Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

9129837.exe found on my computer


  • This topic is locked This topic is locked
46 replies to this topic

#1 Please Help Us

Please Help Us

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 27 July 2009 - 08:16 AM

Hello everyone, recently I noticed a strange file on my computer and now my computer has been acting weird to say in the least. IE has been slowed down it seems, and I'm fearful for the worst. This compuster is running a 64bit Vista SP2 computer, with Symantec End Point on it. I noticed the file during one of its anti-virus scans, and decided to do some research on it and it seems I have something unwanting to say in the least. I've tried a large amount of things like Malware anti-bytes and several others programs, which either fail to find anything, or fail since this computer is 64bit.
I've already posted a topic on here on another forum, and after that failed I was refered here. It contains all the other things I was asked to do, which either failed or didn't work at all thanks to the 64 being unable to run it.

Previous Topic: http://www.bleepingcomputer.com/forums/t/243810/9129837exe/

I tried to run a Hijackthis Log, however, it failed on my computer to run at all. Which then the friendly helper linked me to RSIT which was able to run. It posted two logs. I was asked to post the one named log.txt to you guys to see if you can make heads or tails of it. However, I also have the other one on call if you desire to look at it as well. I would like to thank whoever is helping me ahead of time, your wisdom in this situation is greatly needed. :thumbup2:

Anyway I'm running my mouth now, here's the lot from the RSIT scan.


Logfile of random's system information tool 1.06 (written by random/random)
Run by Jim at 2009-07-27 05:01:49
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 603 GB (86%) free of 705 GB
Total RAM: 9206 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:01:56 AM, on 7/27/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\MHotKey.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Windows\ChiFuncExt.exe
C:\Windows\ModLedKey.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe
C:\Users\Jim\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Jim.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...00-01e&c=BB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...00-01e&c=BB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...00-01e&c=BB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...00-01e&c=BB
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe
O4 - HKLM\..\Run: [LedKey] CNYHKey.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [StartMSu] "C:\Program Files (x86)\Creative\MediaSource5\Startmsu.exe" /s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [StartMSu] "C:\Program Files (x86)\Creative\MediaSource5\Startmsu.exe" /s (User 'Default user')
O4 - Global Startup: SmartCopy.lnk = C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
O4 - Global Startup: SmartLauncher.lnk = C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12910 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-05-08 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2009-02-13 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-18 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-22 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-02-13 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"=C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [2008-07-10 225396]
"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-02-13 136600]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-12 39792]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"LchDrvKey"=C:\Windows\LchDrvKey.exe [2007-03-28 36864]
"LedKey"=C:\Windows\CNYHKey.exe [2008-04-23 339968]
"eRecoveryService"= []
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2009-03-15 180224]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-05-26 413696]
"ccApp"=C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [2008-08-14 115560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 138240]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-11 68856]
"CTRegRun"=C:\Windows\CTRegRun.EXE [2006-10-06 53248]
"EA Core"=C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [2009-04-29 3338240]
"Steam"=C:\Program Files (x86)\Valve\Steam\Steam.exe [2009-06-20 1217784]
"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SmartCopy.lnk - C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
SmartLauncher.lnk - C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskmgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoActiveDesktopChanges"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b8ceb-b059-11dd-87cd-806e6f6e6963}]
shell\AutoRun\command - D:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edbd7647-1dee-11de-ac1d-0022683aed1f}]
shell\AutoRun\command - J:\LaunchU3.exe


