---- C:\Windows\system32\termsrv.dll
2009-07-13 23:07:30 ----A---- C:\Windows\system32\shsvcs.dll
2009-07-13 23:07:30 ----A---- C:\Windows\system32\profsvc.dll
2009-07-13 23:07:30 ----A---- C:\Windows\system32\msiexec.exe
2009-07-13 23:07:30 ----A---- C:\Windows\system32\imapi.dll
2009-07-13 23:07:30 ----A---- C:\Windows\system32\gameux.dll
2009-07-13 23:07:30 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-07-13 23:07:30 ----A---- C:\Windows\system32\chsbrkr.dll
2009-07-13 23:07:29 ----A---- C:\Windows\system32\wmpmde.dll
2009-07-13 23:07:29 ----A---- C:\Windows\system32\wersvc.dll
2009-07-13 23:07:29 ----A---- C:\Windows\system32\spoolsv.exe
2009-07-13 23:07:29 ----A---- C:\Windows\system32\slmgr.vbs
2009-07-13 23:07:29 ----A---- C:\Windows\system32\scrrun.dll
2009-07-13 23:07:29 ----A---- C:\Windows\system32\rasmans.dll
2009-07-13 23:07:29 ----A---- C:\Windows\system32\PSHED.DLL
2009-07-13 23:07:29 ----A---- C:\Windows\system32\pnidui.dll
2009-07-13 23:07:29 ----A---- C:\Windows\system32\pidgenx.dll
2009-07-13 23:07:29 ----A---- C:\Windows\system32\pdh.dll
2009-07-13 23:07:29 ----A---- C:\Windows\system32\icardres.dll
2009-07-13 23:07:29 ----A---- C:\Windows\system32\iassdo.dll
2009-07-13 23:07:29 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-07-13 23:07:29 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-07-13 23:07:29 ----A---- C:\Windows\system32\azroles.dll
2009-07-13 23:07:29 ----A---- C:\Windows\system32\autofmt.exe
2009-07-13 23:07:28 ----A---- C:\Windows\system32\wisptis.exe
2009-07-13 23:07:28 ----A---- C:\Windows\system32\winlogon.exe
2009-07-13 23:07:28 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-07-13 23:07:28 ----A---- C:\Windows\system32\untfs.dll
2009-07-13 23:07:28 ----A---- C:\Windows\system32\taskcomp.dll
2009-07-13 23:07:28 ----A---- C:\Windows\system32\SyncCenter.dll
2009-07-13 23:07:28 ----A---- C:\Windows\system32\spp.dll
2009-07-13 23:07:28 ----A---- C:\Windows\system32\SLUINotify.dll
2009-07-13 23:07:28 ----A---- C:\Windows\system32\sethc.exe
2009-07-13 23:07:28 ----A---- C:\Windows\system32\scrobj.dll
2009-07-13 23:07:28 ----A---- C:\Windows\system32\rtutils.dll
2009-07-13 23:07:28 ----A---- C:\Windows\system32\ncrypt.dll
2009-07-13 23:07:28 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-07-13 23:07:28 ----A---- C:\Windows\system32\kd1394.dll
2009-07-13 23:07:28 ----A---- C:\Windows\system32\iassam.dll
2009-07-13 23:07:28 ----A---- C:\Windows\system32\dwm.exe
2009-07-13 23:07:28 ----A---- C:\Windows\system32\cscui.dll
2009-07-13 23:07:28 ----A---- C:\Windows\system32\comuid.dll
2009-07-13 23:07:28 ----A---- C:\Windows\system32\certmgr.dll
2009-07-13 23:07:28 ----A---- C:\Windows\system32\autochk.exe
2009-07-13 23:07:27 ----A---- C:\Windows\system32\wow32.dll
2009-07-13 23:07:27 ----A---- C:\Windows\system32\winsrv.dll
2009-07-13 23:07:27 ----A---- C:\Windows\system32\WinSCard.dll
2009-07-13 23:07:27 ----A---- C:\Windows\system32\winmm.dll
2009-07-13 23:07:27 ----A---- C:\Windows\system32\userenv.dll
2009-07-13 23:07:27 ----A---- C:\Windows\system32\spcmsg.dll
2009-07-13 23:07:27 ----A---- C:\Windows\system32\RelMon.dll
2009-07-13 23:07:27 ----A---- C:\Windows\system32\rdpencom.dll
2009-07-13 23:07:27 ----A---- C:\Windows\system32\printui.dll
2009-07-13 23:07:27 ----A---- C:\Windows\system32\osk.exe
2009-07-13 23:07:27 ----A---- C:\Windows\system32\onex.dll
2009-07-13 23:07:27 ----A---- C:\Windows\system32\mswsock.dll
2009-07-13 23:07:27 ----A---- C:\Windows\system32\kdusb.dll
2009-07-13 23:07:27 ----A---- C:\Windows\system32\kdcom.dll
2009-07-13 23:07:27 ----A---- C:\Windows\system32\iasnap.dll
2009-07-13 23:07:27 ----A---- C:\Windows\system32\cscript.exe
2009-07-13 23:07:27 ----A---- C:\Windows\system32\basecsp.dll
2009-07-13 23:07:27 ----A---- C:\Windows\system32\autoconv.exe
2009-07-13 23:07:27 ----A---- C:\Windows\system32\audiodg.exe
2009-07-13 23:07:26 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-07-13 23:07:26 ----A---- C:\Windows\system32\offfilt.dll
2009-07-13 23:07:26 ----A---- C:\Windows\system32\msftedit.dll
2009-07-13 23:07:26 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\wsepno.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\wscript.exe
2009-07-13 23:07:25 ----A---- C:\Windows\system32\wscntfy.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\wlansvc.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\wlangpui.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\wiaservc.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\WerFault.exe
2009-07-13 23:07:25 ----A---- C:\Windows\system32\vdsdyn.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\Utilman.exe
2009-07-13 23:07:25 ----A---- C:\Windows\system32\ulib.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\sysclass.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\stobject.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\SndVol.exe
2009-07-13 23:07:25 ----A---- C:\Windows\system32\secur32.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\rastls.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\rastapi.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\prnntfy.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\pnpsetup.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\odbccp32.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\msnetobj.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\mscms.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\mfplat.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\mcmde.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-07-13 23:07:25 ----A---- C:\Windows\system32\iashlpr.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\iasdatastore.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\gpapi.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\fdProxy.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\dsound.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\diskraid.exe
2009-07-13 23:07:25 ----A---- C:\Windows\system32\diskpart.exe
2009-07-13 23:07:25 ----A---- C:\Windows\system32\cryptui.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\brcpl.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\apphelp.dll
2009-07-13 23:07:25 ----A---- C:\Windows\system32\adsmsext.dll
2009-07-13 23:07:24 ----A---- C:\Windows\system32\zipfldr.dll
2009-07-13 23:07:24 ----A---- C:\Windows\system32\wusa.exe
2009-07-13 23:07:24 ----A---- C:\Windows\system32\wsnmp32.dll
2009-07-13 23:07:24 ----A---- C:\Windows\system32\wshext.dll
2009-07-13 23:07:24 ----A---- C:\Windows\system32\wscsvc.dll
2009-07-13 23:07:24 ----A---- C:\Windows\system32\wpccpl.dll
2009-07-13 23:07:24 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-07-13 23:07:24 ----A---- C:\Windows\system32\wer.dll
2009-07-13 23:07:24 ----A---- C:\Windows\system32\themecpl.dll
2009-07-13 23:07:24 ----A---- C:\Windows\system32\regsvc.dll
2009-07-13 23:07:24 ----A---- C:\Windows\system32\rasdlg.dll
2009-07-13 23:07:24 ----A---- C:\Windows\system32\rasapi32.dll
2009-07-13 23:07:24 ----A---- C:\Windows\system32\ntprint.dll
2009-07-13 23:07:24 ----A---- C:\Windows\system32\netiohlp.dll
2009-07-13 23:07:24 ----A---- C:\Windows\system32\netcenter.dll
2009-07-13 23:07:24 ----A---- C:\Windows\system32\mscorier.dll
2009-07-13 23:07:24 ----A---- C:\Windows\system32\logman.exe
2009-07-13 23:07:24 ----A---- C:\Windows\system32\iassvcs.dll
2009-07-13 23:07:24 ----A---- C:\Windows\system32\iasrad.dll
2009-07-13 23:07:24 ----A---- C:\Windows\system32\findstr.exe
2009-07-13 23:07:23 ----A---- C:\Windows\system32\uxsms.dll
2009-07-13 23:07:23 ----A---- C:\Windows\system32\tsbyuv.dll
2009-07-13 23:07:23 ----A---- C:\Windows\system32\srvsvc.dll
2009-07-13 23:07:23 ----A---- C:\Windows\system32\slcc.dll
2009-07-13 23:07:23 ----A---- C:\Windows\system32\scansetting.dll
2009-07-13 23:07:23 ----A---- C:\Windows\system32\powrprof.dll
2009-07-13 23:07:23 ----A---- C:\Windows\system32\powercpl.dll
2009-07-13 23:07:23 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-07-13 23:07:23 ----A---- C:\Windows\system32\ntmarta.dll
2009-07-13 23:07:23 ----A---- C:\Windows\system32\networkmap.dll
2009-07-13 23:07:23 ----A---- C:\Windows\system32\msutb.dll
2009-07-13 23:07:23 ----A---- C:\Windows\system32\mstsc.exe
2009-07-13 23:07:23 ----A---- C:\Windows\system32\mstlsapi.dll
2009-07-13 23:07:23 ----A---- C:\Windows\system32\mssprxy.dll
2009-07-13 23:07:23 ----A---- C:\Windows\system32\iasads.dll
2009-07-13 23:07:23 ----A---- C:\Windows\system32\iasacct.dll
2009-07-13 23:07:23 ----A---- C:\Windows\system32\authz.dll
2009-07-13 23:07:22 ----A---- C:\Windows\system32\wpcao.dll
2009-07-13 23:07:22 ----A---- C:\Windows\system32\wlanpref.dll
2009-07-13 23:07:22 ----A---- C:\Windows\system32\wlanhlp.dll
2009-07-13 23:07:22 ----A---- C:\Windows\system32\usercpl.dll
2009-07-13 23:07:22 ----A---- C:\Windows\system32\umrdp.dll
2009-07-13 23:07:22 ----A---- C:\Windows\system32\themeui.dll
2009-07-13 23:07:22 ----A---- C:\Windows\system32\systemcpl.dll
2009-07-13 23:07:22 ----A---- C:\Windows\system32\sud.dll
2009-07-13 23:07:22 ----A---- C:\Windows\system32\samlib.dll
2009-07-13 23:07:22 ----A---- C:\Windows\system32\rpchttp.dll
2009-07-13 23:07:22 ----A---- C:\Windows\system32\regapi.dll
2009-07-13 23:07:22 ----A---- C:\Windows\system32\qdvd.dll
2009-07-13 23:07:22 ----A---- C:\Windows\system32\pcaui.dll
2009-07-13 23:07:22 ----A---- C:\Windows\system32\newdev.exe
2009-07-13 23:07:22 ----A---- C:\Windows\system32\msinfo32.exe
2009-07-13 23:07:22 ----A---- C:\Windows\system32\mmci.dll
2009-07-13 23:07:22 ----A---- C:\Windows\system32\fveui.dll
2009-07-13 23:07:22 ----A---- C:\Windows\system32\fvecpl.dll
2009-07-13 23:07:22 ----A---- C:\Windows\system32\dot3svc.dll
2009-07-13 23:07:22 ----A---- C:\Windows\system32\cscobj.dll
2009-07-13 23:07:22 ----A---- C:\Windows\system32\connect.dll
2009-07-13 23:07:22 ----A---- C:\Windows\system32\brcplsiw.dll
2009-07-13 23:07:22 ----A---- C:\Windows\system32\autoplay.dll
2009-07-13 23:07:22 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-07-13 23:07:21 ----A---- C:\Windows\system32\wscisvif.dll
2009-07-13 23:07:21 ----A---- C:\Windows\system32\WindowsUltimateExtrasCPL.dll
2009-07-13 23:07:21 ----A---- C:\Windows\system32\vdsutil.dll
2009-07-13 23:07:21 ----A---- C:\Windows\system32\tapisrv.dll
2009-07-13 23:07:21 ----A---- C:\Windows\system32\sdclt.exe
2009-07-13 23:07:21 ----A---- C:\Windows\system32\scksp.dll
2009-07-13 23:07:21 ----A---- C:\Windows\system32\scesrv.dll
2009-07-13 23:07:21 ----A---- C:\Windows\system32\rekeywiz.exe
2009-07-13 23:07:21 ----A---- C:\Windows\system32\qedit.dll
2009-07-13 23:07:21 ----A---- C:\Windows\system32\psisdecd.dll
2009-07-13 23:07:21 ----A---- C:\Windows\system32\pnpui.dll
2009-07-13 23:07:21 ----A---- C:\Windows\system32\perfdisk.dll
2009-07-13 23:07:21 ----A---- C:\Windows\system32\oleprn.dll
2009-07-13 23:07:21 ----A---- C:\Windows\system32\ncryptui.dll
2009-07-13 23:07:21 ----A---- C:\Windows\system32\mpr.dll
2009-07-13 23:07:21 ----A---- C:\Windows\system32\imm32.dll
2009-07-13 23:07:21 ----A---- C:\Windows\system32\iaspolcy.dll
2009-07-13 23:07:21 ----A---- C:\Windows\system32\feclient.dll
2009-07-13 23:07:21 ----A---- C:\Windows\system32\Faultrep.dll
2009-07-13 23:07:21 ----A---- C:\Windows\system32\dpapimig.exe
2009-07-13 23:07:21 ----A---- C:\Windows\system32\dot3msm.dll
2009-07-13 23:07:21 ----A---- C:\Windows\system32\DeviceEject.exe
2009-07-13 23:07:21 ----A---- C:\Windows\system32\certreq.exe
2009-07-13 23:07:21 ----A---- C:\Windows\system32\AudioSes.dll
2009-07-13 23:07:20 ----A---- C:\Windows\system32\whealogr.dll
2009-07-13 23:07:20 ----A---- C:\Windows\system32\TSTheme.exe
2009-07-13 23:07:20 ----A---- C:\Windows\system32\tcpmon.dll
2009-07-13 23:07:20 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-07-13 23:07:20 ----A---- C:\Windows\system32\srcore.dll
2009-07-13 23:07:20 ----A---- C:\Windows\system32\spwinsat.dll
2009-07-13 23:07:20 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-07-13 23:07:20 ----A---- C:\Windows\system32\scecli.dll
2009-07-13 23:07:20 ----A---- C:\Windows\system32\SCardSvr.dll
2009-07-13 23:07:20 ----A---- C:\Windows\system32\rasplap.dll
2009-07-13 23:07:20 ----A---- C:\Windows\system32\rasgcw.dll
2009-07-13 23:07:20 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-07-13 23:07:20 ----A---- C:\Windows\system32\hdwwiz.exe
2009-07-13 23:07:20 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-07-13 23:07:20 ----A---- C:\Windows\system32\fdWSD.dll
2009-07-13 23:07:20 ----A---- C:\Windows\system32\conime.exe
2009-07-13 23:07:20 ----A---- C:\Windows\system32\cmmon32.exe
2009-07-13 23:07:20 ----A---- C:\Windows\system32\cmdial32.dll
2009-07-13 23:07:19 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-07-13 23:07:19 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-07-13 23:07:19 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-07-13 23:07:19 ----A---- C:\Windows\system32\wlanui.dll
2009-07-13 23:07:19 ----A---- C:\Windows\system32\wlanmsm.dll
2009-07-13 23:07:19 ----A---- C:\Windows\system32\wiaaut.dll
2009-07-13 23:07:19 ----A---- C:\Windows\system32\tscfgwmi.dll
2009-07-13 23:07:19 ----A---- C:\Windows\system32\SnippingTool.exe
2009-07-13 23:07:19 ----A---- C:\Windows\system32\shwebsvc.dll
2009-07-13 23:07:19 ----A---- C:\Windows\system32\shsetup.dll
2009-07-13 23:07:19 ----A---- C:\Windows\system32\rdpwsx.dll
2009-07-13 23:07:19 ----A---- C:\Windows\system32\rasppp.dll
2009-07-13 23:07:19 ----A---- C:\Windows\system32\rasmontr.dll
2009-07-13 23:07:19 ----A---- C:\Windows\system32\raschap.dll
2009-07-13 23:07:19 ----A---- C:\Windows\system32\PnPutil.exe
2009-07-13 23:07:19 ----A---- C:\Windows\system32\oobefldr.dll
2009-07-13 23:07:19 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-07-13 23:07:19 ----A---- C:\Windows\system32\mscandui.dll
2009-07-13 23:07:19 ----A---- C:\Windows\system32\modemui.dll
2009-07-13 23:07:19 ----A---- C:\Windows\system32\fontext.dll
2009-07-13 23:07:19 ----A---- C:\Windows\system32\dsprop.dll
2009-07-13 23:07:19 ----A---- C:\Windows\system32\dimsroam.dll
2009-07-13 23:07:19 ----A---- C:\Windows\system32\dataclen.dll
2009-07-13 23:07:19 ----A---- C:\Windows\system32\chtbrkr.dll
2009-07-13 23:07:19 ----A---- C:\Windows\system32\blackbox.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\wshbth.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\WSDMon.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\wsdchngr.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\wscapi.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\wpcsvc.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\wmpeffects.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\version.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\tsgqec.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\tscupgrd.exe
2009-07-13 23:07:18 ----A---- C:\Windows\system32\thawbrkr.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\Storprop.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\softkbd.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\smss.exe
2009-07-13 23:07:18 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\SLLUA.exe
2009-07-13 23:07:18 ----A---- C:\Windows\system32\slcinst.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\sendmail.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\rrinstaller.exe
2009-07-13 23:07:18 ----A---- C:\Windows\system32\rdpendp.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\rdpclip.exe
2009-07-13 23:07:18 ----A---- C:\Windows\system32\rasdial.exe
2009-07-13 23:07:18 ----A---- C:\Windows\system32\rasdiag.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\qprocess.exe
2009-07-13 23:07:18 ----A---- C:\Windows\system32\puiapi.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\PrintBrmUi.exe
2009-07-13 23:07:18 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\olepro32.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\ocsetup.exe
2009-07-13 23:07:18 ----A---- C:\Windows\system32\nslookup.exe
2009-07-13 23:07:18 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\networkexplorer.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\netplwiz.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\msscp.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\msjint40.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\msisip.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\msimtf.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\msctfui.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\mprapi.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\mmcico.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\mfps.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\mfpmp.exe
2009-07-13 23:07:18 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\logagent.exe
2009-07-13 23:07:18 ----A---- C:\Windows\system32\l2nacp.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\ipconfig.exe
2009-07-13 23:07:18 ----A---- C:\Windows\system32\input.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\InkEd.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\ifmon.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\hbaapi.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\gpscript.exe
2009-07-13 23:07:18 ----A---- C:\Windows\system32\gpscript.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\gpresult.exe
2009-07-13 23:07:18 ----A---- C:\Windows\system32\gpprnext.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\ftp.exe
2009-07-13 23:07:18 ----A---- C:\Windows\system32\fdWCN.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\fdSSDP.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\fdeploy.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\fc.exe
2009-07-13 23:07:18 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\eappgnui.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\eappcfg.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\eapp3hst.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\dot3cfg.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\dmusic.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\dmsynth.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\CscMig.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\cscdll.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\cscapi.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\credui.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\cipher.exe
2009-07-13 23:07:18 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\chgport.exe
2009-07-13 23:07:18 ----A---- C:\Windows\system32\certprop.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\cdd.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\bthudtask.exe
2009-07-13 23:07:18 ----A---- C:\Windows\system32\bthci.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\appmgmts.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-07-13 23:07:18 ----A---- C:\Windows\system32\aaclient.dll
2009-07-13 23:07:17 ----A---- C:\Windows\system32\wmploc.DLL
2009-07-13 23:07:17 ----A---- C:\Windows\system32\winrnr.dll
2009-07-13 23:07:17 ----A---- C:\Windows\system32\vdmdbg.dll
2009-07-13 23:07:17 ----A---- C:\Windows\system32\tskill.exe
2009-07-13 23:07:17 ----A---- C:\Windows\system32\tsdiscon.exe
2009-07-13 23:07:17 ----A---- C:\Windows\system32\tscon.exe
2009-07-13 23:07:17 ----A---- C:\Windows\system32\spwmp.dll
2009-07-13 23:07:17 ----A---- C:\Windows\system32\slwga.dll
2009-07-13 23:07:17 ----A---- C:\Windows\system32\shadow.exe
2009-07-13 23:07:17 ----A---- C:\Windows\system32\rwinsta.exe
2009-07-13 23:07:17 ----A---- C:\Windows\system32\reset.exe
2009-07-13 23:07:17 ----A---- C:\Windows\system32\query.exe
2009-07-13 23:07:17 ----A---- C:\Windows\system32\qappsrv.exe
2009-07-13 23:07:17 ----A---- C:\Windows\system32\odbcconf.dll
2009-07-13 23:07:17 ----A---- C:\Windows\system32\NcdProp.dll
2009-07-13 23:07:17 ----A---- C:\Windows\system32\msimsg.dll
2009-07-13 23:07:17 ----A---- C:\Windows\system32\midimap.dll
2009-07-13 23:07:17 ----A---- C:\Windows\system32\mferror.dll
2009-07-13 23:07:17 ----A---- C:\Windows\system32\logoff.exe
2009-07-13 23:07:17 ----A---- C:\Windows\system32\iscsilog.dll
2009-07-13 23:07:17 ----A---- C:\Windows\system32\inetppui.dll
2009-07-13 23:07:17 ----A---- C:\Windows\system32\gpupdate.exe
2009-07-13 23:07:17 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-07-13 23:07:17 ----A---- C:\Windows\system32\dxmasf.dll
2009-07-13 23:07:17 ----A---- C:\Windows\system32\csrstub.exe
2009-07-13 23:07:17 ----A---- C:\Windows\system32\chgusr.exe
2009-07-13 23:07:17 ----A---- C:\Windows\system32\chglogon.exe
2009-07-13 23:07:17 ----A---- C:\Windows\system32\change.exe
2009-07-13 23:07:17 ----A---- C:\Windows\system32\cbsra.exe
2009-07-13 23:07:17 ----A---- C:\Windows\system32\bitsigd.dll
2009-07-13 23:07:17 ----A---- C:\Windows\system32\atmlib.dll
2009-07-13 23:07:13 ----A---- C:\Windows\system32\wdscore.dll
2009-07-13 23:07:13 ----A---- C:\Windows\system32\SmiEngine.dll
2009-07-13 23:07:13 ----A---- C:\Windows\system32\PkgMgr.exe
2009-07-13 23:07:12 ----A---- C:\Windows\system32\drvstore.dll
2009-07-13 22:56:46 ----D---- C:\Windows\fr-FR
2009-07-13 22:56:44 ----D---- C:\Windows\system32\fr
2009-07-13 22:56:44 ----D---- C:\Windows\system32\040C
2009-07-13 22:56:42 ----D---- C:\Program Files\BitLocker
2009-07-13 22:49:47 ----D---- C:\Windows\system32\WindowsPowerShell
2009-07-13 22:44:31 ----A---- C:\Windows\system32\wgaer_m.exe
2009-07-13 21:00:32 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-13 21:00:17 ----D---- C:\Program Files\Microsoft
2009-07-13 21:00:03 ----D---- C:\Program Files\Windows Live SkyDrive
2009-07-13 20:59:52 ----D---- C:\Program Files\Windows Live
2009-07-13 20:59:48 ----D---- C:\Windows\PCHEALTH
2009-07-13 20:59:43 ----A---- C:\Windows\system32\d3dx9_32.dll
2009-07-13 20:59:14 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-07-13 20:54:24 ----D---- C:\Program Files\Common Files\Windows Live
2009-07-13 20:02:45 ----A---- C:\Windows\system32\DreamScene.dll
2009-07-13 19:57:00 ----D---- C:\Program Files\Microsoft Office
2009-07-13 19:55:23 ----RHD---- C:\MSOCache
2009-07-13 19:47:43 ----A---- C:\Windows\system32\D3DX9_39.dll
2009-07-13 19:35:44 ----A---- C:\Windows\system32\msonpmon.dll
2009-07-13 19:32:35 ----D---- C:\ProgramData\Microsoft Help
2009-07-13 19:24:16 ----A---- C:\Windows\system32\SecureKeyBackupCPL.dll
2009-07-13 19:15:43 ----A---- C:\Windows\system32\netfxperf.dll
2009-07-13 19:14:16 ----A---- C:\Windows\system32\wininet.dll
2009-07-13 19:14:16 ----A---- C:\Windows\system32\urlmon.dll
2009-07-13 19:14:16 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-13 19:14:16 ----A---- C:\Windows\system32\ieui.dll
2009-07-13 19:14:16 ----A---- C:\Windows\system32\iesetup.dll
2009-07-13 19:14:16 ----A---- C:\Windows\system32\iertutil.dll
2009-07-13 19:14:16 ----A---- C:\Windows\system32\iernonce.dll
2009-07-13 19:14:16 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-13 19:14:16 ----A---- C:\Windows\system32\ie4uinit.exe
2009-07-13 19:14:15 ----A---- C:\Windows\system32\mshtml.dll
2009-07-13 19:14:15 ----A---- C:\Windows\system32\ieframe.dll
2009-07-13 19:13:48 ----A---- C:\Windows\system32\msls31.dll
2009-07-13 19:13:48 ----A---- C:\Windows\system32\mshtmler.dll
2009-07-13 19:13:48 ----A---- C:\Windows\system32\mshtmled.dll
2009-07-13 19:13:48 ----A---- C:\Windows\system32\icardie.dll
2009-07-13 19:13:48 ----A---- C:\Windows\system32\admparse.dll
2009-07-13 19:13:47 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-07-13 19:13:47 ----A---- C:\Windows\system32\wextract.exe
2009-07-13 19:13:47 ----A---- C:\Windows\system32\webcheck.dll
2009-07-13 19:13:47 ----A---- C:\Windows\system32\occache.dll
2009-07-13 19:13:47 ----A---- C:\Windows\system32\mstime.dll
2009-07-13 19:13:47 ----A---- C:\Windows\system32\msrating.dll
2009-07-13 19:13:47 ----A---- C:\Windows\system32\msfeedssync.exe
2009-07-13 19:13:47 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-07-13 19:13:47 ----A---- C:\Windows\system32\licmgr10.dll
2009-07-13 19:13:47 ----A---- C:\Windows\system32\inseng.dll
2009-07-13 19:13:47 ----A---- C:\Windows\system32\imgutil.dll
2009-07-13 19:13:47 ----A---- C:\Windows\system32\iepeers.dll
2009-07-13 19:13:47 ----A---- C:\Windows\system32\ieakui.dll
2009-07-13 19:13:47 ----A---- C:\Windows\system32\ieaksie.dll
2009-07-13 19:13:47 ----A---- C:\Windows\system32\ieakeng.dll
2009-07-13 19:13:47 ----A---- C:\Windows\system32\dxtrans.dll
2009-07-13 19:13:47 ----A---- C:\Windows\system32\dxtmsft.dll
2009-07-13 19:13:47 ----A---- C:\Windows\system32\corpol.dll
2009-07-13 19:13:46 ----A---- C:\Windows\system32\vbscript.dll
2009-07-13 19:13:46 ----A---- C:\Windows\system32\url.dll
2009-07-13 19:13:46 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-07-13 19:13:46 ----A---- C:\Windows\system32\SetDepNx.exe
2009-07-13 19:13:46 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-07-13 19:13:46 ----A---- C:\Windows\system32\pngfilt.dll
2009-07-13 19:13:46 ----A---- C:\Windows\system32\PDMSetup.exe
2009-07-13 19:13:46 ----A---- C:\Windows\system32\mshta.exe
2009-07-13 19:13:46 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-13 19:13:46 ----A---- C:\Windows\system32\jscript.dll
2009-07-13 19:13:46 ----A---- C:\Windows\system32\iexpress.exe
2009-07-13 19:13:46 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-13 19:13:46 ----A---- C:\Windows\system32\iesysprep.dll
2009-07-13 19:13:46 ----A---- C:\Windows\system32\ieapfltr.dll
2009-07-13 19:13:46 ----A---- C:\Windows\system32\advpack.dll
2009-07-13 19:02:14 ----A---- C:\Windows\system32\localspl.dll
2009-07-13 19:02:12 ----A---- C:\Windows\system32\kbd106n.dll
2009-07-13 19:01:47 ----A---- C:\Windows\system32\rpcrt4.dll
2009-07-13 18:56:08 ----A---- C:\Windows\system32\wups2.dll
2009-07-13 18:56:08 ----A---- C:\Windows\system32\wucltux.dll
2009-07-13 18:56:08 ----A---- C:\Windows\system32\wuaueng.dll
2009-07-13 18:56:08 ----A---- C:\Windows\system32\wuauclt.exe
2009-07-13 18:56:01 ----A---- C:\Windows\system32\wups.dll
2009-07-13 18:56:01 ----A---- C:\Windows\system32\wudriver.dll
2009-07-13 18:56:01 ----A---- C:\Windows\system32\wuapi.dll
2009-07-13 18:55:58 ----A---- C:\Windows\system32\wuwebv.dll
2009-07-13 18:55:58 ----A---- C:\Windows\system32\wuapp.exe
2009-07-13 18:53:38 ----D---- C:\ProgramData\NVIDIA
2009-07-13 18:51:27 ----A---- C:\Windows\system32\nvcpluir.dll
2009-07-13 18:50:33 ----A---- C:\Windows\system32\NVUNINST.EXE
2009-07-13 18:49:56 ----D---- C:\Program Files\EVGA
2009-07-13 18:49:17 ----SHD---- C:\Windows\Installer
2009-07-13 18:48:38 ----RA---- C:\Windows\system32\xRaidAPI.dll
2009-07-13 18:48:37 ----RA---- C:\Windows\system32\xRaidSetup.exe
2009-07-13 18:48:37 ----D---- C:\RaidTool
2009-07-13 18:48:06 ----D---- C:\Windows\RaidTool
2009-07-13 18:46:42 ----D---- C:\Users\Isaac\AppData\Roaming\InstallShield
2009-07-13 18:45:11 ----A---- C:\Windows\DIFxAPI.dll
2009-07-13 18:45:10 ----D---- C:\Program Files\Realtek
2009-07-13 18:45:07 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-13 18:45:02 ----HD---- C:\Program Files\Temp
2009-07-13 18:45:01 ----D---- C:\Program Files\Common Files\InstallShield
2009-07-13 18:42:19 ----A---- C:\Windows\system32\CSVer.dll
2009-07-13 18:42:18 ----D---- C:\Program Files\Intel
2009-07-13 18:41:55 ----D---- C:\Intel
2009-07-13 18:29:22 ----D---- C:\Users\Isaac\AppData\Roaming\Identities
2009-07-13 18:29:17 ----SD---- C:\Users\Isaac\AppData\Roaming\Microsoft
2009-07-13 18:29:17 ----D---- C:\Users\Isaac\AppData\Roaming\Media Center Programs
2009-07-13 08:32:47 ----D---- C:\Windows\Panther
2009-07-13 08:32:34 ----RAS---- C:\BOOTSECT.BAK
2009-07-13 08:32:33 ----SHD---- C:\Boot
2009-07-13 08:24:55 ----D---- C:\Windows\Debug
2009-07-13 07:35:58 ----D---- C:\Windows\SoftwareDistribution
2009-07-13 07:34:46 ----D---- C:\Windows\CSC
2009-07-13 07:34:01 ----D---- C:\Windows\Prefetch
2009-07-13 07:33:54 ----SHD---- C:\System Volume Information
2009-06-10 08:35:02 ----A---- C:\Windows\system32\nvcplui.exe
2009-06-10 08:35:00 ----A---- C:\Windows\system32\nvsvs.dll
2009-06-10 08:34:52 ----A---- C:\Windows\system32\nvwss.dll
2009-06-10 08:34:48 ----A---- C:\Windows\system32\nvvsvc.exe
2009-06-10 08:34:48 ----A---- C:\Windows\system32\nvvitvs.dll
2009-06-10 08:34:48 ----A---- C:\Windows\system32\nvmobls.dll
2009-06-10 08:34:48 ----A---- C:\Windows\system32\nvmccss.dll
2009-06-10 08:34:48 ----A---- C:\Windows\system32\nvgames.dll
2009-06-10 08:34:48 ----A---- C:\Windows\system32\nvdisps.dll
2009-06-10 08:34:46 ----A---- C:\Windows\system32\nvsvc.dll
2009-06-10 08:34:46 ----A---- C:\Windows\system32\nvshext.dll
2009-06-10 08:34:46 ----A---- C:\Windows\system32\nvmctray.dll
2009-06-10 08:34:46 ----A---- C:\Windows\system32\nvcpl.dll
2009-06-10 06:33:20 ----A---- C:\Windows\system32\nvStInst.exe
2009-06-10 06:33:18 ----A---- C:\Windows\system32\nvstlink.exe
2009-06-10 06:33:08 ----A---- C:\Windows\system32\nvstwiz.exe
2009-06-10 06:33:06 ----A---- C:\Windows\system32\nvStereoApiI.dll
2009-06-10 06:33:04 ----A---- C:\Windows\system32\nvStereoApiI64.dll
2009-06-10 06:33:00 ----A---- C:\Windows\system32\nvSCPAPISvr.exe
2009-06-10 06:32:54 ----A---- C:\Windows\system32\nvSCPAPI.dll
2009-06-10 06:32:48 ----A---- C:\Windows\system32\nvSCPAPI64.dll
2009-06-10 06:32:40 ----A---- C:\Windows\system32\nvstres.dll
2009-06-10 06:31:56 ----A---- C:\Windows\system32\nvstreg.exe
2009-06-10 06:31:46 ----A---- C:\Windows\system32\nvsttest.exe
2009-06-10 06:31:12 ----A---- C:\Windows\system32\nvstview.exe
2009-06-10 06:31:04 ----A---- C:\Windows\system32\nvimage.dll
2009-06-10 06:03:00 ----A---- C:\Windows\system32\nvwgf2um.dll
2009-06-10 06:03:00 ----A---- C:\Windows\system32\nvudisp.exe
2009-06-10 06:03:00 ----A---- C:\Windows\system32\nvoglv32.dll
2009-06-10 06:03:00 ----A---- C:\Windows\system32\nvcuvid.dll
2009-06-10 06:03:00 ----A---- C:\Windows\system32\nvcuvenc.dll
2009-06-10 06:03:00 ----A---- C:\Windows\system32\nvcuda.dll
2009-06-10 06:03:00 ----A---- C:\Windows\system32\nvcod155.dll
2009-06-10 06:03:00 ----A---- C:\Windows\system32\nvcod.dll
2009-04-30 09:02:00 ----A---- C:\Windows\system32\nvcod146.dll
2009-04-28 09:55:06 ----A---- C:\Windows\system32\PhysXLoader.dll