======List of files/folders created in the last 1 months======

2009-07-27 05:01:49 ----D---- C:\rsit
2009-07-27 05:01:49 ----D---- C:\Program Files (x86)\trend micro
2009-07-27 05:01:49 ----D---- \rsit
2009-07-25 15:10:56 ----D---- C:\Program Files (x86)\Sophos
2009-07-24 06:27:10 ----A---- C:\Windows\ntbtlog.txt
2009-07-19 21:11:58 ----D---- C:\Users\Jim\AppData\Roaming\skypePM
2009-07-19 21:05:22 ----D---- C:\Users\Jim\AppData\Roaming\Skype
2009-07-19 21:04:46 ----RD---- C:\Program Files (x86)\Skype
2009-07-19 21:04:46 ----D---- C:\Program Files (x86)\Common Files\Skype
2009-07-14 23:03:25 ----A---- C:\Windows\system32\t2embed.dll
2009-07-14 23:03:25 ----A---- C:\Windows\system32\fontsub.dll
2009-07-14 23:03:25 ----A---- C:\Windows\system32\dciman32.dll
2009-07-14 23:03:25 ----A---- C:\Windows\system32\atmfd.dll
2009-07-14 00:27:51 ----D---- C:\Windows\system32\vi-VN
2009-07-14 00:27:51 ----D---- C:\Windows\system32\eu-ES
2009-07-14 00:27:51 ----D---- C:\Windows\system32\ca-ES
2009-07-13 23:53:49 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-07-13 23:53:43 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-07-13 23:53:42 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-07-13 23:53:40 ----A---- C:\Windows\system32\SLCExt.dll
2009-07-13 23:53:38 ----A---- C:\Windows\system32\mssrch.dll
2009-07-13 23:53:36 ----A---- C:\Windows\system32\WscEapPr.dll
2009-07-13 23:53:36 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-07-13 23:53:35 ----A---- C:\Windows\system32\tquery.dll
2009-07-13 23:53:33 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-07-13 23:53:29 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-07-13 23:53:29 ----A---- C:\Windows\system32\RMActivate.exe
2009-07-13 23:53:28 ----A---- C:\Windows\system32\msi.dll
2009-07-13 23:53:27 ----A---- C:\Windows\system32\secproc_isv.dll
2009-07-13 23:53:27 ----A---- C:\Windows\system32\imapi2fs.dll
2009-07-13 23:53:25 ----A---- C:\Windows\system32\mf.dll
2009-07-13 23:53:25 ----A---- C:\Windows\system32\icardagt.exe
2009-07-13 23:53:22 ----A---- C:\Windows\system32\spwizui.dll
2009-07-13 23:53:22 ----A---- C:\Windows\system32\ieframe.dll
2009-07-13 23:53:22 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-07-13 23:53:21 ----A---- C:\Windows\system32\spreview.exe
2009-07-13 23:53:21 ----A---- C:\Windows\system32\spinstall.exe
2009-07-13 23:53:21 ----A---- C:\Windows\system32\drmv2clt.dll
2009-07-13 23:53:20 ----A---- C:\Windows\system32\shell32.dll
2009-07-13 23:53:20 ----A---- C:\Windows\system32\secproc.dll
2009-07-13 23:53:19 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-07-13 23:53:19 ----A---- C:\Windows\system32\p2psvc.dll
2009-07-13 23:53:19 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-07-13 23:53:19 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-07-13 23:53:18 ----A---- C:\Windows\system32\mssvp.dll
2009-07-13 23:53:18 ----A---- C:\Windows\system32\mscoree.dll
2009-07-13 23:53:18 ----A---- C:\Windows\system32\kernel32.dll
2009-07-13 23:53:17 ----A---- C:\Windows\system32\ntdll.dll
2009-07-13 23:53:17 ----A---- C:\Windows\system32\mssphtb.dll
2009-07-13 23:53:17 ----A---- C:\Windows\system32\mssph.dll
2009-07-13 23:53:17 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-07-13 23:53:17 ----A---- C:\Windows\system32\imapi2.dll
2009-07-13 23:53:15 ----A---- C:\Windows\system32\sdohlp.dll
2009-07-13 23:53:15 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-07-13 23:53:15 ----A---- C:\Windows\system32\esent.dll
2009-07-13 23:53:15 ----A---- C:\Windows\system32\DevicePairing.dll
2009-07-13 23:53:14 ----A---- C:\Windows\system32\sperror.dll
2009-07-13 23:53:14 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-07-13 23:53:14 ----A---- C:\Windows\system32\korwbrkr.dll
2009-07-13 23:53:13 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-07-13 23:53:13 ----A---- C:\Windows\system32\wmp.dll
2009-07-13 23:53:13 ----A---- C:\Windows\system32\SLC.dll
2009-07-13 23:53:13 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-07-13 23:53:13 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-07-13 23:53:13 ----A---- C:\Windows\system32\msshsq.dll
2009-07-13 23:53:13 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-07-13 23:53:12 ----A---- C:\Windows\system32\msxml6.dll
2009-07-13 23:53:12 ----A---- C:\Windows\system32\msjet40.dll
2009-07-13 23:53:11 ----A---- C:\Windows\system32\user32.dll
2009-07-13 23:53:11 ----A---- C:\Windows\system32\Query.dll
2009-07-13 23:53:11 ----A---- C:\Windows\system32\EhStorShell.dll
2009-07-13 23:53:10 ----A---- C:\Windows\system32\P2PGraph.dll
2009-07-13 23:53:10 ----A---- C:\Windows\system32\ole32.dll
2009-07-13 23:53:10 ----A---- C:\Windows\system32\msexch40.dll
2009-07-13 23:53:10 ----A---- C:\Windows\system32\IasMigReader.exe
2009-07-13 23:53:10 ----A---- C:\Windows\explorer.exe
2009-07-13 23:53:09 ----A---- C:\Windows\system32\srchadmin.dll
2009-07-13 23:53:09 ----A---- C:\Windows\system32\msxml3.dll
2009-07-13 23:53:09 ----A---- C:\Windows\system32\mmc.exe
2009-07-13 23:53:09 ----A---- C:\Windows\system32\gdi32.dll
2009-07-13 23:53:09 ----A---- C:\Windows\system32\EncDec.dll
2009-07-13 23:53:09 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-07-13 23:53:08 ----A---- C:\Windows\system32\riched20.dll
2009-07-13 23:53:08 ----A---- C:\Windows\system32\RacEngn.dll
2009-07-13 23:53:08 ----A---- C:\Windows\system32\Magnify.exe
2009-07-13 23:53:08 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-07-13 23:53:08 ----A---- C:\Windows\system32\fdBth.dll
2009-07-13 23:53:07 ----A---- C:\Windows\system32\spoolss.dll
2009-07-13 23:53:07 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-07-13 23:53:07 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-07-13 23:53:07 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-07-13 23:53:07 ----A---- C:\Windows\system32\milcore.dll
2009-07-13 23:53:07 ----A---- C:\Windows\system32\CertEnroll.dll
2009-07-13 23:53:07 ----A---- C:\Windows\system32\bcrypt.dll
2009-07-13 23:53:06 ----A---- C:\Windows\system32\jscript.dll
2009-07-13 23:53:05 ----A---- C:\Windows\system32\Storprop.dll
2009-07-13 23:53:05 ----A---- C:\Windows\system32\msvcp60.dll
2009-07-13 23:53:05 ----A---- C:\Windows\system32\msjtes40.dll
2009-07-13 23:53:05 ----A---- C:\Windows\system32\infocardapi.dll
2009-07-13 23:53:05 ----A---- C:\Windows\system32\gpedit.dll
2009-07-13 23:53:05 ----A---- C:\Windows\system32\es.dll
2009-07-13 23:53:04 ----A---- C:\Windows\system32\WMPhoto.dll
2009-07-13 23:53:04 ----A---- C:\Windows\system32\WebClnt.dll
2009-07-13 23:53:04 ----A---- C:\Windows\system32\mstext40.dll
2009-07-13 23:53:04 ----A---- C:\Windows\system32\msexcl40.dll
2009-07-13 23:53:04 ----A---- C:\Windows\system32\advapi32.dll
2009-07-13 23:53:03 ----A---- C:\Windows\system32\vssapi.dll
2009-07-13 23:53:03 ----A---- C:\Windows\system32\slwmi.dll
2009-07-13 23:53:03 ----A---- C:\Windows\system32\msxbde40.dll
2009-07-13 23:53:03 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-13 23:53:03 ----A---- C:\Windows\system32\comsvcs.dll
2009-07-13 23:53:02 ----A---- C:\Windows\system32\mstscax.dll
2009-07-13 23:53:02 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-07-13 23:53:02 ----A---- C:\Windows\system32\authui.dll
2009-07-13 23:53:01 ----A---- C:\Windows\system32\vbscript.dll
2009-07-13 23:53:01 ----A---- C:\Windows\system32\PresentationHost.exe
2009-07-13 23:53:01 ----A---- C:\Windows\system32\newdev.dll
2009-07-13 23:53:01 ----A---- C:\Windows\system32\msrepl40.dll
2009-07-13 23:53:00 ----A---- C:\Windows\system32\propsys.dll
2009-07-13 23:53:00 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-13 23:53:00 ----A---- C:\Windows\system32\iasrecst.dll
2009-07-13 23:53:00 ----A---- C:\Windows\system32\eudcedit.exe
2009-07-13 23:53:00 ----A---- C:\Windows\system32\crypt32.dll
2009-07-13 23:52:59 ----A---- C:\Windows\system32\setupapi.dll
2009-07-13 23:52:59 ----A---- C:\Windows\system32\mspbde40.dll
2009-07-13 23:52:59 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-13 23:52:59 ----A---- C:\Windows\system32\explorer.exe
2009-07-13 23:52:59 ----A---- C:\Windows\system32\d3d9.dll
2009-07-13 23:52:58 ----A---- C:\Windows\system32\msltus40.dll
2009-07-13 23:52:58 ----A---- C:\Windows\system32\davclnt.dll
2009-07-13 23:52:57 ----A---- C:\Windows\system32\shlwapi.dll
2009-07-13 23:52:57 ----A---- C:\Windows\system32\msrd3x40.dll
2009-07-13 23:52:57 ----A---- C:\Windows\system32\mfc42.dll
2009-07-13 23:52:57 ----A---- C:\Windows\system32\browseui.dll
2009-07-13 23:52:56 ----A---- C:\Windows\system32\wevtapi.dll
2009-07-13 23:52:56 ----A---- C:\Windows\system32\photowiz.dll
2009-07-13 23:52:56 ----A---- C:\Windows\system32\nlhtml.dll
2009-07-13 23:52:54 ----A---- C:\Windows\system32\win32spl.dll
2009-07-13 23:52:54 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-07-13 23:52:54 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-07-13 23:52:54 ----A---- C:\Windows\system32\quartz.dll
2009-07-13 23:52:54 ----A---- C:\Windows\system32\oleaut32.dll
2009-07-13 23:52:54 ----A---- C:\Windows\system32\msv1_0.dll
2009-07-13 23:52:54 ----A---- C:\Windows\system32\kerberos.dll
2009-07-13 23:52:53 ----A---- C:\Windows\system32\xmlfilter.dll
2009-07-13 23:52:53 ----A---- C:\Windows\system32\winhttp.dll
2009-07-13 23:52:53 ----A---- C:\Windows\system32\netshell.dll
2009-07-13 23:52:53 ----A---- C:\Windows\system32\mswstr10.dll
2009-07-13 23:52:53 ----A---- C:\Windows\system32\msctf.dll
2009-07-13 23:52:53 ----A---- C:\Windows\system32\apds.dll
2009-07-13 23:52:52 ----A---- C:\Windows\system32\msvcrt.dll
2009-07-13 23:52:52 ----A---- C:\Windows\system32\mfc42u.dll
2009-07-13 23:52:51 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-07-13 23:52:51 ----A---- C:\Windows\system32\secur32.dll
2009-07-13 23:52:51 ----A---- C:\Windows\system32\msrd2x40.dll
2009-07-13 23:52:51 ----A---- C:\Windows\system32\eapphost.dll
2009-07-13 23:52:50 ----A---- C:\Windows\system32\propdefs.dll
2009-07-13 23:52:50 ----A---- C:\Windows\system32\odbc32.dll
2009-07-13 23:52:49 ----A---- C:\Windows\system32\shdocvw.dll
2009-07-13 23:52:48 ----A---- C:\Windows\system32\WsmSvc.dll
2009-07-13 23:52:48 ----A---- C:\Windows\system32\wevtutil.exe
2009-07-13 23:52:48 ----A---- C:\Windows\system32\mssitlb.dll
2009-07-13 23:52:48 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-07-13 23:52:48 ----A---- C:\Windows\system32\dbgeng.dll
2009-07-13 23:52:47 ----A---- C:\Windows\system32\usp10.dll
2009-07-13 23:52:47 ----A---- C:\Windows\system32\mshtmled.dll
2009-07-13 23:52:47 ----A---- C:\Windows\system32\ieapfltr.dll
2009-07-13 23:52:46 ----A---- C:\Windows\system32\netlogon.dll
2009-07-13 23:52:46 ----A---- C:\Windows\system32\msscb.dll
2009-07-13 23:52:46 ----A---- C:\Windows\system32\msctfp.dll
2009-07-13 23:52:46 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-07-13 23:52:46 ----A---- C:\Windows\system32\drvinst.exe
2009-07-13 23:52:46 ----A---- C:\Windows\system32\devmgr.dll
2009-07-13 23:52:46 ----A---- C:\Windows\system32\adsldpc.dll
2009-07-13 23:52:45 ----A---- C:\Windows\system32\WSDApi.dll
2009-07-13 23:52:45 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-07-13 23:52:45 ----A---- C:\Windows\system32\Wldap32.dll
2009-07-13 23:52:45 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-07-13 23:52:45 ----A---- C:\Windows\system32\wcnwiz.dll
2009-07-13 23:52:45 ----A---- C:\Windows\system32\schannel.dll
2009-07-13 23:52:45 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-07-13 23:52:45 ----A---- C:\Windows\system32\evr.dll
2009-07-13 23:52:44 ----A---- C:\Windows\system32\wcncsvc.dll
2009-07-13 23:52:44 ----A---- C:\Windows\system32\services.exe
2009-07-13 23:52:44 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-07-13 23:52:44 ----A---- C:\Windows\system32\mimefilt.dll
2009-07-13 23:52:44 ----A---- C:\Windows\system32\iertutil.dll
2009-07-13 23:52:44 ----A---- C:\Windows\system32\comdlg32.dll
2009-07-13 23:52:44 ----A---- C:\Windows\system32\adtschema.dll
2009-07-13 23:52:43 ----A---- C:\Windows\system32\mswdat10.dll
2009-07-13 23:52:43 ----A---- C:\Windows\system32\msjter40.dll
2009-07-13 23:52:43 ----A---- C:\Windows\system32\msdtcprx.dll
2009-07-13 23:52:43 ----A---- C:\Windows\system32\msdrm.dll
2009-07-13 23:52:43 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-07-13 23:52:43 ----A---- C:\Windows\system32\certcli.dll
2009-07-13 23:52:42 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-07-13 23:52:42 ----A---- C:\Windows\system32\taskeng.exe
2009-07-13 23:52:42 ----A---- C:\Windows\system32\rtffilt.dll
2009-07-13 23:52:42 ----A---- C:\Windows\system32\reg.exe
2009-07-13 23:52:42 ----A---- C:\Windows\system32\dnsapi.dll
2009-07-13 23:52:42 ----A---- C:\Windows\system32\certutil.exe
2009-07-13 23:52:41 ----A---- C:\Windows\system32\rsaenh.dll
2009-07-13 23:52:41 ----A---- C:\Windows\system32\msstrc.dll
2009-07-13 23:52:41 ----A---- C:\Windows\system32\msshooks.dll
2009-07-13 23:52:41 ----A---- C:\Windows\system32\msscntrs.dll
2009-07-13 23:52:41 ----A---- C:\Windows\system32\msihnd.dll