======List of files/folders modified in the last 3 months======

2009-07-24 15:12:12 ----D---- C:\Windows\Temp
2009-07-24 15:10:32 ----D---- C:\Windows\System32
2009-07-24 15:07:40 ----D---- C:\Windows\inf
2009-07-24 15:07:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-24 15:01:24 ----D---- C:\Windows
2009-07-24 14:58:35 ----D---- C:\Windows\system32\drivers
2009-07-24 14:16:03 ----RD---- C:\Program Files
2009-07-23 22:09:18 ----D---- C:\Windows\Logs
2009-07-23 20:57:28 ----D---- C:\Windows\winsxs
2009-07-23 20:57:28 ----D---- C:\Program Files\Internet Explorer
2009-07-23 20:51:22 ----D---- C:\Windows\system32\LogFiles
2009-07-23 20:25:24 ----D---- C:\Windows\system32\catroot2
2009-07-23 19:32:07 ----D---- C:\Windows\system32\catroot
2009-07-19 22:17:25 ----D---- C:\Windows\system32\WDI
2009-07-19 18:30:16 ----SD---- C:\ProgramData\Microsoft
2009-07-18 00:36:29 ----D---- C:\Windows\twain_32
2009-07-18 00:33:31 ----HD---- C:\ProgramData
2009-07-18 00:32:56 ----SD---- C:\Windows\Downloaded Program Files
2009-07-18 00:32:56 ----D---- C:\Program Files\Common Files
2009-07-16 18:04:01 ----D---- C:\Windows\Tasks
2009-07-16 18:04:01 ----D---- C:\Windows\system32\Tasks
2009-07-15 19:07:39 ----RSD---- C:\Windows\assembly
2009-07-15 18:34:29 ----D---- C:\Program Files\Windows Mail
2009-07-14 23:54:52 ----RSD---- C:\Windows\Fonts
2009-07-14 23:25:54 ----D---- C:\Program Files\Microsoft Games
2009-07-14 22:11:42 ----D---- C:\Program Files\Windows Media Player
2009-07-14 20:29:14 ----D---- C:\Windows\rescache
2009-07-14 00:21:15 ----D---- C:\Program Files\Common Files\microsoft shared
2009-07-14 00:03:47 ----D---- C:\Windows\system32\fr-FR
2009-07-14 00:03:47 ----D---- C:\Windows\system32\en-US
2009-07-13 23:34:51 ----D---- C:\Windows\Microsoft.NET
2009-07-13 23:18:24 ----D---- C:\Windows\servicing
2009-07-13 23:18:24 ----D---- C:\Windows\ehome
2009-07-13 23:18:24 ----D---- C:\Program Files\Windows Sidebar
2009-07-13 23:18:24 ----D---- C:\Program Files\Windows Photo Gallery
2009-07-13 23:18:24 ----D---- C:\Program Files\Windows Journal
2009-07-13 23:18:24 ----D---- C:\Program Files\Windows Defender
2009-07-13 23:18:24 ----D---- C:\Program Files\Windows Collaboration
2009-07-13 23:18:24 ----D---- C:\Program Files\Windows Calendar
2009-07-13 23:18:24 ----D---- C:\Program Files\Movie Maker
2009-07-13 23:18:24 ----D---- C:\Program Files\Common Files\System
2009-07-13 23:18:22 ----D---- C:\Windows\system32\XPSViewer
2009-07-13 23:18:22 ----D---- C:\Windows\system32\sk-SK
2009-07-13 23:18:22 ----D---- C:\Windows\system32\lv-LV
2009-07-13 23:18:22 ----D---- C:\Windows\system32\ko-KR
2009-07-13 23:18:22 ----D---- C:\Windows\system32\hr-HR
2009-07-13 23:18:22 ----D---- C:\Windows\system32\et-EE
2009-07-13 23:18:22 ----D---- C:\Windows\system32\da-DK
2009-07-13 23:18:22 ----D---- C:\Windows\PolicyDefinitions
2009-07-13 23:18:22 ----D---- C:\Windows\IME
2009-07-13 23:18:19 ----D---- C:\Windows\system32\ru-RU
2009-07-13 23:18:19 ----D---- C:\Windows\system32\oobe
2009-07-13 23:18:19 ----D---- C:\Windows\system32\migration
2009-07-13 23:18:19 ----D---- C:\Windows\system32\it-IT
2009-07-13 23:18:19 ----D---- C:\Windows\system32\el-GR
2009-07-13 23:18:19 ----D---- C:\Windows\system32\de-DE
2009-07-13 23:18:19 ----D---- C:\Windows\system32\AdvancedInstallers
2009-07-13 23:18:18 ----D---- C:\Windows\system32\zh-TW
2009-07-13 23:18:18 ----D---- C:\Windows\system32\zh-CN
2009-07-13 23:18:18 ----D---- C:\Windows\system32\wbem
2009-07-13 23:18:18 ----D---- C:\Windows\system32\uk-UA
2009-07-13 23:18:18 ----D---- C:\Windows\system32\tr-TR
2009-07-13 23:18:18 ----D---- C:\Windows\system32\th-TH
2009-07-13 23:18:18 ----D---- C:\Windows\system32\sv-SE
2009-07-13 23:18:18 ----D---- C:\Windows\system32\sr-Latn-CS
2009-07-13 23:18:18 ----D---- C:\Windows\system32\SLUI
2009-07-13 23:18:18 ----D---- C:\Windows\system32\sl-SI
2009-07-13 23:18:18 ----D---- C:\Windows\system32\setup
2009-07-13 23:18:18 ----D---- C:\Windows\system32\ro-RO
2009-07-13 23:18:18 ----D---- C:\Windows\system32\pt-PT
2009-07-13 23:18:18 ----D---- C:\Windows\system32\pl-PL
2009-07-13 23:18:18 ----D---- C:\Windows\system32\nl-NL
2009-07-13 23:18:18 ----D---- C:\Windows\system32\nb-NO
2009-07-13 23:18:18 ----D---- C:\Windows\system32\manifeststore
2009-07-13 23:18:18 ----D---- C:\Windows\system32\lt-LT
2009-07-13 23:18:18 ----D---- C:\Windows\system32\ja-JP
2009-07-13 23:18:18 ----D---- C:\Windows\system32\hu-HU
2009-07-13 23:18:18 ----D---- C:\Windows\system32\he-IL
2009-07-13 23:18:18 ----D---- C:\Windows\system32\fi-FI
2009-07-13 23:18:18 ----D---- C:\Windows\system32\es-ES
2009-07-13 23:18:18 ----D---- C:\Windows\system32\en
2009-07-13 23:18:18 ----D---- C:\Windows\system32\cs-CZ
2009-07-13 23:18:18 ----D---- C:\Windows\system32\bg-BG
2009-07-13 23:18:18 ----D---- C:\Windows\system32\ar-SA
2009-07-13 23:18:17 ----D---- C:\Windows\system32\pt-BR
2009-07-13 23:18:17 ----D---- C:\Windows\system32\migwiz
2009-07-13 23:18:12 ----D---- C:\Windows\AppPatch
2009-07-13 23:18:08 ----D---- C:\Windows\system32\Boot
2009-07-13 22:56:52 ----D---- C:\Windows\Web
2009-07-13 22:56:46 ----D---- C:\Windows\WindowsMobile
2009-07-13 22:56:46 ----D---- C:\Windows\system32\winrm
2009-07-13 22:56:46 ----D---- C:\Windows\system32\Branding
2009-07-13 22:56:46 ----D---- C:\Windows\MSAgent
2009-07-13 22:56:46 ----D---- C:\Windows\DigitalLocker
2009-07-13 22:56:44 ----D---- C:\Windows\system32\WCN
2009-07-13 22:56:44 ----D---- C:\Windows\system32\sysprep
2009-07-13 22:56:44 ----D---- C:\Windows\system32\slmgr
2009-07-13 22:56:44 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2009-07-13 22:56:44 ----D---- C:\Windows\system32\MUI
2009-07-13 22:56:44 ----D---- C:\Windows\system32\DriverStore
2009-07-13 22:56:43 ----D---- C:\Windows\system32\com
2009-07-13 19:57:20 ----D---- C:\Windows\ShellNew
2009-07-13 19:13:15 ----RSD---- C:\Windows\Media
2009-07-13 18:51:25 ----D---- C:\Windows\Help
2009-07-13 18:42:20 ----D---- C:\Windows\system32\restore
2009-07-13 18:29:29 ----SHD---- C:\$Recycle.Bin
2009-07-13 18:29:17 ----RD---- C:\Users
2009-07-07 10:10:56 ----A---- C:\Windows\system32\mrt.exe
2009-06-10 06:03:00 ----A---- C:\Windows\system32\nvd3dum.dll
2009-06-10 06:03:00 ----A---- C:\Windows\system32\nvapi.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-07-17 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-07-14 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-07-14 108552]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-10 351744]
R1 InCDRec;Nero UDF File System Recognizer Driver; C:\Windows\system32\DRIVERS\InCDRec.sys [2009-05-08 19096]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 InCDFs;Nero UDF File System Driver; C:\Windows\system32\DRIVERS\InCDFs.sys [2009-05-08 129944]
R3 InCDPass;Nero InCDPass Driver; C:\Windows\system32\DRIVERS\InCDPass.sys [2009-05-08 48280]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-03-24 2346016]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-06-10 9899296]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-11-10 135680]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S1 rbadza;RAMDAC XGPU Controller; C:\Windows\system32\rbadza.sys []
S2 cfbqjj;cfbqjj; C:\Windows\system32\drivers\xvjeyl.sys []
S2 enhjIim;enhjIim; C:\Windows\system32\drivers\rekodsvd.sys []
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\Windows\System32\Drivers\BrSerIf.sys [2006-12-12 52224]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 InCDSrv;InCD Helper; C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe [2009-05-08 1493528]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
R2 NeroRegInCDSrv;Nero Registry InCD Service; C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [2009-05-08 109080]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-06-10 211488]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SlingAgentService;SlingAgentService; C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe [2009-04-27 93960]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Windows\System32\nvSCPAPISvr.exe [2009-06-10 232960]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
S2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-17 907032]
S2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-14 298776]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-14 133104]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-01-09 410976]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-20 523776]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-11 918528]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S4 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-20 21504]