2009-07-13 23:52:41 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-07-13 23:52:40 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-07-13 23:52:40 ----A---- C:\Windows\system32\netapi32.dll
2009-07-13 23:52:40 ----A---- C:\Windows\system32\mtxclu.dll
2009-07-13 23:52:40 ----A---- C:\Windows\system32\mscories.dll
2009-07-13 23:52:40 ----A---- C:\Windows\system32\inetcomm.dll
2009-07-13 23:52:40 ----A---- C:\Windows\system32\hidserv.dll
2009-07-13 23:52:40 ----A---- C:\Windows\system32\fundisc.dll
2009-07-13 23:52:40 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-07-13 23:52:40 ----A---- C:\Windows\system32\dfshim.dll
2009-07-13 23:52:40 ----A---- C:\Windows\system32\cryptsvc.dll
2009-07-13 23:52:39 ----A---- C:\Windows\system32\wdc.dll
2009-07-13 23:52:39 ----A---- C:\Windows\system32\shsvcs.dll
2009-07-13 23:52:39 ----A---- C:\Windows\system32\msiexec.exe
2009-07-13 23:52:39 ----A---- C:\Windows\system32\imapi.dll
2009-07-13 23:52:39 ----A---- C:\Windows\system32\gameux.dll
2009-07-13 23:52:39 ----A---- C:\Windows\system32\chsbrkr.dll
2009-07-13 23:52:38 ----A---- C:\Windows\system32\pnidui.dll
2009-07-13 23:52:38 ----A---- C:\Windows\system32\imm32.dll
2009-07-13 23:52:38 ----A---- C:\Windows\system32\iassdo.dll
2009-07-13 23:52:37 ----A---- C:\Windows\system32\spcmsg.dll
2009-07-13 23:52:37 ----A---- C:\Windows\system32\slmgr.vbs
2009-07-13 23:52:37 ----A---- C:\Windows\system32\scrrun.dll
2009-07-13 23:52:37 ----A---- C:\Windows\system32\autofmt.exe
2009-07-13 23:52:34 ----A---- C:\Windows\system32\pdh.dll
2009-07-13 23:52:34 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-07-13 23:52:34 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-07-13 23:52:34 ----A---- C:\Windows\system32\azroles.dll
2009-07-13 23:52:33 ----A---- C:\Windows\system32\wmpmde.dll
2009-07-13 23:52:33 ----A---- C:\Windows\system32\winlogon.exe
2009-07-13 23:52:33 ----A---- C:\Windows\system32\SyncCenter.dll
2009-07-13 23:52:33 ----A---- C:\Windows\system32\pidgenx.dll
2009-07-13 23:52:32 ----A---- C:\Windows\system32\ncrypt.dll
2009-07-13 23:52:32 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-07-13 23:52:32 ----A---- C:\Windows\system32\comuid.dll
2009-07-13 23:52:32 ----A---- C:\Windows\system32\certmgr.dll
2009-07-13 23:52:31 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-07-13 23:52:31 ----A---- C:\Windows\system32\untfs.dll
2009-07-13 23:52:31 ----A---- C:\Windows\system32\spp.dll
2009-07-13 23:52:31 ----A---- C:\Windows\system32\sethc.exe
2009-07-13 23:52:31 ----A---- C:\Windows\system32\scrobj.dll
2009-07-13 23:52:31 ----A---- C:\Windows\system32\rtutils.dll
2009-07-13 23:52:31 ----A---- C:\Windows\system32\iassam.dll
2009-07-13 23:52:30 ----A---- C:\Windows\system32\taskcomp.dll
2009-07-13 23:52:30 ----A---- C:\Windows\system32\autochk.exe
2009-07-13 23:52:29 ----A---- C:\Windows\system32\printui.dll
2009-07-13 23:52:29 ----A---- C:\Windows\system32\iasnap.dll
2009-07-13 23:52:29 ----A---- C:\Windows\system32\autoconv.exe
2009-07-13 23:52:28 ----A---- C:\Windows\system32\WMVDECOD.DLL
2009-07-13 23:52:28 ----A---- C:\Windows\system32\userenv.dll
2009-07-13 23:52:28 ----A---- C:\Windows\system32\osk.exe
2009-07-13 23:52:28 ----A---- C:\Windows\system32\onex.dll
2009-07-13 23:52:28 ----A---- C:\Windows\system32\mswsock.dll
2009-07-13 23:52:28 ----A---- C:\Windows\system32\cscript.exe
2009-07-13 23:52:28 ----A---- C:\Windows\system32\basecsp.dll
2009-07-13 23:52:28 ----A---- C:\Windows\system32\audiodg.exe
2009-07-13 23:52:26 ----A---- C:\Windows\system32\WinSCard.dll
2009-07-13 23:52:26 ----A---- C:\Windows\system32\winmm.dll
2009-07-13 23:52:26 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-07-13 23:52:26 ----A---- C:\Windows\system32\WerFault.exe
2009-07-13 23:52:26 ----A---- C:\Windows\system32\Utilman.exe
2009-07-13 23:52:26 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-07-13 23:52:26 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-07-13 23:52:26 ----A---- C:\Windows\system32\RelMon.dll
2009-07-13 23:52:26 ----A---- C:\Windows\system32\rdpencom.dll
2009-07-13 23:52:26 ----A---- C:\Windows\system32\offfilt.dll
2009-07-13 23:52:26 ----A---- C:\Windows\system32\msftedit.dll
2009-07-13 23:52:25 ----A---- C:\Windows\system32\wscript.exe
2009-07-13 23:52:25 ----A---- C:\Windows\system32\stobject.dll
2009-07-13 23:52:25 ----A---- C:\Windows\system32\SndVol.exe
2009-07-13 23:52:25 ----A---- C:\Windows\system32\prnntfy.dll
2009-07-13 23:52:25 ----A---- C:\Windows\system32\odbccp32.dll
2009-07-13 23:52:25 ----A---- C:\Windows\system32\msnetobj.dll
2009-07-13 23:52:25 ----A---- C:\Windows\system32\mscms.dll
2009-07-13 23:52:25 ----A---- C:\Windows\system32\mfplat.dll
2009-07-13 23:52:25 ----A---- C:\Windows\system32\iasdatastore.dll
2009-07-13 23:52:25 ----A---- C:\Windows\system32\diskraid.exe
2009-07-13 23:52:25 ----A---- C:\Windows\system32\AudioEng.dll
2009-07-13 23:52:25 ----A---- C:\Windows\system32\apphelp.dll
2009-07-13 23:52:25 ----A---- C:\Windows\system32\adsmsext.dll
2009-07-13 23:52:24 ----A---- C:\Windows\system32\wscntfy.dll
2009-07-13 23:52:24 ----A---- C:\Windows\system32\wlangpui.dll
2009-07-13 23:52:24 ----A---- C:\Windows\system32\ulib.dll
2009-07-13 23:52:24 ----A---- C:\Windows\system32\rastapi.dll
2009-07-13 23:52:24 ----A---- C:\Windows\system32\pnpsetup.dll
2009-07-13 23:52:24 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-07-13 23:52:24 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-07-13 23:52:24 ----A---- C:\Windows\system32\fdProxy.dll
2009-07-13 23:52:24 ----A---- C:\Windows\system32\dsound.dll
2009-07-13 23:52:24 ----A---- C:\Windows\system32\diskpart.exe
2009-07-13 23:52:24 ----A---- C:\Windows\system32\cryptui.dll
2009-07-13 23:52:23 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-07-13 23:52:23 ----A---- C:\Windows\system32\vdsdyn.dll
2009-07-13 23:52:23 ----A---- C:\Windows\system32\rastls.dll
2009-07-13 23:52:23 ----A---- C:\Windows\system32\rasapi32.dll
2009-07-13 23:52:23 ----A---- C:\Windows\system32\netiohlp.dll
2009-07-13 23:52:23 ----A---- C:\Windows\system32\logman.exe
2009-07-13 23:52:23 ----A---- C:\Windows\system32\iepeers.dll
2009-07-13 23:52:23 ----A---- C:\Windows\system32\iashlpr.dll
2009-07-13 23:52:23 ----A---- C:\Windows\system32\gpapi.dll
2009-07-13 23:52:22 ----A---- C:\Windows\system32\wusa.exe
2009-07-13 23:52:22 ----A---- C:\Windows\system32\ntprint.dll
2009-07-13 23:52:22 ----A---- C:\Windows\system32\mscorier.dll
2009-07-13 23:52:22 ----A---- C:\Windows\system32\iasrad.dll
2009-07-13 23:52:21 ----A---- C:\Windows\system32\zipfldr.dll
2009-07-13 23:52:21 ----A---- C:\Windows\system32\wshext.dll
2009-07-13 23:52:21 ----A---- C:\Windows\system32\netcenter.dll
2009-07-13 23:52:21 ----A---- C:\Windows\system32\findstr.exe
2009-07-13 23:52:20 ----A---- C:\Windows\system32\wer.dll
2009-07-13 23:52:20 ----A---- C:\Windows\system32\webcheck.dll
2009-07-13 23:52:20 ----A---- C:\Windows\system32\rasdlg.dll
2009-07-13 23:52:20 ----A---- C:\Windows\system32\iassvcs.dll
2009-07-13 23:52:19 ----A---- C:\Windows\system32\wsnmp32.dll
2009-07-13 23:52:19 ----A---- C:\Windows\system32\themecpl.dll
2009-07-13 23:52:19 ----A---- C:\Windows\system32\mssprxy.dll
2009-07-13 23:52:18 ----A---- C:\Windows\system32\tsbyuv.dll
2009-07-13 23:52:18 ----A---- C:\Windows\system32\slcc.dll
2009-07-13 23:52:18 ----A---- C:\Windows\system32\scansetting.dll
2009-07-13 23:52:18 ----A---- C:\Windows\system32\powrprof.dll
2009-07-13 23:52:18 ----A---- C:\Windows\system32\ntmarta.dll
2009-07-13 23:52:18 ----A---- C:\Windows\system32\msutb.dll
2009-07-13 23:52:18 ----A---- C:\Windows\system32\mstsc.exe
2009-07-13 23:52:18 ----A---- C:\Windows\system32\mstlsapi.dll
2009-07-13 23:52:18 ----A---- C:\Windows\system32\iasads.dll
2009-07-13 23:52:18 ----A---- C:\Windows\system32\iasacct.dll
2009-07-13 23:52:17 ----A---- C:\Windows\system32\powercpl.dll
2009-07-13 23:52:17 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-07-13 23:52:17 ----A---- C:\Windows\system32\newdev.exe
2009-07-13 23:52:17 ----A---- C:\Windows\system32\networkmap.dll
2009-07-13 23:52:17 ----A---- C:\Windows\system32\lpk.dll
2009-07-13 23:52:17 ----A---- C:\Windows\system32\icardres.dll
2009-07-13 23:52:17 ----A---- C:\Windows\system32\authz.dll
2009-07-13 23:52:16 ----A---- C:\Windows\system32\wlanhlp.dll
2009-07-13 23:52:16 ----A---- C:\Windows\system32\themeui.dll
2009-07-13 23:52:16 ----A---- C:\Windows\system32\systemcpl.dll
2009-07-13 23:52:16 ----A---- C:\Windows\system32\sud.dll
2009-07-13 23:52:16 ----A---- C:\Windows\system32\samlib.dll
2009-07-13 23:52:16 ----A---- C:\Windows\system32\pcaui.dll
2009-07-13 23:52:16 ----A---- C:\Windows\system32\mmci.dll
2009-07-13 23:52:16 ----A---- C:\Windows\system32\connect.dll
2009-07-13 23:52:16 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-07-13 23:52:15 ----A---- C:\Windows\system32\wpcao.dll
2009-07-13 23:52:15 ----A---- C:\Windows\system32\wlanpref.dll
2009-07-13 23:52:15 ----A---- C:\Windows\system32\vdsutil.dll
2009-07-13 23:52:15 ----A---- C:\Windows\system32\usercpl.dll
2009-07-13 23:52:15 ----A---- C:\Windows\system32\tapisrv.dll
2009-07-13 23:52:15 ----A---- C:\Windows\system32\rpchttp.dll
2009-07-13 23:52:15 ----A---- C:\Windows\system32\regapi.dll
2009-07-13 23:52:15 ----A---- C:\Windows\system32\qdvd.dll
2009-07-13 23:52:15 ----A---- C:\Windows\system32\msinfo32.exe
2009-07-13 23:52:15 ----A---- C:\Windows\system32\ieaksie.dll
2009-07-13 23:52:15 ----A---- C:\Windows\system32\autoplay.dll
2009-07-13 23:52:14 ----A---- C:\Windows\system32\WMPEncEn.dll
2009-07-13 23:52:14 ----A---- C:\Windows\system32\scksp.dll
2009-07-13 23:52:14 ----A---- C:\Windows\system32\scesrv.dll
2009-07-13 23:52:14 ----A---- C:\Windows\system32\mpr.dll
2009-07-13 23:52:14 ----A---- C:\Windows\system32\feclient.dll
2009-07-13 23:52:13 ----A---- C:\Windows\system32\wscisvif.dll
2009-07-13 23:52:13 ----A---- C:\Windows\system32\rekeywiz.exe
2009-07-13 23:52:13 ----A---- C:\Windows\system32\psisdecd.dll
2009-07-13 23:52:13 ----A---- C:\Windows\system32\oleprn.dll
2009-07-13 23:52:13 ----A---- C:\Windows\system32\iaspolcy.dll
2009-07-13 23:52:13 ----A---- C:\Windows\system32\Faultrep.dll
2009-07-13 23:52:13 ----A---- C:\Windows\system32\dot3msm.dll
2009-07-13 23:52:13 ----A---- C:\Windows\system32\AudioSes.dll
2009-07-13 23:52:12 ----A---- C:\Windows\system32\TSTheme.exe
2009-07-13 23:52:12 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-07-13 23:52:12 ----A---- C:\Windows\system32\scecli.dll
2009-07-13 23:52:12 ----A---- C:\Windows\system32\rasplap.dll
2009-07-13 23:52:12 ----A---- C:\Windows\system32\rasgcw.dll
2009-07-13 23:52:12 ----A---- C:\Windows\system32\qedit.dll
2009-07-13 23:52:12 ----A---- C:\Windows\system32\perfdisk.dll
2009-07-13 23:52:12 ----A---- C:\Windows\system32\ncryptui.dll
2009-07-13 23:52:12 ----A---- C:\Windows\system32\hdwwiz.exe
2009-07-13 23:52:12 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-07-13 23:52:12 ----A---- C:\Windows\system32\extmgr.dll
2009-07-13 23:52:12 ----A---- C:\Windows\system32\dpapimig.exe
2009-07-13 23:52:12 ----A---- C:\Windows\system32\certreq.exe
2009-07-13 23:52:11 ----A---- C:\Windows\system32\whealogr.dll
2009-07-13 23:52:11 ----A---- C:\Windows\system32\tcpmon.dll
2009-07-13 23:52:11 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-07-13 23:52:11 ----A---- C:\Windows\system32\spwinsat.dll
2009-07-13 23:52:11 ----A---- C:\Windows\system32\fdWSD.dll
2009-07-13 23:52:11 ----A---- C:\Windows\system32\cmmon32.exe
2009-07-13 23:52:10 ----A---- C:\Windows\system32\SCardSvr.dll
2009-07-13 23:52:10 ----A---- C:\Windows\system32\conime.exe
2009-07-13 23:52:10 ----A---- C:\Windows\system32\cmdial32.dll
2009-07-13 23:52:09 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-07-13 23:52:09 ----A---- C:\Windows\system32\wlanui.dll
2009-07-13 23:52:09 ----A---- C:\Windows\system32\wiaaut.dll
2009-07-13 23:52:09 ----A---- C:\Windows\system32\rasppp.dll
2009-07-13 23:52:09 ----A---- C:\Windows\system32\raschap.dll
2009-07-13 23:52:09 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-07-13 23:52:09 ----A---- C:\Windows\system32\fontext.dll
2009-07-13 23:52:09 ----A---- C:\Windows\system32\dsprop.dll
2009-07-13 23:52:08 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-07-13 23:52:08 ----A---- C:\Windows\system32\wlanmsm.dll
2009-07-13 23:52:08 ----A---- C:\Windows\system32\shwebsvc.dll
2009-07-13 23:52:08 ----A---- C:\Windows\system32\shsetup.dll
2009-07-13 23:52:08 ----A---- C:\Windows\system32\rasmontr.dll
2009-07-13 23:52:08 ----A---- C:\Windows\system32\oobefldr.dll
2009-07-13 23:52:08 ----A---- C:\Windows\system32\occache.dll
2009-07-13 23:52:08 ----A---- C:\Windows\system32\mscandui.dll
2009-07-13 23:52:08 ----A---- C:\Windows\system32\modemui.dll
2009-07-13 23:52:08 ----A---- C:\Windows\system32\dimsroam.dll
2009-07-13 23:52:08 ----A---- C:\Windows\system32\chtbrkr.dll
2009-07-13 23:52:07 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-07-13 23:52:07 ----A---- C:\Windows\system32\dataclen.dll
2009-07-13 23:52:07 ----A---- C:\Windows\system32\credui.dll