-----------------EOF-----------------

#5 dadrivr

dadrivr
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 24 July 2009 - 03:18 PM

info.txt logfile of random's system information tool 1.06 2009-07-23 23:54:28

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
Ad-Aware-->"C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Advertising Center-->MsiExec.exe /X{b2ec4a38-b545-4a00-8214-13fe0e915e6d}
Allway Sync version 9.2.15-->"C:\Program Files\Allway Sync\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ashampoo WinOptimizer 6.23-->"C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Brother MFL-Pro Suite-->"C:\Program Files\InstallShield Installation Information\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}\Setup.exe" -runfromtemp -l0x0009 Brunin03.dll -removeonly
Call of Duty® - World at War™-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Corel VideoStudio 12-->C:\Program Files\InstallShield Installation Information\{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}\setup.exe -runfromtemp -l0x0409
DolbyFiles-->MsiExec.exe /X{b1adf008-e898-4fe2-8a1f-690d9a06acaf}
Easy CD-DA Extractor 12-->"C:\Windows\Easy CD-DA Extractor 12\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 12\irunin.xml"
EVGA E-LEET-->MsiExec.exe /X{CD1DF19E-4ED2-43F5-9E07-D4DD22D1671E}
EVGA Precision 1.7.1-->"C:\Program Files\EVGA Precision\uninstall.exe"
File Renamer - Basic-->"C:\Windows\File Renamer - Basic Uninstaller.exe"
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
G*Power 3.1.0-->MsiExec.exe /I{46A2BEFB-F20E-4A4C-A369-69F7FB7F4E83}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
InCD-->MsiExec.exe /X{d52fe806-3105-44a5-8d42-2291dec16463}
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
K-Lite Codec Pack 5.0.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Last.fm 1.5.4.24567-->"C:\Program Files\Last.fm\unins000.exe"
LifeFrame2-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Menu Templates - Starter Kit-->MsiExec.exe /X{b78120a0-cf84-4366-a393-4d0a59bc546c}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Flight Simulator X Service Pack 1-->C:\Windows\system32\msiexec.exe /qb /l*vx "%TEMP%\FlightSimPatchUninstall.log" /uninstall {92635E02-4C29-4A8F-AA82-7B8B95C823D3} /package {9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X-->MsiExec.exe /X{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Movie Templates - Starter Kit-->MsiExec.exe /X{e498385e-1c51-459a-b45f-1721e37aa1a0}
MozBackup 1.4.9-->C:\Program Files\MozBackup\Uninstall.exe
Mozilla Firefox (3.5.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MusicBrainz Picard 0.11-->C:\Program Files\MusicBrainz Picard\uninst.exe
Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-209M-AH6P-5UW0-WHAW-C53X-473X-79MH"
Nero BurnRights-->MsiExec.exe /X{7829db6f-a066-4e40-8912-cb07887c20bb}
Nero ControlCenter-->MsiExec.exe /X{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
Nero CoverDesigner-->MsiExec.exe /X{62ac81f6-bdd3-4110-9d36-3e9eaab40999}
Nero Disc Copy Gadget-->MsiExec.exe /X{f1861f30-3419-44db-b2a1-c274825698b3}
Nero DiscSpeed-->MsiExec.exe /X{869200db-287a-4dc0-b02b-2b6787fbcd4c}
Nero DriveSpeed-->MsiExec.exe /X{33cf58f5-48d8-4575-83d6-96f574e4d83a}
Nero InfoTool-->MsiExec.exe /X{fbcdfd61-7dcf-4e71-9226-873ba0053139}
Nero Installer-->MsiExec.exe /X{e8a80433-302b-4ff1-815d-fcc8eac482ff}
Nero Live-->MsiExec.exe /X{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}
Nero PhotoSnap-->MsiExec.exe /X{9e82b934-9a25-445b-b8df-8012808074ac}
Nero Recode-->MsiExec.exe /X{359cfc0a-beb1-440d-95ba-cf63a86da34f}
Nero Rescue Agent-->MsiExec.exe /X{368ba326-73ad-4351-84ed-3c0a7a52cc53}
Nero ShowTime-->MsiExec.exe /X{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}
Nero StartSmart-->MsiExec.exe /X{7748ac8c-18e3-43bb-959b-088faea16fb2}
Nero Vision-->MsiExec.exe /X{43e39830-1826-415d-8bae-86845787b54b}
Nero WaveEditor-->MsiExec.exe /X{a209525b-3377-43f4-b886-32f6b6e7356f}
NeroBurningROM-->MsiExec.exe /X{d025a639-b9c9-417d-8531-208859000af8}
NeroExpress-->MsiExec.exe /X{595a3116-40bb-4e0f-a2e8-d7951da56270}
NeroLiveGadget-->MsiExec.exe /X{9e9fdde6-2c26-492a-85a0-05646b3f2795}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
NVIDIA Stereoscopic 3D Driver-->C:\Windows\system32\nvStInst.exe /uninstall /ask
PaperPort Image Printer-->MsiExec.exe /X{2BC2781A-F7F6-452E-95EB-018A522F1B2C}
Password Reveal Pro-->C:\PROGRA~1\Camtech\PASSWO~1\UNWISE.EXE C:\PROGRA~1\Camtech\PASSWO~1\INSTALL.LOG
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime Alternative 2.9.0-->"C:\Program Files\QuickTime Alternative\unins000.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Real Alternative 1.9.0-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
ScanSoft PaperPort 11-->MsiExec.exe /I{7A8FF745-BBC5-482B-88E4-18D3178249A9}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Skype web features-->MsiExec.exe /I{F1362843-0E0E-4F74-8662-724CF101ADCE}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SlingPlayer-->"C:\Program Files\InstallShield Installation Information\{3D08333C-C366-425D-8C2D-D05630D68A46}\setup.exe" -runfromtemp -l0x0409 -removeonly
SlingPlayer-->MsiExec.exe /X{3D08333C-C366-425D-8C2D-D05630D68A46}
Smart Defrag 1.20-->"C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
Songbird 1.2.0 (Build 1146)-->"C:\Program Files\Songbird\Songbird-Uninstall.exe"
SoundTrax-->MsiExec.exe /X{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TagScanner 5.0 build 532-->"C:\Program Files\TagScanner\unins000.exe"
Ultimate Extras sounds from Microsoft® Tinker™-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound2.inf,Uninstall
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 1.0.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live Movie Maker Beta-->MsiExec.exe /X{6F6594CB-DA1B-4FFB-B397-CACE3D5F668B}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Sound Schemes-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xilisoft DVD Ripper Ultimate-->C:\Program Files\Xilisoft\DVD Ripper Ultimate 5\Uninstall.exe
Xilisoft Video Converter Ultimate-->C:\Program Files\Xilisoft\Video Converter Ultimate\Uninstall.exe

=====HijackThis Backups=====

O13 - Gopher Prefix: [2009-07-19]
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [2009-07-19]
O20 - Winlogon Notify: rbadzm - rbadzm.dll (file missing) [2009-07-19]
O1 - Hosts: ::1 localhost [2009-07-19]

======Security center information======

AS: Spybot - Search and Destroy (disabled)
AS: Lavasoft Ad-Watch Live!
AS: Windows Defender

======System event log======

Computer Name: Isaac-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948609(Update) into Install Requested(Install Requested) state
Record Number: 25678
Source Name: Microsoft-Windows-Servicing
Time Written: 20090714015108.000000-000
Event Type: Warning
User: Isaac-PC\Isaac

Computer Name: Isaac-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948609(Update) into Install Requested(Install Requested) state
Record Number: 25578
Source Name: Microsoft-Windows-Servicing
Time Written: 20090714015107.000000-000
Event Type: Warning
User: Isaac-PC\Isaac

Computer Name: Isaac-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948609(Update) into Install Requested(Install Requested) state
Record Number: 25573
Source Name: Microsoft-Windows-Servicing
Time Written: 20090714015107.000000-000
Event Type: Warning
User: Isaac-PC\Isaac

Computer Name: Isaac-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948609(Update) into Install Requested(Install Requested) state
Record Number: 25570
Source Name: Microsoft-Windows-Servicing
Time Written: 20090714015107.000000-000
Event Type: Warning
User: Isaac-PC\Isaac

Computer Name: Isaac-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948609(Update) into Install Requested(Install Requested) state
Record Number: 25566
Source Name: Microsoft-Windows-Servicing
Time Written: 20090714015107.000000-000
Event Type: Warning
User: Isaac-PC\Isaac

=====Application event log=====

Computer Name: Isaac-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 68
Source Name: Microsoft-Windows-WMI
Time Written: 20090713234135.000000-000
Event Type: Error
User:

Computer Name: Isaac-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-202862733-1428974592-4276797232-1000:
Process 612 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-202862733-1428974592-4276797232-1000

Record Number: 52
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090713233858.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Isaac-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 25
Source Name: Microsoft-Windows-WMI
Time Written: 20090713132500.000000-000
Event Type: Error
User:

Computer Name: Isaac-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 21
Source Name: Microsoft-Windows-Search
Time Written: 20090713132459.000000-000
Event Type: Warning
User:

Computer Name: 26L2233A3-09
Event Code: 1036
Message: InitializePrintProvider failed for provider inetpp.dll. This can occur because of system instability or a lack of system resources.
Record Number: 12
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20090713123647.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: 26L2233A3-09
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: 26L2233A3-09$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x250
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090713123432.187500-000
Event Type: Audit Success
User:

Computer Name: 26L2233A3-09
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: 26L2233A3-09$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x250
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090713123432.187500-000
Event Type: Audit Success
User:

Computer Name: 26L2233A3-09
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x60261
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090713123430.593750-000
Event Type: Audit Success
User:

Computer Name: 26L2233A3-09
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090713123429.812500-000
Event Type: Audit Success
User:

Computer Name: 26L2233A3-09
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090713123429.812500-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime Alternative\QTSystem\;C:\Program Files\Common Files\Ulead Systems\MPEG
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 26 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=1a05
"NUMBER_OF_PROCESSORS"=8
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 24 July 2009 - 03:37 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 dadrivr

dadrivr
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 24 July 2009 - 03:39 PM

Attached is the gamers log (created in Safe Mode as the program would hang in Windows). It found the .dll file that was recognized as malware by Malwarebytes & Avast (geyek.....dll), yet which has not been successfully removed from my system. Also of note, when I try to access this topic from the infected computer, firefox freezes (it never freezed before) - and it seems to be only from this topic and only from the infected pc. WEIRD. I am posting this from another pc.