2009-07-13 23:52:07 ----A---- C:\Windows\system32\blackbox.dll
2009-07-13 23:52:06 ----A---- C:\Windows\system32\WSDMon.dll
2009-07-13 23:52:06 ----A---- C:\Windows\system32\netplwiz.dll
2009-07-13 23:52:05 ----A---- C:\Windows\system32\wscapi.dll
2009-07-13 23:52:05 ----A---- C:\Windows\system32\wpcsvc.dll
2009-07-13 23:52:05 ----A---- C:\Windows\system32\wmpeffects.dll
2009-07-13 23:52:05 ----A---- C:\Windows\system32\networkexplorer.dll
2009-07-13 23:52:05 ----A---- C:\Windows\system32\mstime.dll
2009-07-13 23:52:05 ----A---- C:\Windows\system32\msscp.dll
2009-07-13 23:52:05 ----A---- C:\Windows\system32\msrating.dll
2009-07-13 23:52:05 ----A---- C:\Windows\system32\logagent.exe
2009-07-13 23:52:05 ----A---- C:\Windows\system32\InkEd.dll
2009-07-13 23:52:05 ----A---- C:\Windows\system32\ifmon.dll
2009-07-13 23:52:05 ----A---- C:\Windows\system32\gpresult.exe
2009-07-13 23:52:05 ----A---- C:\Windows\system32\cipher.exe
2009-07-13 23:52:05 ----A---- C:\Windows\system32\AUDIOKSE.dll
2009-07-13 23:52:04 ----A---- C:\Windows\system32\wpdwcn.dll
2009-07-13 23:52:04 ----A---- C:\Windows\system32\thawbrkr.dll
2009-07-13 23:52:04 ----A---- C:\Windows\system32\softkbd.dll
2009-07-13 23:52:04 ----A---- C:\Windows\system32\sendmail.dll
2009-07-13 23:52:04 ----A---- C:\Windows\system32\msimtf.dll
2009-07-13 23:52:04 ----A---- C:\Windows\system32\msctfui.dll
2009-07-13 23:52:04 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-07-13 23:52:04 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-07-13 23:52:03 ----A---- C:\Windows\system32\wshbth.dll
2009-07-13 23:52:03 ----A---- C:\Windows\system32\wmdrmdev.dll
2009-07-13 23:52:03 ----A---- C:\Windows\system32\WMADMOD.DLL
2009-07-13 23:52:03 ----A---- C:\Windows\system32\version.dll
2009-07-13 23:52:03 ----A---- C:\Windows\system32\puiapi.dll
2009-07-13 23:52:03 ----A---- C:\Windows\system32\olepro32.dll
2009-07-13 23:52:03 ----A---- C:\Windows\system32\msisip.dll
2009-07-13 23:52:03 ----A---- C:\Windows\system32\mprapi.dll
2009-07-13 23:52:03 ----A---- C:\Windows\system32\input.dll
2009-07-13 23:52:03 ----A---- C:\Windows\system32\fc.exe
2009-07-13 23:52:03 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-07-13 23:52:03 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-07-13 23:52:03 ----A---- C:\Windows\system32\dmsynth.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\wsdchngr.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\wmdrmnet.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\rrinstaller.exe
2009-07-13 23:52:02 ----A---- C:\Windows\system32\rasdial.exe
2009-07-13 23:52:02 ----A---- C:\Windows\system32\rasdiag.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\msjint40.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\l2nacp.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\ipconfig.exe
2009-07-13 23:52:02 ----A---- C:\Windows\system32\ftp.exe
2009-07-13 23:52:02 ----A---- C:\Windows\system32\fdWCN.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\fdSSDP.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\eappcfg.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\eapp3hst.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\dot3cfg.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\dmusic.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\cscdll.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\cscapi.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\bthudtask.exe
2009-07-13 23:52:02 ----A---- C:\Windows\system32\aaclient.dll
2009-07-13 23:52:01 ----A---- C:\Windows\system32\tsgqec.dll
2009-07-13 23:52:01 ----A---- C:\Windows\system32\tscupgrd.exe
2009-07-13 23:52:01 ----A---- C:\Windows\system32\slcinst.dll
2009-07-13 23:52:01 ----A---- C:\Windows\system32\ocsetup.exe
2009-07-13 23:52:01 ----A---- C:\Windows\system32\nslookup.exe
2009-07-13 23:52:01 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-07-13 23:52:01 ----A---- C:\Windows\system32\MSMPEG2ENC.DLL
2009-07-13 23:52:01 ----A---- C:\Windows\system32\MSAC3ENC.DLL
2009-07-13 23:52:01 ----A---- C:\Windows\system32\mmcico.dll
2009-07-13 23:52:01 ----A---- C:\Windows\system32\mfps.dll
2009-07-13 23:52:01 ----A---- C:\Windows\system32\mfpmp.exe
2009-07-13 23:52:01 ----A---- C:\Windows\system32\hbaapi.dll
2009-07-13 23:52:01 ----A---- C:\Windows\system32\gpupdate.exe
2009-07-13 23:52:01 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-07-13 23:52:01 ----A---- C:\Windows\system32\fdeploy.dll
2009-07-13 23:52:01 ----A---- C:\Windows\system32\eappgnui.dll
2009-07-13 23:52:01 ----A---- C:\Windows\system32\atmlib.dll
2009-07-13 23:52:00 ----A---- C:\Windows\system32\wmpps.dll
2009-07-13 23:52:00 ----A---- C:\Windows\system32\winrnr.dll
2009-07-13 23:52:00 ----A---- C:\Windows\system32\vdmdbg.dll
2009-07-13 23:52:00 ----A---- C:\Windows\system32\slwga.dll
2009-07-13 23:52:00 ----A---- C:\Windows\system32\odbcconf.dll
2009-07-13 23:52:00 ----A---- C:\Windows\system32\NcdProp.dll
2009-07-13 23:51:59 ----A---- C:\Windows\system32\spwmp.dll
2009-07-13 23:51:59 ----A---- C:\Windows\system32\midimap.dll
2009-07-13 23:51:58 ----A---- C:\Windows\system32\wmploc.DLL
2009-07-13 23:51:58 ----A---- C:\Windows\system32\msimsg.dll
2009-07-13 23:51:58 ----A---- C:\Windows\system32\mferror.dll
2009-07-13 23:51:58 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-07-13 23:51:58 ----A---- C:\Windows\system32\dxmasf.dll
2009-07-13 23:51:47 ----A---- C:\Windows\system32\wdscore.dll
2009-07-13 23:51:41 ----A---- C:\Windows\system32\drvstore.dll
2009-07-07 17:07:28 ----D---- C:\Program Files (x86)\Symantec
2009-07-06 22:34:09 ----D---- C:\Program Files (x86)\Apple Software Update
2009-07-04 20:04:29 ----D---- C:\Users\Jim\AppData\Roaming\Malwarebytes
2009-07-04 20:04:26 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-07-02 18:25:11 ----D---- C:\Program Files (x86)\MSXML 4.0
2009-07-01 19:51:30 ----D---- C:\Program Files (x86)\PowerISO
2009-07-01 19:03:51 ----D---- C:\Users\Jim\AppData\Roaming\Nero
2009-07-01 18:57:58 ----A---- C:\Windows\Irremote.ini
2009-07-01 18:51:56 ----D---- C:\Program Files (x86)\Nero
2009-07-01 18:51:42 ----D---- C:\Program Files (x86)\Common Files\Nero
2009-07-01 18:50:51 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-07-01 12:20:13 ----D---- C:\Program Files (x86)\Microsoft
2009-07-01 12:19:59 ----D---- C:\Program Files (x86)\Windows Live SkyDrive
2009-07-01 12:19:40 ----D---- C:\Program Files (x86)\Windows Live
2009-07-01 12:17:09 ----D---- C:\Program Files (x86)\Common Files\Windows Live

======List of files/folders modified in the last 1 months======

2009-07-27 05:01:56 ----D---- C:\Windows\Prefetch
2009-07-27 05:01:49 ----RD---- C:\Program Files (x86)
2009-07-27 05:01:49 ----RD---- \Program Files (x86)
2009-07-27 05:01:38 ----D---- C:\Windows\Temp
2009-07-26 21:36:28 ----D---- C:\Windows\System32
2009-07-26 21:36:28 ----D---- C:\Windows\inf
2009-07-25 09:53:45 ----HD---- C:\ProgramData
2009-07-25 09:53:45 ----HD---- \ProgramData
2009-07-25 09:45:14 ----SD---- C:\Windows\Downloaded Program Files
2009-07-24 11:09:35 ----SHD---- C:\System Volume Information
2009-07-24 11:09:35 ----SHD---- \System Volume Information
2009-07-24 06:27:10 ----D---- C:\Windows
2009-07-24 06:27:10 ----D---- \Windows
2009-07-19 21:05:02 ----SHD---- C:\Windows\Installer
2009-07-19 21:04:46 ----D---- C:\Program Files (x86)\Common Files
2009-07-15 03:18:18 ----D---- C:\Windows\winsxs
2009-07-15 03:05:36 ----D---- C:\Program Files (x86)\Windows Mail
2009-07-15 03:05:35 ----D---- C:\Windows\SysWOW64
2009-07-14 04:54:21 ----D---- C:\Windows\Microsoft.NET
2009-07-14 04:54:15 ----RSD---- C:\Windows\assembly
2009-07-14 00:54:24 ----D---- C:\Windows\rescache
2009-07-14 00:40:33 ----SHD---- C:\Boot
2009-07-14 00:40:33 ----SHD---- \Boot
2009-07-14 00:39:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-14 00:33:29 ----D---- C:\Program Files (x86)\Windows Sidebar
2009-07-14 00:33:28 ----D---- C:\Program Files (x86)\Windows Media Player
2009-07-14 00:33:28 ----D---- C:\Program Files (x86)\Windows Calendar
2009-07-14 00:33:28 ----D---- C:\Program Files (x86)\Internet Explorer
2009-07-14 00:33:26 ----D---- C:\Program Files (x86)\Windows Photo Gallery
2009-07-14 00:33:26 ----D---- C:\Program Files (x86)\Common Files\System
2009-07-14 00:33:22 ----D---- C:\Windows\servicing
2009-07-14 00:33:22 ----D---- C:\Windows\ehome
2009-07-14 00:32:51 ----D---- C:\Windows\system32\XPSViewer
2009-07-14 00:32:51 ----D---- C:\Windows\system32\lv-LV
2009-07-14 00:32:51 ----D---- C:\Windows\system32\da-DK
2009-07-14 00:32:50 ----D---- C:\Windows\system32\sk-SK
2009-07-14 00:32:50 ----D---- C:\Windows\system32\ko-KR
2009-07-14 00:32:50 ----D---- C:\Windows\system32\hr-HR
2009-07-14 00:32:50 ----D---- C:\Windows\system32\et-EE
2009-07-14 00:32:47 ----D---- C:\Windows\system32\en-US
2009-07-14 00:32:44 ----D---- C:\Windows\system32\de-DE
2009-07-14 00:32:43 ----D---- C:\Windows\system32\oobe
2009-07-14 00:32:43 ----D---- C:\Windows\system32\migration
2009-07-14 00:32:43 ----D---- C:\Windows\system32\it-IT
2009-07-14 00:32:43 ----D---- C:\Windows\system32\el-GR
2009-07-14 00:32:39 ----D---- C:\Windows\system32\sv-SE
2009-07-14 00:32:39 ----D---- C:\Windows\system32\setup
2009-07-14 00:32:39 ----D---- C:\Windows\system32\ru-RU
2009-07-14 00:32:39 ----D---- C:\Windows\system32\he-IL
2009-07-14 00:32:39 ----D---- C:\Windows\system32\fr-FR
2009-07-14 00:32:39 ----D---- C:\Windows\system32\fi-FI
2009-07-14 00:32:39 ----D---- C:\Windows\system32\AdvancedInstallers
2009-07-14 00:32:38 ----D---- C:\Windows\system32\zh-CN
2009-07-14 00:32:38 ----D---- C:\Windows\system32\SLUI
2009-07-14 00:32:38 ----D---- C:\Windows\system32\pt-PT
2009-07-14 00:32:38 ----D---- C:\Windows\system32\hu-HU
2009-07-14 00:32:38 ----D---- C:\Windows\system32\en
2009-07-14 00:32:38 ----D---- C:\Windows\system32\cs-CZ
2009-07-14 00:32:37 ----D---- C:\Windows\system32\zh-TW
2009-07-14 00:32:37 ----D---- C:\Windows\system32\sr-Latn-CS
2009-07-14 00:32:37 ----D---- C:\Windows\system32\sl-SI
2009-07-14 00:32:37 ----D---- C:\Windows\system32\manifeststore
2009-07-14 00:32:37 ----D---- C:\Windows\system32\es-ES
2009-07-14 00:32:36 ----D---- C:\Windows\system32\uk-UA
2009-07-14 00:32:36 ----D---- C:\Windows\system32\tr-TR
2009-07-14 00:32:36 ----D---- C:\Windows\system32\th-TH
2009-07-14 00:32:36 ----D---- C:\Windows\system32\ro-RO
2009-07-14 00:32:36 ----D---- C:\Windows\system32\pl-PL
2009-07-14 00:32:36 ----D---- C:\Windows\system32\ja-JP
2009-07-14 00:32:36 ----D---- C:\Windows\system32\bg-BG
2009-07-14 00:32:33 ----D---- C:\Windows\system32\wbem
2009-07-14 00:32:32 ----D---- C:\Windows\system32\nl-NL
2009-07-14 00:32:32 ----D---- C:\Windows\system32\nb-NO
2009-07-14 00:32:32 ----D---- C:\Windows\system32\lt-LT
2009-07-14 00:32:32 ----D---- C:\Windows\system32\ar-SA
2009-07-14 00:32:31 ----D---- C:\Windows\system32\pt-BR
2009-07-14 00:32:31 ----D---- C:\Windows\system32\migwiz
2009-07-14 00:31:31 ----D---- C:\Windows\IME
2009-07-14 00:30:13 ----RSD---- C:\Windows\Fonts
2009-07-14 00:30:11 ----D---- C:\Windows\AppPatch
2009-07-14 00:25:28 ----D---- C:\Windows\system32\RTCOM
2009-07-13 23:09:38 ----D---- C:\Windows\system32\drivers
2009-07-10 15:24:08 ----RD---- C:\Users
2009-07-10 15:24:08 ----RD---- \Users
2009-07-07 17:08:59 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared
2009-07-07 17:08:05 ----RD---- C:\Program Files
2009-07-07 17:08:05 ----RD---- \Program Files
2009-07-06 22:34:55 ----D---- C:\Program Files (x86)\QuickTime
2009-07-01 19:55:37 ----D---- C:\Program Files (x86)\Common Files\Steam
2009-07-01 12:23:49 ----SD---- C:\Users\Jim\AppData\Roaming\Microsoft
2009-07-01 12:20:04 ----D---- C:\Program Files (x86)\Common Files\microsoft shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2009-06-16 475696]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys []
R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [2008-10-13 441904]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [2008-10-13 32304]
R1 WPS;WPS; \??\C:\Windows\system32\drivers\wpsdrvnt.sys []
R2 int15;int15; \??\C:\Windows\SysWOW64\drivers\int15_64.sys [2008-06-11 17952]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 dhdusb.NTamd64;Dynex Wireless G USB Network Adapter Service; C:\Windows\system32\DRIVERS\bcmusbdhdlh64.sys []
R3 e1yexpress;Intel® Gigabit Network Connections Driver; C:\Windows\system32\DRIVERS\e1y60x64.sys []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-06-16 131632]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys []
R3 gwfilt64;gwfilt64; C:\Windows\system32\drivers\gwfilt64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 NAVENG;NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20090726.022\ENG64.SYS [2009-06-16 136752]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20090726.022\EX64.SYS [2009-06-16 1461808]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RTS5121.sys []
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys []
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS []
R3 Teefer2;Teefer2 Miniport; C:\Windows\system32\DRIVERS\teefer2.sys []
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
R3 WpsHelper;WpsHelper; \??\C:\Windows\system32\drivers\WpsHelper.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\Windows\system32\AB7E.tmp []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [2009-01-26 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [2009-01-26 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 RTL8187Se;Realtek RTL8187S Wireless LAN PCIE Network Adapter; C:\Windows\system32\DRIVERS\RTL8187Se.sys []
S3 Rts516xIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [2008-10-13 480816]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\Rts5161ccid.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agr64svc.exe []
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-08-14 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-08-14 108392]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2008-04-29 417792]
R2 ETService;Empowering Technology Service; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-07-20 354840]
R2 McciCMService;McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [2009-01-26 303104]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-01-11 66872]
R2 SmcService;Symantec Management Client; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [2008-12-08 3081544]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2008-12-08 2440120]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-29 89920]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2008-11-11 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-01-09 79360]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-22 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [2008-06-30 3093872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]
S3 SNAC;Symantec Network Access Control; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [2008-12-08 388424]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-07-01 316664]
S3 Symantec Core LC;Symantec Core LC; C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-01-09 1245064]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:05 AM

Posted 06 August 2009 - 04:25 PM

Hello again,

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Please Help Us

Please Help Us
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 06 August 2009 - 05:15 PM

Hey!
Don't worry about being late, I know you must be extremely busy. You taking your time out of your busy day, to help a poor soul like me again is wonderful.
Also if you haven't (I hate to sound like I'm bossing you around so forgive me if this seems rude) I posted information in the first post at the very top. The only thing I've noticed since then is IE is more unstable then before.
Thank you once more for your help, here is the log.
(also I didn't get the "info" log this time so, if you want that I'll post the old one I got the first time I ran it)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jim at 2009-08-06 17:09:35
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 583 GB (83%) free of 705 GB
Total RAM: 9206 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:09:37 PM, on 8/6/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\MHotKey.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
C:\Windows\ChiFuncExt.exe
C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Windows\ModLedKey.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Internet Explorer\IEUser.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe
C:\Users\Jim\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Jim.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...00-01e&c=BB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...00-01e&c=BB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...00-01e&c=BB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...00-01e&c=BB
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google

Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe
O4 - HKLM\..\Run: [LedKey] CNYHKey.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [StartMSu] "C:\Program Files (x86)\Creative\MediaSource5\Startmsu.exe" /s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [StartMSu] "C:\Program Files (x86)\Creative\MediaSource5\Startmsu.exe" /s (User 'Default user')
O4 - Global Startup: SmartCopy.lnk = C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
O4 - Global Startup: SmartLauncher.lnk = C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -

http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-

rtm/resources/fslauncher.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32

\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint

Protection\Rtvscan.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media

Player\wmpnetwk.exe (file missing)