Attached Files



#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 24 July 2009 - 03:53 PM

Just do ComboFix step please.. And thank you for the GMER result :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 dadrivr

dadrivr
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 01 August 2009 - 09:52 PM

Sorry for taking so long to reply - I was away on vacation. I ran ComboFix in Safe Mode, but after running for a short time, my pc restarted automatically and wouldn't load the desktop after windows login, so I rebooted manually and ran ComboFix in normal Windows (not in safe mode). When I did that, it restarted after a warning:
"ComboFix has detected the presence of rootkit activity and needs to reboot the machine. Kindly note down on paper, the name of each file. We may need it later. C:\Windows\System 32\geyekriuintqxc.dll"

ComboFix then finished its stages, and it deleted the file, but it did not reboot the system, so I shut it down and restarted it manually. Upon reboot, hundreds of error messages began to appear:
"[insert .exe file here] - bad image
globalroot\systemroot\system 32\geyekriuintqxc.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."

Now, I continually receive this error and my browser (firefox) still hangs when opening this thread (and only this thread), which makes me think the virus is still there. Thanks so much for your help. I am attaching both ComboFix logs (one in safe mode, and the 2nd in normal windows):

Log 1 (SAFE MODE)
ComboFix 09-07-31.04 - Isaac 08/01/2009 13:29.1.8 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2550.1563 [GMT -5:00]
Running from: c:\users\Isaac\Desktop\Combo-Fix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

Overlay aborted ... Please run ComboFix once more
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\rbadza.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_rbadza


((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 )))))))))))))))))))))))))))))))
.

2009-07-24 12:16 . 2009-07-24 12:17 -------- d-----w- c:\program files\ERUNT
2009-07-24 04:54 . 2009-07-24 04:54 -------- d-----w- C:\rsit
2009-07-24 02:46 . 2009-07-24 02:46 -------- d-----w- c:\program files\iPod
2009-07-19 23:32 . 2009-07-19 23:35 -------- d-----r- c:\users\Isaac\Backup
2009-07-18 15:53 . 2009-07-18 15:53 -------- d-----w- c:\users\Isaac\AppData\Local\Scansoft
2009-07-18 05:55 . 2009-07-18 05:55 -------- d-----r- c:\users\Isaac\AppData\Roaming\Brother
2009-07-18 05:38 . 2009-07-18 05:40 65 ----a-w- c:\windows\system32\bd7840w.dat
2009-07-18 05:36 . 2008-01-23 22:22 1397248 ----a-w- c:\windows\system32\BrWia07b.dll
2009-07-18 05:36 . 2007-08-20 06:34 94208 ----a-w- c:\windows\system32\BRRBTOOL.EXE
2009-07-18 05:35 . 2008-02-01 23:08 102400 ------w- c:\windows\system32\BrMfNt.dll
2009-07-18 05:35 . 2007-11-11 19:31 167936 ------w- c:\windows\system32\NSSearch.dll
2009-07-18 05:35 . 2007-07-25 06:04 126976 ------w- c:\windows\system32\BrfxD05a.dll
2009-07-18 05:35 . 2007-02-15 18:54 131072 ----a-w- c:\windows\brunin03.dll
2009-07-18 05:35 . 2006-07-07 17:40 73728 ------w- c:\windows\system32\BRCrypt.dll
2009-07-18 05:35 . 2002-11-26 18:43 106496 ------w- c:\windows\system32\BrMuSNMP.dll
2009-07-18 05:34 . 2009-07-18 05:34 10134 ----a-r- c:\users\Isaac\AppData\Roaming\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe
2009-07-18 05:34 . 2009-07-18 05:34 -------- d-----w- c:\program files\Nuance
2009-07-18 05:33 . 2009-07-18 05:33 -------- d-----w- c:\progra~2\InstallShield
2009-07-18 05:32 . 2009-07-18 05:33 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-07-18 05:32 . 2009-07-18 05:32 -------- d-----w- c:\program files\ScanSoft
2009-07-18 05:32 . 2009-07-18 05:33 -------- d-----w- c:\progra~2\ScanSoft
2009-07-18 05:27 . 2009-07-18 05:27 -------- d-----w- c:\progra~2\Brother
2009-07-18 04:45 . 2009-07-18 05:54 -------- d-----w- c:\users\Isaac\AppData\Local\Adobe
2009-07-18 04:14 . 2009-07-18 04:14 -------- d-----w- c:\users\Isaac\AppData\Roaming\Sync App Settings
2009-07-17 01:23 . 2009-06-21 03:01 77824 ----a-w- c:\users\Isaac\AppData\Roaming\Songbird2\Profiles\9xrirgn9.default\extensions\mintrayr@tn123.ath.cx\components\trayToolkit.dll
2009-07-17 01:23 . 2009-06-16 08:08 270336 ----a-w- c:\users\Isaac\AppData\Roaming\Songbird2\Profiles\9xrirgn9.default\extensions\windowsmedia@songbirdnest.com\platform\WINNT_x86-msvc\components\sbWindowsMediacore.dll
2009-07-17 01:23 . 2009-06-16 08:08 106496 ----a-w- c:\users\Isaac\AppData\Roaming\Songbird2\Profiles\9xrirgn9.default\extensions\quicktime@songbirdnest.com\platform\WINNT_x86-msvc\components\sbQuickTimeMediacore.dll
2009-07-17 01:05 . 2009-06-16 08:08 569344 ----a-w- c:\users\Isaac\AppData\Roaming\Songbird2\Profiles\9xrirgn9.default\extensions\mtp@songbirdnest.com\components\sbMTPWin32.dll
2009-07-17 00:52 . 2009-07-24 04:41 -------- d-----w- c:\users\Isaac\AppData\Roaming\Songbird2
2009-07-17 00:52 . 2009-07-17 01:00 -------- d-----w- c:\users\Isaac\AppData\Local\Songbird2
2009-07-17 00:51 . 2009-07-17 00:51 -------- d-----w- c:\users\Isaac\AppData\Roaming\Media Player Classic
2009-07-16 22:55 . 2009-07-16 22:55 -------- d-----w- c:\users\Isaac\AppData\Local\Apps
2009-07-16 21:39 . 2009-07-16 21:39 -------- d-----w- c:\users\Isaac\AppData\Local\Nero
2009-07-16 20:47 . 2009-07-16 20:47 0 ----a-w- c:\windows\system32\drivers\nwlnkfwd.sys
2009-07-16 20:47 . 2009-07-16 20:47 0 ----a-w- c:\windows\system32\drivers\nwlnkflt.sys
2009-07-16 20:47 . 2009-07-16 20:47 0 ----a-w- c:\windows\system32\drivers\ipinip.sys
2009-07-16 19:54 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-16 19:54 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-16 19:54 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-16 19:54 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-16 19:54 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-16 19:54 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-16 19:54 . 2009-02-05 20:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-07-16 19:54 . 2009-07-16 19:54 -------- d-----w- c:\program files\Alwil Software
2009-07-16 04:10 . 2009-07-16 04:10 -------- d--h--w- c:\windows\PIF
2009-07-16 02:32 . 2009-07-16 03:32 -------- d-----w- c:\progra~2\19523284
2009-07-16 01:20 . 2009-07-16 01:21 -------- d-----w- c:\users\Isaac\AppData\Roaming\Nero
2009-07-16 00:46 . 2009-05-08 22:14 19096 ----a-w- c:\windows\system32\drivers\InCDRec.sys
2009-07-16 00:46 . 2009-05-08 22:14 129944 ----a-w- c:\windows\system32\drivers\InCDFs.sys
2009-07-16 00:46 . 2009-05-08 22:14 48280 ----a-w- c:\windows\system32\drivers\InCDPass.sys
2009-07-16 00:45 . 2009-07-16 00:54 -------- d-----w- c:\program files\Nero
2009-07-16 00:45 . 2009-07-16 00:49 -------- d-----w- c:\progra~2\Nero
2009-07-16 00:45 . 2009-07-16 00:56 -------- d-----w- c:\program files\Common Files\Nero
2009-07-15 23:29 . 2009-07-16 02:17 -------- d-----w- c:\program files\PowerISO
2009-07-15 23:24 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 23:24 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 23:24 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 23:24 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 23:24 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 05:20 . 2009-07-18 13:18 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-15 05:09 . 2009-07-15 05:09 -------- d-----w- c:\progra~2\Sync App Settings
2009-07-15 05:07 . 2009-07-15 05:07 -------- d-----w- c:\users\Isaac\AppData\Roaming\Xilisoft Corporation
2009-07-15 05:04 . 2009-07-15 05:07 -------- d-----w- c:\program files\Xilisoft
2009-07-15 05:02 . 2009-07-15 05:02 -------- d-----w- c:\users\Isaac\AppData\Local\Easy CD-DA Extractor
2009-07-15 05:01 . 2009-07-15 05:01 -------- d-----w- c:\progra~2\Easy CD-DA Extractor
2009-07-15 05:01 . 2009-07-15 05:03 -------- d-----w- c:\program files\Easy CD-DA Extractor 12
2009-07-15 05:01 . 2009-07-15 05:01 -------- d-----w- c:\windows\Easy CD-DA Extractor 12
2009-07-15 04:58 . 2009-07-15 05:17 -------- d-----w- c:\users\Isaac\AppData\Roaming\Ulead Systems
2009-07-15 04:55 . 2009-07-15 04:55 -------- d-----w- c:\progra~2\InterVideo
2009-07-15 04:55 . 2008-04-02 02:40 209040 ----a-w- c:\windows\system32\IVIresizeW7.dll
2009-07-15 04:55 . 2008-04-02 02:40 196752 ----a-w- c:\windows\system32\IVIresizeP6.dll
2009-07-15 04:55 . 2008-04-02 02:40 192656 ----a-w- c:\windows\system32\IVIresizePX.dll
2009-07-15 04:55 . 2008-04-02 02:40 196752 ----a-w- c:\windows\system32\IVIresizeM6.dll
2009-07-15 04:55 . 2008-04-02 02:40 204944 ----a-w- c:\windows\system32\IVIresizeA6.dll
2009-07-15 04:55 . 2008-04-02 02:40 24720 ----a-w- c:\windows\system32\IVIresize.dll
2009-07-15 04:54 . 2009-07-15 04:54 -------- d-----w- c:\program files\Windows Media Components
2009-07-15 04:54 . 2009-07-15 04:58 -------- d-----w- c:\progra~2\Ulead Systems
2009-07-15 04:54 . 2009-07-15 04:54 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-07-15 04:52 . 2009-07-15 04:54 -------- d-----w- c:\program files\Corel
2009-07-15 04:46 . 2009-01-09 17:46 39776 ----a-w- c:\windows\system32\DfSdkBt64.exe
2009-07-15 04:46 . 2009-01-09 17:46 33632 ----a-w- c:\windows\system32\DfSdkBt.exe
2009-07-15 04:46 . 2009-07-15 04:46 -------- d-----w- c:\program files\Ashampoo
2009-07-15 04:43 . 2009-07-15 04:43 -------- d-----w- c:\program files\Allway Sync
2009-07-15 04:41 . 2009-07-15 04:41 -------- d-----w- c:\program files\MSXML 4.0
2009-07-15 04:41 . 2009-07-15 04:41 -------- d-----w- c:\program files\Common Files\Microsoft Games
2009-07-15 04:20 . 2009-07-15 04:20 -------- d-----w- c:\program files\ASUS
2009-07-15 03:57 . 2009-07-15 03:57 -------- d-----w- c:\program files\Activision
2009-07-15 03:52 . 2009-07-15 03:52 121383 ----a-w- c:\windows\File Renamer - Basic Uninstaller.exe
2009-07-15 03:52 . 2009-07-15 03:52 -------- d-----w- c:\program files\File Renamer
2009-07-15 03:52 . 2009-07-15 03:52 -------- d-----w- C:\!KillBox
2009-07-15 03:51 . 2009-07-15 03:51 -------- d-----w- c:\program files\Camtech
2009-07-15 03:47 . 2009-07-15 03:47 -------- d-----w- c:\program files\CCleaner
2009-07-15 03:45 . 2009-07-15 03:45 -------- d-----w- c:\users\Isaac\AppData\Roaming\Desktopicon
2009-07-15 03:45 . 2009-07-15 03:45 -------- d-----w- c:\program files\Unlocker
2009-07-15 03:43 . 2009-07-15 03:43 -------- d-----w- c:\users\Isaac\AppData\Roaming\Malwarebytes
2009-07-15 03:42 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-15 03:42 . 2009-07-15 03:42 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-15 03:42 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-15 03:42 . 2009-07-15 03:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-15 03:42 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-15 03:41 . 2009-07-15 03:42 -------- dc-h--w- c:\progra~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-15 03:41 . 2009-07-15 03:42 -------- d-----w- c:\progra~2\Lavasoft
2009-07-15 03:41 . 2009-07-15 03:41 -------- d-----w- c:\program files\Lavasoft
2009-07-15 03:34 . 2009-07-15 03:36 -------- d-----w- c:\users\Isaac\AppData\Roaming\IObit
2009-07-15 03:34 . 2009-07-15 03:36 -------- d-----w- c:\program files\IObit
2009-07-15 03:33 . 2009-07-18 18:49 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-07-15 03:33 . 2009-07-16 02:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-15 03:30 . 2009-07-15 03:30 -------- d-----w- c:\program files\SpeedFan
2009-07-15 03:29 . 2009-07-15 03:29 -------- d-----w- c:\program files\Trend Micro
2009-07-15 03:21 . 2009-07-15 03:21 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-07-15 03:21 . 2009-07-15 03:21 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-07-15 03:20 . 2009-07-15 03:20 -------- d-----w- c:\program files\MusicBrainz Picard
2009-07-15 03:20 . 2009-07-15 03:20 -------- d-----w- c:\program files\TagScanner
2009-07-15 03:13 . 2009-07-15 03:13 -------- d-----w- c:\program files\Sling Media
2009-07-15 03:13 . 2009-07-15 03:13 -------- d-----w- c:\progra~2\Sling Media
2009-07-15 03:11 . 2009-07-15 03:11 -------- d-----w- c:\progra~2\Last.fm
2009-07-15 03:10 . 2009-07-15 03:10 -------- d-----w- c:\windows\Downloaded Installations
2009-07-15 03:07 . 2009-07-15 03:07 -------- d-----w- c:\users\Isaac\AppData\Local\Apple Computer
2009-07-15 03:07 . 2009-07-17 03:45 -------- d-----w- c:\users\Isaac\AppData\Roaming\Apple Computer
2009-07-15 03:06 . 2009-07-16 00:46 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-15 03:06 . 2009-03-19 21:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-15 03:06 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-07-15 03:05 . 2009-07-24 02:46 -------- d-----w- c:\program files\iTunes
2009-07-15 03:05 . 2009-07-15 03:06 -------- d-----w- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-15 03:04 . 2009-07-15 03:04 -------- d-----w- c:\users\Isaac\AppData\Local\Last.fm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 21:58 . 2009-07-14 05:04 56263 ----a-w- c:\progra~2\nvModes.dat
2009-07-19 04:39 . 2009-07-13 23:29 1356 ----a-w- c:\users\Isaac\AppData\Local\d3d9caps.dat
2009-07-18 15:53 . 2009-07-13 23:29 73112 ----a-w- c:\users\Isaac\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-18 05:36 . 2009-07-18 05:35 -------- d-----w- c:\program files\Brother
2009-07-15 23:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 04:25 . 2006-11-02 12:35 -------- d-----w- c:\program files\Microsoft Games
2009-07-14 05:07 . 2009-07-14 05:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-07-14 04:34 . 2009-07-14 04:34 -------- d-----w- c:\program files\EVGA Precision
2009-07-14 04:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-07-14 04:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-07-14 04:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-14 04:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2009-07-14 04:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-07-14 04:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-07-14 04:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-14 04:14 . 2006-11-02 12:35 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-14 03:53 . 2009-07-14 03:56 37390 ----a-w- c:\windows\inf\PERFLIB\040C\perfd.dat
2009-07-14 03:53 . 2009-07-14 03:56 37390 ----a-w- c:\windows\inf\PERFLIB\040C\perfc.dat
2009-07-14 03:53 . 2009-07-14 03:56 340236 ----a-w- c:\windows\inf\PERFLIB\040C\perfi.dat
2009-07-14 03:53 . 2009-07-14 03:56 340236 ----a-w- c:\windows\inf\PERFLIB\040C\perfh.dat
2009-06-10 13:35 . 2009-06-10 13:35 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-06-10 13:35 . 2009-06-10 13:35 1296928 ----a-w- c:\windows\system32\nvsvs.dll
2009-06-10 13:34 . 2009-06-10 13:34 3123744 ----a-w- c:\windows\system32\nvwss.dll
2009-06-10 13:34 . 2009-06-10 13:34 4045344 ----a-w- c:\windows\system32\nvvitvs.dll
2009-06-10 13:34 . 2009-06-10 13:34 4028960 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 13:34 . 2009-06-10 13:34 3516960 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 13:34 . 2009-06-10 13:34 211488 ----a-w- c:\windows\system32\nvvsvc.exe
2009-06-10 13:34 . 2009-06-10 13:34 195104 ----a-w- c:\windows\system32\nvmccss.dll
2009-06-10 13:34 . 2009-06-10 13:34 1288736 ----a-w- c:\windows\system32\nvmobls.dll
2009-06-10 13:34 . 2009-06-10 13:34 92704 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 13:34 . 2009-06-10 13:34 768544 ----a-w- c:\windows\system32\nvsvc.dll
2009-06-10 13:34 . 2009-06-10 13:34 143360 ----a-w- c:\windows\system32\nvshext.dll
2009-06-10 13:34 . 2009-06-10 13:34 13785632 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 11:33 . 2009-06-10 11:33 244736 ----a-w- c:\windows\system32\nvStInst.exe
2009-06-10 11:33 . 2009-06-10 11:33 467968 ----a-w- c:\windows\system32\nvstlink.exe
2009-06-10 11:33 . 2009-06-10 11:33 3953152 ----a-w- c:\windows\system32\nvstwiz.exe
2009-06-10 11:33 . 2009-06-10 11:33 141824 ----a-w- c:\windows\system32\nvStereoApiI.dll
2009-06-10 11:33 . 2009-06-10 11:33 171520 ----a-w- c:\windows\system32\nvStereoApiI64.dll
2009-06-10 11:33 . 2009-06-10 11:33 232960 ----a-w- c:\windows\system32\nvSCPAPISvr.exe
2009-06-10 11:32 . 2009-06-10 11:32 257536 ----a-w- c:\windows\system32\nvSCPAPI.dll
2009-06-10 11:32 . 2009-06-10 11:32 301568 ----a-w- c:\windows\system32\nvSCPAPI64.dll
2009-06-10 11:32 . 2009-06-10 11:32 3293184 ----a-w- c:\windows\system32\nvstres.dll
2009-06-10 11:32 . 2009-06-10 11:32 5847 ----a-w- c:\windows\system32\oglstreg.reg
2009-06-10 11:31 . 2009-06-10 11:31 167424 ----a-w- c:\windows\system32\nvstreg.exe
2009-06-10 11:31 . 2009-06-10 11:31 1718272 ----a-w- c:\windows\system32\nvsttest.exe
2009-06-10 11:31 . 2009-06-10 11:31 1034752 ----a-w- c:\windows\system32\nvstview.exe
2009-06-10 11:31 . 2009-06-10 11:31 89088 ----a-w- c:\windows\system32\nvimage.dll
2009-06-10 11:29 . 2009-06-10 11:29 1656 ----a-w- c:\windows\system32\nvstdef.reg
2009-06-10 11:03 . 2009-06-10 11:03 9899296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-06-10 11:03 . 2009-06-10 11:03 678432 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 11:03 . 2009-06-10 11:03 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 11:03 . 2009-06-10 11:03 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-06-10 11:03 . 2009-06-10 11:03 3148288 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-06-10 11:03 . 2009-06-10 11:03 1704960 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 11:03 . 2009-06-10 11:03 151552 ----a-w- c:\windows\system32\nvcod155.dll
2009-06-10 11:03 . 2009-06-10 11:03 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 11:03 . 2009-06-10 11:03 1317408 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 11:03 . 2009-06-10 11:03 10379264 ----a-w- c:\windows\system32\nvoglv32.dll
2009-06-10 11:03 . 2008-10-25 20:00 989696 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 11:03 . 2008-10-25 20:00 7611904 ----a-w- c:\windows\system32\nvd3dum.dll
2009-07-18 05:24 . 2009-07-14 05:13 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2009-05-08 22:14 97816 ----a-w- c:\program files\Nero\Nero 9\InCD\NBHshx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"sbitunesagent"="c:\program files\Songbird\songbirditunesagent.exe" [2009-06-16 229376]
"Allway Sync"="c:\program files\Allway Sync\Bin\syncappw.exe" [2009-05-05 79576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13785632]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-25 7289376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-15 148888]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-05-26 413696]
"InCD"="c:\program files\Nero\Nero 9\InCD\InCD.exe" [2009-05-08 1116696]
"NBHGui"="c:\program files\Nero\Nero 9\InCD\NBHGui.exe" [2009-05-08 1593880]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-06 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

c:\users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:thumbup2::32,71,31,ee,3a,04,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-202862733-1428974592-4276797232-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{67780A64-9263-4B8D-8599-EB2FB2E78AD4}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{E6272645-8ABB-473F-8267-CC41B0D51CDE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{59499F6C-58B5-4DB3-AE51-02C5BA05FA0B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{17F6672B-EF07-453D-97C1-6D12341BC0A8}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{BAA9962E-B993-47E7-BAED-307DB9C322E0}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{00B9139F-4575-4C36-A01E-DD514D51875E}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{0AA8035D-F1D0-4075-BCE0-57389EEEAEA1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D15A0CD8-9EB8-4A09-BC30-4432B4D2C6E2}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2D1B45AB-0DB2-4E35-9FEC-983F6C73A735}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{91FA60A7-D08B-494C-898A-32841D0A01E4}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5872C6F1-FC66-420D-8F62-253ECC625629}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{73BE5790-3CB4-4B36-8D2F-9A984D50FDA5}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™
"{6CF31DB6-CCEA-4C41-814F-19D7DE3FEBE8}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™
"{00B65CCF-EECC-4D71-9425-192D4DBEBBDA}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™
"{CA7F68F6-F45F-499A-9614-393DBDEAC525}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™
"{FADFC85E-EE78-405C-9D2C-2455B1FF6E0D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{86C90950-D078-4BB1-8687-36F69393FDBB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [7/14/2009 10:42 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [7/16/2009 2:54 PM 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [7/14/2009 12:21 AM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [7/14/2009 12:21 AM 108552]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [7/16/2009 2:54 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [7/16/2009 2:54 PM 51792]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/14/2009 12:21 AM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/14/2009 12:21 AM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [5/8/2009 5:14 PM 109080]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [7/14/2009 10:33 PM 1153368]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [4/27/2009 6:09 PM 93960]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [6/10/2009 6:33 AM 232960]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/14/2009 9:23 PM 133104]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [7/14/2009 11:46 PM 410976]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-rbadza.sys


.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\knjhyh24.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\knjhyh24.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\knjhyh24.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\knjhyh24.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-01 16:59
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5628)
c:\program files\Nero\Nero 9\InCD\NBHshx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\nvvsvc.exe
c:\program files\Nero\Nero 9\InCD\InCDSrv.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\IObit\Advanced SystemCare 3\AWC.exe
c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\conime.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-01 17:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-01 22:02

Pre-Run: 677,006,127,104 bytes free
Post-Run: 677,054,009,344 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
413 --- E O F --- 2009-07-24 01:57









Log 2 (NORMAL WINDOWS)
ComboFix 09-07-31.04 - Isaac 08/01/2009 17:14.2.8 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2550.988 [GMT -5:00]
Running from: c:\users\Isaac\Desktop\Combo-Fix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\geyekriuintqxc.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 )))))))))))))))))))))))))))))))
.

2009-07-24 12:16 . 2009-07-24 12:17 -------- d-----w- c:\program files\ERUNT
2009-07-24 04:54 . 2009-07-24 04:54 -------- d-----w- C:\rsit
2009-07-24 02:46 . 2009-07-24 02:46 -------- d-----w- c:\program files\iPod
2009-07-19 23:32 . 2009-07-19 23:35 -------- d-----r- c:\users\Isaac\Backup
2009-07-18 15:53 . 2009-07-18 15:53 -------- d-----w- c:\users\Isaac\AppData\Local\Scansoft
2009-07-18 05:55 . 2009-07-18 05:55 -------- d-----r- c:\users\Isaac\AppData\Roaming\Brother
2009-07-18 05:38 . 2009-07-18 05:40 65 ----a-w- c:\windows\system32\bd7840w.dat
2009-07-18 05:36 . 2008-01-23 22:22 1397248 ----a-w- c:\windows\system32\BrWia07b.dll
2009-07-18 05:36 . 2007-08-20 06:34 94208 ----a-w- c:\windows\system32\BRRBTOOL.EXE
2009-07-18 05:35 . 2008-02-01 23:08 102400 ------w- c:\windows\system32\BrMfNt.dll
2009-07-18 05:35 . 2007-11-11 19:31 167936 ------w- c:\windows\system32\NSSearch.dll
2009-07-18 05:35 . 2007-07-25 06:04 126976 ------w- c:\windows\system32\BrfxD05a.dll
2009-07-18 05:35 . 2007-02-15 18:54 131072 ----a-w- c:\windows\brunin03.dll
2009-07-18 05:35 . 2006-07-07 17:40 73728 ------w- c:\windows\system32\BRCrypt.dll
2009-07-18 05:35 . 2002-11-26 18:43 106496 ------w- c:\windows\system32\BrMuSNMP.dll
2009-07-18 05:34 . 2009-07-18 05:34 10134 ----a-r- c:\users\Isaac\AppData\Roaming\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe
2009-07-18 05:34 . 2009-07-18 05:34 -------- d-----w- c:\program files\Nuance
2009-07-18 05:33 . 2009-07-18 05:33 -------- d-----w- c:\progra~2\InstallShield
2009-07-18 05:32 . 2009-07-18 05:33 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-07-18 05:32 . 2009-07-18 05:32 -------- d-----w- c:\program files\ScanSoft
2009-07-18 05:32 . 2009-07-18 05:33 -------- d-----w- c:\progra~2\ScanSoft
2009-07-18 05:27 . 2009-07-18 05:27 -------- d-----w- c:\progra~2\Brother
2009-07-18 04:45 . 2009-07-18 05:54 -------- d-----w- c:\users\Isaac\AppData\Local\Adobe
2009-07-18 04:14 . 2009-07-18 04:14 -------- d-----w- c:\users\Isaac\AppData\Roaming\Sync App Settings
2009-07-17 01:23 . 2009-06-21 03:01 77824 ----a-w- c:\users\Isaac\AppData\Roaming\Songbird2\Profiles\9xrirgn9.default\extensions\mintrayr@tn123.ath.cx\components\trayToolkit.dll
2009-07-17 01:23 . 2009-06-16 08:08 270336 ----a-w- c:\users\Isaac\AppData\Roaming\Songbird2\Profiles\9xrirgn9.default\extensions\windowsmedia@songbirdnest.com\platform\WINNT_x86-msvc\components\sbWindowsMediacore.dll
2009-07-17 01:23 . 2009-06-16 08:08 106496 ----a-w- c:\users\Isaac\AppData\Roaming\Songbird2\Profiles\9xrirgn9.default\extensions\quicktime@songbirdnest.com\platform\WINNT_x86-msvc\components\sbQuickTimeMediacore.dll
2009-07-17 01:05 . 2009-06-16 08:08 569344 ----a-w- c:\users\Isaac\AppData\Roaming\Songbird2\Profiles\9xrirgn9.default\extensions\mtp@songbirdnest.com\components\sbMTPWin32.dll
2009-07-17 00:52 . 2009-07-24 04:41 -------- d-----w- c:\users\Isaac\AppData\Roaming\Songbird2
2009-07-17 00:52 . 2009-07-17 01:00 -------- d-----w- c:\users\Isaac\AppData\Local\Songbird2
2009-07-17 00:51 . 2009-07-17 00:51 -------- d-----w- c:\users\Isaac\AppData\Roaming\Media Player Classic
2009-07-16 22:55 . 2009-07-16 22:55 -------- d-----w- c:\users\Isaac\AppData\Local\Apps
2009-07-16 21:39 . 2009-07-16 21:39 -------- d-----w- c:\users\Isaac\AppData\Local\Nero
2009-07-16 20:47 . 2009-07-16 20:47 0 ----a-w- c:\windows\system32\drivers\nwlnkfwd.sys
2009-07-16 20:47 . 2009-07-16 20:47 0 ----a-w- c:\windows\system32\drivers\nwlnkflt.sys
2009-07-16 20:47 . 2009-07-16 20:47 0 ----a-w- c:\windows\system32\drivers\ipinip.sys
2009-07-16 19:54 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-16 19:54 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-16 19:54 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-16 19:54 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-16 19:54 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-16 19:54 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-16 19:54 . 2009-02-05 20:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-07-16 19:54 . 2009-07-16 19:54 -------- d-----w- c:\program files\Alwil Software
2009-07-16 04:10 . 2009-07-16 04:10 -------- d--h--w- c:\windows\PIF
2009-07-16 02:32 . 2009-07-16 03:32 -------- d-----w- c:\progra~2\19523284
2009-07-16 01:20 . 2009-07-16 01:21 -------- d-----w- c:\users\Isaac\AppData\Roaming\Nero
2009-07-16 00:46 . 2009-05-08 22:14 19096 ----a-w- c:\windows\system32\drivers\InCDRec.sys
2009-07-16 00:46 . 2009-05-08 22:14 129944 ----a-w- c:\windows\system32\drivers\InCDFs.sys
2009-07-16 00:46 . 2009-05-08 22:14 48280 ----a-w- c:\windows\system32\drivers\InCDPass.sys
2009-07-16 00:45 . 2009-07-16 00:54 -------- d-----w- c:\program files\Nero
2009-07-16 00:45 . 2009-07-16 00:49 -------- d-----w- c:\progra~2\Nero
2009-07-16 00:45 . 2009-07-16 00:56 -------- d-----w- c:\program files\Common Files\Nero
2009-07-15 23:29 . 2009-07-16 02:17 -------- d-----w- c:\program files\PowerISO
2009-07-15 23:24 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 23:24 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 23:24 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 23:24 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 23:24 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 05:20 . 2009-07-18 13:18 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-15 05:09 . 2009-07-15 05:09 -------- d-----w- c:\progra~2\Sync App Settings
2009-07-15 05:07 . 2009-07-15 05:07 -------- d-----w- c:\users\Isaac\AppData\Roaming\Xilisoft Corporation
2009-07-15 05:04 . 2009-07-15 05:07 -------- d-----w- c:\program files\Xilisoft
2009-07-15 05:02 . 2009-07-15 05:02 -------- d-----w- c:\users\Isaac\AppData\Local\Easy CD-DA Extractor
2009-07-15 05:01 . 2009-07-15 05:01 -------- d-----w- c:\progra~2\Easy CD-DA Extractor
2009-07-15 05:01 . 2009-07-15 05:03 -------- d-----w- c:\program files\Easy CD-DA Extractor 12
2009-07-15 05:01 . 2009-07-15 05:01 -------- d-----w- c:\windows\Easy CD-DA Extractor 12
2009-07-15 04:58 . 2009-07-15 05:17 -------- d-----w- c:\users\Isaac\AppData\Roaming\Ulead Systems
2009-07-15 04:55 . 2009-07-15 04:55 -------- d-----w- c:\progra~2\InterVideo
2009-07-15 04:55 . 2008-04-02 02:40 209040 ----a-w- c:\windows\system32\IVIresizeW7.dll
2009-07-15 04:55 . 2008-04-02 02:40 196752 ----a-w- c:\windows\system32\IVIresizeP6.dll
2009-07-15 04:55 . 2008-04-02 02:40 192656 ----a-w- c:\windows\system32\IVIresizePX.dll
2009-07-15 04:55 . 2008-04-02 02:40 196752 ----a-w- c:\windows\system32\IVIresizeM6.dll
2009-07-15 04:55 . 2008-04-02 02:40 204944 ----a-w- c:\windows\system32\IVIresizeA6.dll
2009-07-15 04:55 . 2008-04-02 02:40 24720 ----a-w- c:\windows\system32\IVIresize.dll
2009-07-15 04:54 . 2009-07-15 04:54 -------- d-----w- c:\program files\Windows Media Components
2009-07-15 04:54 . 2009-07-15 04:58 -------- d-----w- c:\progra~2\Ulead Systems
2009-07-15 04:54 . 2009-07-15 04:54 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-07-15 04:52 . 2009-07-15 04:54 -------- d-----w- c:\program files\Corel
2009-07-15 04:46 . 2009-01-09 17:46 39776 ----a-w- c:\windows\system32\DfSdkBt64.exe
2009-07-15 04:46 . 2009-01-09 17:46 33632 ----a-w- c:\windows\system32\DfSdkBt.exe
2009-07-15 04:46 . 2009-07-15 04:46 -------- d-----w- c:\program files\Ashampoo
2009-07-15 04:43 . 2009-07-15 04:43 -------- d-----w- c:\program files\Allway Sync
2009-07-15 04:41 . 2009-07-15 04:41 -------- d-----w- c:\program files\MSXML 4.0
2009-07-15 04:41 . 2009-07-15 04:41 -------- d-----w- c:\program files\Common Files\Microsoft Games
2009-07-15 04:20 . 2009-07-15 04:20 -------- d-----w- c:\program files\ASUS
2009-07-15 03:57 . 2009-07-15 03:57 -------- d-----w- c:\program files\Activision
2009-07-15 03:52 . 2009-07-15 03:52 121383 ----a-w- c:\windows\File Renamer - Basic Uninstaller.exe
2009-07-15 03:52 . 2009-07-15 03:52 -------- d-----w- c:\program files\File Renamer
2009-07-15 03:52 . 2009-07-15 03:52 -------- d-----w- C:\!KillBox
2009-07-15 03:51 . 2009-07-15 03:51 -------- d-----w- c:\program files\Camtech
2009-07-15 03:47 . 2009-07-15 03:47 -------- d-----w- c:\program files\CCleaner
2009-07-15 03:45 . 2009-07-15 03:45 -------- d-----w- c:\users\Isaac\AppData\Roaming\Desktopicon
2009-07-15 03:45 . 2009-07-15 03:45 -------- d-----w- c:\program files\Unlocker
2009-07-15 03:43 . 2009-07-15 03:43 -------- d-----w- c:\users\Isaac\AppData\Roaming\Malwarebytes
2009-07-15 03:42 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-15 03:42 . 2009-07-15 03:42 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-15 03:42 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-15 03:42 . 2009-07-15 03:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-15 03:42 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-15 03:41 . 2009-07-15 03:42 -------- dc-h--w- c:\progra~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-15 03:41 . 2009-07-15 03:42 -------- d-----w- c:\progra~2\Lavasoft
2009-07-15 03:41 . 2009-07-15 03:41 -------- d-----w- c:\program files\Lavasoft
2009-07-15 03:34 . 2009-07-15 03:36 -------- d-----w- c:\users\Isaac\AppData\Roaming\IObit
2009-07-15 03:34 . 2009-07-15 03:36 -------- d-----w- c:\program files\IObit
2009-07-15 03:33 . 2009-07-18 18:49 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-07-15 03:33 . 2009-07-16 02:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-15 03:30 . 2009-07-15 03:30 -------- d-----w- c:\program files\SpeedFan
2009-07-15 03:29 . 2009-07-15 03:29 -------- d-----w- c:\program files\Trend Micro
2009-07-15 03:21 . 2009-07-15 03:21 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-07-15 03:21 . 2009-07-15 03:21 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-07-15 03:20 . 2009-07-15 03:20 -------- d-----w- c:\program files\MusicBrainz Picard
2009-07-15 03:20 . 2009-07-15 03:20 -------- d-----w- c:\program files\TagScanner
2009-07-15 03:13 . 2009-07-15 03:13 -------- d-----w- c:\program files\Sling Media
2009-07-15 03:13 . 2009-07-15 03:13 -------- d-----w- c:\progra~2\Sling Media
2009-07-15 03:11 . 2009-07-15 03:11 -------- d-----w- c:\progra~2\Last.fm
2009-07-15 03:10 . 2009-07-15 03:10 -------- d-----w- c:\windows\Downloaded Installations
2009-07-15 03:07 . 2009-07-15 03:07 -------- d-----w- c:\users\Isaac\AppData\Local\Apple Computer
2009-07-15 03:07 . 2009-07-17 03:45 -------- d-----w- c:\users\Isaac\AppData\Roaming\Apple Computer
2009-07-15 03:06 . 2009-07-16 00:46 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-15 03:06 . 2009-03-19 21:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-15 03:06 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-07-15 03:05 . 2009-07-24 02:46 -------- d-----w- c:\program files\iTunes
2009-07-15 03:05 . 2009-07-15 03:06 -------- d-----w- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-15 03:04 . 2009-07-15 03:04 -------- d-----w- c:\users\Isaac\AppData\Local\Last.fm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 22:28 . 2009-07-14 05:04 56263 ----a-w- c:\progra~2\nvModes.dat
2009-07-19 04:39 . 2009-07-13 23:29 1356 ----a-w- c:\users\Isaac\AppData\Local\d3d9caps.dat
2009-07-18 15:53 . 2009-07-13 23:29 73112 ----a-w- c:\users\Isaac\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-18 05:36 . 2009-07-18 05:35 -------- d-----w- c:\program files\Brother
2009-07-15 23:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 04:25 . 2006-11-02 12:35 -------- d-----w- c:\program files\Microsoft Games
2009-07-14 05:07 . 2009-07-14 05:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-07-14 04:34 . 2009-07-14 04:34 -------- d-----w- c:\program files\EVGA Precision
2009-07-14 04:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-07-14 04:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-07-14 04:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-14 04:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2009-07-14 04:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-07-14 04:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-07-14 04:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-14 04:14 . 2006-11-02 12:35 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-14 03:53 . 2009-07-14 03:56 37390 ----a-w- c:\windows\inf\PERFLIB\040C\perfd.dat
2009-07-14 03:53 . 2009-07-14 03:56 37390 ----a-w- c:\windows\inf\PERFLIB\040C\perfc.dat
2009-07-14 03:53 . 2009-07-14 03:56 340236 ----a-w- c:\windows\inf\PERFLIB\040C\perfi.dat
2009-07-14 03:53 . 2009-07-14 03:56 340236 ----a-w- c:\windows\inf\PERFLIB\040C\perfh.dat
2009-06-10 13:35 . 2009-06-10 13:35 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-06-10 13:35 . 2009-06-10 13:35 1296928 ----a-w- c:\windows\system32\nvsvs.dll
2009-06-10 13:34 . 2009-06-10 13:34 3123744 ----a-w- c:\windows\system32\nvwss.dll
2009-06-10 13:34 . 2009-06-10 13:34 4045344 ----a-w- c:\windows\system32\nvvitvs.dll
2009-06-10 13:34 . 2009-06-10 13:34 4028960 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 13:34 . 2009-06-10 13:34 3516960 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 13:34 . 2009-06-10 13:34 211488 ----a-w- c:\windows\system32\nvvsvc.exe
2009-06-10 13:34 . 2009-06-10 13:34 195104 ----a-w- c:\windows\system32\nvmccss.dll
2009-06-10 13:34 . 2009-06-10 13:34 1288736 ----a-w- c:\windows\system32\nvmobls.dll
2009-06-10 13:34 . 2009-06-10 13:34 92704 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 13:34 . 2009-06-10 13:34 768544 ----a-w- c:\windows\system32\nvsvc.dll
2009-06-10 13:34 . 2009-06-10 13:34 143360 ----a-w- c:\windows\system32\nvshext.dll
2009-06-10 13:34 . 2009-06-10 13:34 13785632 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 11:33 . 2009-06-10 11:33 244736 ----a-w- c:\windows\system32\nvStInst.exe
2009-06-10 11:33 . 2009-06-10 11:33 467968 ----a-w- c:\windows\system32\nvstlink.exe
2009-06-10 11:33 . 2009-06-10 11:33 3953152 ----a-w- c:\windows\system32\nvstwiz.exe
2009-06-10 11:33 . 2009-06-10 11:33 141824 ----a-w- c:\windows\system32\nvStereoApiI.dll
2009-06-10 11:33 . 2009-06-10 11:33 171520 ----a-w- c:\windows\system32\nvStereoApiI64.dll
2009-06-10 11:33 . 2009-06-10 11:33 232960 ----a-w- c:\windows\system32\nvSCPAPISvr.exe
2009-06-10 11:32 . 2009-06-10 11:32 257536 ----a-w- c:\windows\system32\nvSCPAPI.dll
2009-06-10 11:32 . 2009-06-10 11:32 301568 ----a-w- c:\windows\system32\nvSCPAPI64.dll
2009-06-10 11:32 . 2009-06-10 11:32 3293184 ----a-w- c:\windows\system32\nvstres.dll
2009-06-10 11:32 . 2009-06-10 11:32 5847 ----a-w- c:\windows\system32\oglstreg.reg
2009-06-10 11:31 . 2009-06-10 11:31 167424 ----a-w- c:\windows\system32\nvstreg.exe
2009-06-10 11:31 . 2009-06-10 11:31 1718272 ----a-w- c:\windows\system32\nvsttest.exe
2009-06-10 11:31 . 2009-06-10 11:31 1034752 ----a-w- c:\windows\system32\nvstview.exe
2009-06-10 11:31 . 2009-06-10 11:31 89088 ----a-w- c:\windows\system32\nvimage.dll
2009-06-10 11:29 . 2009-06-10 11:29 1656 ----a-w- c:\windows\system32\nvstdef.reg
2009-06-10 11:03 . 2009-06-10 11:03 9899296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-06-10 11:03 . 2009-06-10 11:03 678432 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 11:03 . 2009-06-10 11:03 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 11:03 . 2009-06-10 11:03 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-06-10 11:03 . 2009-06-10 11:03 3148288 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-06-10 11:03 . 2009-06-10 11:03 1704960 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 11:03 . 2009-06-10 11:03 151552 ----a-w- c:\windows\system32\nvcod155.dll
2009-06-10 11:03 . 2009-06-10 11:03 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 11:03 . 2009-06-10 11:03 1317408 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 11:03 . 2009-06-10 11:03 10379264 ----a-w- c:\windows\system32\nvoglv32.dll
2009-06-10 11:03 . 2008-10-25 20:00 989696 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 11:03 . 2008-10-25 20:00 7611904 ----a-w- c:\windows\system32\nvd3dum.dll
2009-07-18 05:24 . 2009-07-14 05:13 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-01_21.59.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:56 . 2009-08-01 22:09 38734 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-08-01 22:01 74834 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:03 . 2009-07-24 06:16 74834 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-13 13:25 . 2009-08-01 18:26 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-13 13:25 . 2009-08-01 22:13 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-13 13:25 . 2009-08-01 22:13 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-13 13:25 . 2009-08-01 18:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-13 13:25 . 2009-08-01 22:13 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-13 13:25 . 2009-08-01 18:26 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 01:42 . 2009-08-01 22:01 6142 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-202862733-1428974592-4276797232-1000_UserData.bin
+ 2009-08-01 22:13 . 2009-08-01 22:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-01 22:13 . 2009-08-01 22:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:00 . 2009-08-01 18:35 667420 c:\windows\System32\perfh00C.dat
+ 2009-07-14 04:00 . 2009-08-01 22:21 667420 c:\windows\System32\perfh00C.dat
+ 2006-11-02 10:33 . 2009-08-01 22:21 595446 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-01 18:35 595446 c:\windows\System32\perfh009.dat
+ 2009-07-14 04:00 . 2009-08-01 22:21 122870 c:\windows\System32\perfc00C.dat
- 2009-07-14 04:00 . 2009-08-01 18:35 122870 c:\windows\System32\perfc00C.dat
- 2006-11-02 10:33 . 2009-08-01 18:35 101144 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-08-01 22:21 101144 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2009-05-08 22:14 97816 ----a-w- c:\program files\Nero\Nero 9\InCD\NBHshx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"sbitunesagent"="c:\program files\Songbird\songbirditunesagent.exe" [2009-06-16 229376]
"Allway Sync"="c:\program files\Allway Sync\Bin\syncappw.exe" [2009-05-05 79576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13785632]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-25 7289376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-15 148888]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-05-26 413696]
"InCD"="c:\program files\Nero\Nero 9\InCD\InCD.exe" [2009-05-08 1116696]
"NBHGui"="c:\program files\Nero\Nero 9\InCD\NBHGui.exe" [2009-05-08 1593880]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-06 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

c:\users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:):32,71,31,ee,3a,04,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-202862733-1428974592-4276797232-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{67780A64-9263-4B8D-8599-EB2FB2E78AD4}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{E6272645-8ABB-473F-8267-CC41B0D51CDE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{59499F6C-58B5-4DB3-AE51-02C5BA05FA0B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{17F6672B-EF07-453D-97C1-6D12341BC0A8}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{BAA9962E-B993-47E7-BAED-307DB9C322E0}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{00B9139F-4575-4C36-A01E-DD514D51875E}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{0AA8035D-F1D0-4075-BCE0-57389EEEAEA1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D15A0CD8-9EB8-4A09-BC30-4432B4D2C6E2}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2D1B45AB-0DB2-4E35-9FEC-983F6C73A735}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{91FA60A7-D08B-494C-898A-32841D0A01E4}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5872C6F1-FC66-420D-8F62-253ECC625629}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{73BE5790-3CB4-4B36-8D2F-9A984D50FDA5}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™
"{6CF31DB6-CCEA-4C41-814F-19D7DE3FEBE8}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™
"{00B65CCF-EECC-4D71-9425-192D4DBEBBDA}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™
"{CA7F68F6-F45F-499A-9614-393DBDEAC525}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™
"{FADFC85E-EE78-405C-9D2C-2455B1FF6E0D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{86C90950-D078-4BB1-8687-36F69393FDBB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [7/14/2009 10:42 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [7/16/2009 2:54 PM 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [7/14/2009 12:21 AM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [7/14/2009 12:21 AM 108552]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [7/16/2009 2:54 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [7/16/2009 2:54 PM 51792]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/14/2009 12:21 AM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/14/2009 12:21 AM 298776]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [5/8/2009 5:14 PM 109080]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [7/14/2009 10:33 PM 1153368]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [4/27/2009 6:09 PM 93960]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [6/10/2009 6:33 AM 232960]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/14/2009 9:23 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [7/14/2009 11:46 PM 410976]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\knjhyh24.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\knjhyh24.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\knjhyh24.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\knjhyh24.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-01 17:31
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5128)
c:\program files\Nero\Nero 9\InCD\NBHshx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\Nero\Nero 9\InCD\InCDSrv.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\System32\nvvsvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
c:\windows\servicing\TrustedInstaller.exe
c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
c:\windows\System32\conime.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Nero\Nero 9\NeroDiscCopy9.Gadget\NeroGadgetCMServer.exe
.
**************************************************************************
.
Completion time: 2009-08-01 17:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-01 22:36
ComboFix2.txt 2009-08-01 22:02

Pre-Run: 677,077,970,944 bytes free
Post-Run: 677,060,440,064 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
428 --- E O F --- 2009-07-24 01:57

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 03 August 2009 - 09:36 PM

Please uninstall Lavasoft Ad-Aware and Spybot S&D for now...

I'm gonna need you to install Avira Antivirus Personal Edition (the free antivirus).. Link below..

http://www.free-av.com/


After that, please download the Avira AntiRootkit and save to your Desktop.
  • Unzip it into a folder on your desktop.
  • Start the avirarkd.exe program.
  • Keep the default settings and click on the Start scan button.
  • When the scan is complete click on the View report button and the text file will open.
  • Copy and paste the log here.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 dadrivr

dadrivr
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 03 August 2009 - 11:58 PM

I uninstalled Lavasoft, Sypware, AVG, & Avast, and then I installed Avira. After rebooting, running the Avira Antirootkit, and clicking "Start Scan", I got the following error message: "Initialization Failed: Error Code : 1". I am running no other programs, so something is not right. I even updated Avira and restarted my pc, but I get the same error everytime. Also, I cannot run the Antirootkit in safe mode because the Avira service is disabled.

Here's my (incomplete) log:

Avira AntiRootkit Tool (1.1.0.1)

========================================================================================================
- Scan started Monday, August 03, 2009 - 23:44:52 PM
========================================================================================================

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 931.51 GB
- Working disk free size : 630.43 GB (67 %)
--------------------------------------------------------------------------------------------------------

Scan task finished. No hidden objects detected!

--------------------------------------------------------------------------------------------------------
Files: 0/0
Registry items: 0/0
Processes: 0/42
Scan time: 00:00:00
--------------------------------------------------------------------------------------------------------
Active processes:
- System (PID 4)
- svchost.exe (PID 1256)
- services.exe (PID 776)
- svchost.exe (PID 1388)
- nvvsvc.exe (PID 1092)
- svchost.exe (PID 1276)
- nvvsvc.exe (PID 236)
- svchost.exe (PID 1220)
- audiodg.exe (PID 1368)
- dwm.exe (PID 1676)
- smss.exe (PID 580)
- explorer.exe (PID 376)
- avguard.exe (PID 1940)
- svchost.exe (PID 996)
- svchost.exe (PID 1952)
- TrustedInstaller.exe (PID 1452)
- csrss.exe (PID 652)
- wininit.exe (PID 728)
- svchost.exe (PID 1648)
- lsm.exe (PID 800)
- lsass.exe (PID 788)
- csrss.exe (PID 740)
- winlogon.exe (PID 872)
- svchost.exe (PID 1120)
- svchost.exe (PID 1180)
- taskeng.exe (PID 1756)
- BrMfcMon.exe (PID 3088)
- SLsvc.exe (PID 1408)
- spoolsv.exe (PID 1872)
- taskeng.exe (PID 3896)
- sched.exe (PID 1896)
- InCDSrv.exe (PID 1544)
- svchost.exe (PID 1628)
- BrMfcWnd.exe (PID 3620)
- yskzypni.exe (PID 3036) (Avira AntiRootkit Tool)
- avirarkd.exe (PID 2132)
- avgnt.exe (PID 3780)
- jusched.exe (PID 3428)
- svchost.exe (PID 3496)
- svchost.exe (PID 3556)
- WLIDSVC.EXE (PID 3684)
- WLIDSVCM.EXE (PID 4048)
========================================================================================================
- Scan finished Monday, August 03, 2009 - 23:44:52 PM
========================================================================================================
Avira AntiRootkit Tool (1.1.0.1)

========================================================================================================
- Scan started Monday, August 03, 2009 - 23:45:01 PM
========================================================================================================

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 931.51 GB
- Working disk free size : 630.43 GB (67 %)
--------------------------------------------------------------------------------------------------------

Scan task finished. No hidden objects detected!

--------------------------------------------------------------------------------------------------------
Files: 0/0
Registry items: 0/0
Processes: 0/42
Scan time: 00:00:00
--------------------------------------------------------------------------------------------------------
Active processes:
- System (PID 4)
- svchost.exe (PID 1256)
- services.exe (PID 776)
- svchost.exe (PID 1388)
- nvvsvc.exe (PID 1092)
- svchost.exe (PID 1276)
- nvvsvc.exe (PID 236)
- svchost.exe (PID 1220)
- audiodg.exe (PID 1368)
- dwm.exe (PID 1676)
- avguard.exe (PID 1940)
- smss.exe (PID 580)
- explorer.exe (PID 376)
- taskeng.exe (PID 1756)
- svchost.exe (PID 996)
- svchost.exe (PID 1952)
- TrustedInstaller.exe (PID 1452)
- InCDSrv.exe (PID 1544)
- csrss.exe (PID 652)
- wininit.exe (PID 728)
- svchost.exe (PID 1648)
- lsm.exe (PID 800)
- lsass.exe (PID 788)
- csrss.exe (PID 740)
- winlogon.exe (PID 872)
- svchost.exe (PID 1120)
- svchost.exe (PID 1180)
- BrMfcMon.exe (PID 3088)
- SLsvc.exe (PID 1408)
- taskeng.exe (PID 3896)
- sched.exe (PID 1896)
- svchost.exe (PID 1628)
- WLIDSVCM.EXE (PID 4048)
- WLIDSVC.EXE (PID 3684)
- spoolsv.exe (PID 1872)
- BrMfcWnd.exe (PID 3620)
- yskzypni.exe (PID 3036) (Avira AntiRootkit Tool)
- avirarkd.exe (PID 2132)
- svchost.exe (PID 3496)
- avgnt.exe (PID 3780)
- jusched.exe (PID 3428)
- svchost.exe (PID 3556)
========================================================================================================
- Scan finished Monday, August 03, 2009 - 23:45:01 PM
========================================================================================================
Avira AntiRootkit Tool (1.1.0.1)

========================================================================================================
- Scan started Monday, August 03, 2009 - 23:45:12 PM
========================================================================================================

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 931.51 GB
- Working disk free size : 630.43 GB (67 %)
--------------------------------------------------------------------------------------------------------

Scan task finished. No hidden objects detected!

--------------------------------------------------------------------------------------------------------
Files: 0/0
Registry items: 0/0
Processes: 0/42
Scan time: 00:00:00
--------------------------------------------------------------------------------------------------------
Active processes:
- System (PID 4)
- svchost.exe (PID 1256)
- services.exe (PID 776)
- svchost.exe (PID 1388)
- nvvsvc.exe (PID 1092)
- svchost.exe (PID 1276)
- nvvsvc.exe (PID 236)
- svchost.exe (PID 1220)
- audiodg.exe (PID 1368)
- dwm.exe (PID 1676)
- avguard.exe (PID 1940)
- smss.exe (PID 580)
- explorer.exe (PID 376)
- taskeng.exe (PID 1756)
- svchost.exe (PID 996)
- svchost.exe (PID 1952)
- TrustedInstaller.exe (PID 1452)
- InCDSrv.exe (PID 1544)
- csrss.exe (PID 652)
- wininit.exe (PID 728)
- svchost.exe (PID 1648)
- lsm.exe (PID 800)
- lsass.exe (PID 788)
- csrss.exe (PID 740)
- winlogon.exe (PID 872)
- svchost.exe (PID 1120)
- svchost.exe (PID 1180)
- BrMfcMon.exe (PID 3088)
- SLsvc.exe (PID 1408)
- taskeng.exe (PID 3896)
- sched.exe (PID 1896)
- svchost.exe (PID 1628)
- WLIDSVCM.EXE (PID 4048)
- WLIDSVC.EXE (PID 3684)
- spoolsv.exe (PID 1872)
- BrMfcWnd.exe (PID 3620)
- yskzypni.exe (PID 3036) (Avira AntiRootkit Tool)
- avirarkd.exe (PID 2132)
- svchost.exe (PID 3496)
- avgnt.exe (PID 3780)
- jusched.exe (PID 3428)
- svchost.exe (PID 3556)
========================================================================================================
- Scan finished Monday, August 03, 2009 - 23:45:12 PM
========================================================================================================

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 05 August 2009 - 12:12 AM

Erm.. it looks something is preventing Avira Antirootkit from run.. Lets do this instead..

Go HERE and download SysProt AntiRootkit. Unzip it to your Desktop
  • Run SysProt >> Click on the Log tab
  • Tick ALL the boxes at the "Write to log" section (Do NOT tick the "Hidden Objects Only" options)
  • Hit the Create Log button
  • When it asked for scanning option, choose Scanning all drives >> Hit Start button (Do NOT hit "Ok" button)
  • Let it scan until finish
  • Find the log.txt inside the SysProt folder and attach the log here.


NEXT


Download this tool to desktop:

http://www2.gmer.net/mbr/mbr.exe

Double click it & post the log it creates on desktop. (mbr.log)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 dadrivr

dadrivr
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 08 August 2009 - 08:39 PM

Syspro log attached. Mbr.exe log below:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: MBR read successfully
BIOS signateure not found

Attached Files



#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 08 August 2009 - 09:42 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 dadrivr

dadrivr
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 10 August 2009 - 12:04 PM

Combo-fix log attached

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users