--
End of file - 13356 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-05-08 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2009-02-13 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-18 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-22 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-02-13 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"=C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [2008-07-10 225396]
"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-02-13 136600]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-12 39792]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"LchDrvKey"=C:\Windows\LchDrvKey.exe [2007-03-28 36864]
"LedKey"=C:\Windows\CNYHKey.exe [2008-04-23 339968]
"eRecoveryService"= []
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2009-03-15 180224]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-05-26 413696]
"ccApp"=C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [2008-08-14 115560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 138240]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-11 68856]
"CTRegRun"=C:\Windows\CTRegRun.EXE [2006-10-06 53248]
"EA Core"=C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [2009-04-29 3338240]
"Steam"=C:\Program Files (x86)\Valve\Steam\Steam.exe [2009-06-20 1217784]
"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SmartCopy.lnk - C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
SmartLauncher.lnk - C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskmgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoActiveDesktopChanges"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b8ceb-b059-11dd-87cd-806e6f6e6963}]
shell\AutoRun\command - D:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edbd7647-1dee-11de-ac1d-0022683aed1f}]
shell\AutoRun\command - J:\LaunchU3.exe


======List of files/folders created in the last 1 months======

2009-08-04 12:29:08 ----D---- C:\Windows\BDOSCAN8
2009-07-29 03:00:39 ----A---- C:\Windows\dd_ATL80SP1_KB973923MSI6638.txt
2009-07-29 03:00:38 ----A---- C:\Windows\dd_ATL80SP1_KB973923UI6638.txt
2009-07-29 03:00:19 ----A---- C:\Windows\dd_ATL80SP1_KB973923MSI65F7.txt
2009-07-29 03:00:18 ----A---- C:\Windows\dd_ATL80SP1_KB973923UI65F7.txt
2009-07-28 15:49:56 ----A---- C:\Windows\system32\mshtml.dll
2009-07-28 15:49:55 ----A---- C:\Windows\system32\ieframe.dll
2009-07-28 15:49:53 ----A---- C:\Windows\system32\urlmon.dll
2009-07-28 15:49:52 ----A---- C:\Windows\system32\wininet.dll
2009-07-28 15:49:52 ----A---- C:\Windows\system32\ieui.dll
2009-07-28 15:49:52 ----A---- C:\Windows\system32\ieencode.dll
2009-07-27 05:01:49 ----D---- C:\rsit
2009-07-27 05:01:49 ----D---- C:\Program Files (x86)\trend micro
2009-07-27 05:01:49 ----D---- \rsit
2009-07-25 15:10:56 ----D---- C:\Program Files (x86)\Sophos
2009-07-24 06:27:10 ----A---- C:\Windows\ntbtlog.txt
2009-07-19 21:11:58 ----D---- C:\Users\Jim\AppData\Roaming\skypePM
2009-07-19 21:05:22 ----D---- C:\Users\Jim\AppData\Roaming\Skype
2009-07-19 21:04:46 ----RD---- C:\Program Files (x86)\Skype
2009-07-19 21:04:46 ----D---- C:\Program Files (x86)\Common Files\Skype
2009-07-14 23:03:25 ----A---- C:\Windows\system32\t2embed.dll
2009-07-14 23:03:25 ----A---- C:\Windows\system32\fontsub.dll
2009-07-14 23:03:25 ----A---- C:\Windows\system32\dciman32.dll
2009-07-14 23:03:25 ----A---- C:\Windows\system32\atmfd.dll
2009-07-14 00:27:51 ----D---- C:\Windows\system32\vi-VN
2009-07-14 00:27:51 ----D---- C:\Windows\system32\eu-ES
2009-07-14 00:27:51 ----D---- C:\Windows\system32\ca-ES
2009-07-13 23:53:49 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-07-13 23:53:43 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-07-13 23:53:42 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-07-13 23:53:40 ----A---- C:\Windows\system32\SLCExt.dll
2009-07-13 23:53:38 ----A---- C:\Windows\system32\mssrch.dll
2009-07-13 23:53:36 ----A---- C:\Windows\system32\WscEapPr.dll
2009-07-13 23:53:36 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-07-13 23:53:35 ----A---- C:\Windows\system32\tquery.dll
2009-07-13 23:53:33 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-07-13 23:53:29 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-07-13 23:53:29 ----A---- C:\Windows\system32\RMActivate.exe
2009-07-13 23:53:28 ----A---- C:\Windows\system32\msi.dll
2009-07-13 23:53:27 ----A---- C:\Windows\system32\secproc_isv.dll
2009-07-13 23:53:27 ----A---- C:\Windows\system32\imapi2fs.dll
2009-07-13 23:53:25 ----A---- C:\Windows\system32\mf.dll
2009-07-13 23:53:25 ----A---- C:\Windows\system32\icardagt.exe
2009-07-13 23:53:22 ----A---- C:\Windows\system32\spwizui.dll
2009-07-13 23:53:22 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-07-13 23:53:21 ----A---- C:\Windows\system32\spreview.exe
2009-07-13 23:53:21 ----A---- C:\Windows\system32\spinstall.exe
2009-07-13 23:53:21 ----A---- C:\Windows\system32\drmv2clt.dll
2009-07-13 23:53:20 ----A---- C:\Windows\system32\shell32.dll
2009-07-13 23:53:20 ----A---- C:\Windows\system32\secproc.dll
2009-07-13 23:53:19 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-07-13 23:53:19 ----A---- C:\Windows\system32\p2psvc.dll
2009-07-13 23:53:19 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-07-13 23:53:19 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-07-13 23:53:18 ----A---- C:\Windows\system32\mssvp.dll
2009-07-13 23:53:18 ----A---- C:\Windows\system32\mscoree.dll
2009-07-13 23:53:18 ----A---- C:\Windows\system32\kernel32.dll
2009-07-13 23:53:17 ----A---- C:\Windows\system32\ntdll.dll
2009-07-13 23:53:17 ----A---- C:\Windows\system32\mssphtb.dll
2009-07-13 23:53:17 ----A---- C:\Windows\system32\mssph.dll
2009-07-13 23:53:17 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-07-13 23:53:17 ----A---- C:\Windows\system32\imapi2.dll
2009-07-13 23:53:15 ----A---- C:\Windows\system32\sdohlp.dll
2009-07-13 23:53:15 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-07-13 23:53:15 ----A---- C:\Windows\system32\esent.dll
2009-07-13 23:53:15 ----A---- C:\Windows\system32\DevicePairing.dll
2009-07-13 23:53:14 ----A---- C:\Windows\system32\sperror.dll
2009-07-13 23:53:14 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-07-13 23:53:14 ----A---- C:\Windows\system32\korwbrkr.dll
2009-07-13 23:53:13 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-07-13 23:53:13 ----A---- C:\Windows\system32\wmp.dll
2009-07-13 23:53:13 ----A---- C:\Windows\system32\SLC.dll
2009-07-13 23:53:13 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-07-13 23:53:13 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-07-13 23:53:13 ----A---- C:\Windows\system32\msshsq.dll
2009-07-13 23:53:13 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-07-13 23:53:12 ----A---- C:\Windows\system32\msxml6.dll
2009-07-13 23:53:12 ----A---- C:\Windows\system32\msjet40.dll
2009-07-13 23:53:11 ----A---- C:\Windows\system32\user32.dll
2009-07-13 23:53:11 ----A---- C:\Windows\system32\Query.dll
2009-07-13 23:53:11 ----A---- C:\Windows\system32\EhStorShell.dll
2009-07-13 23:53:10 ----A---- C:\Windows\system32\P2PGraph.dll
2009-07-13 23:53:10 ----A---- C:\Windows\system32\ole32.dll
2009-07-13 23:53:10 ----A---- C:\Windows\system32\msexch40.dll
2009-07-13 23:53:10 ----A---- C:\Windows\system32\IasMigReader.exe
2009-07-13 23:53:10 ----A---- C:\Windows\explorer.exe
2009-07-13 23:53:09 ----A---- C:\Windows\system32\srchadmin.dll
2009-07-13 23:53:09 ----A---- C:\Windows\system32\msxml3.dll
2009-07-13 23:53:09 ----A---- C:\Windows\system32\mmc.exe
2009-07-13 23:53:09 ----A---- C:\Windows\system32\gdi32.dll
2009-07-13 23:53:09 ----A---- C:\Windows\system32\EncDec.dll
2009-07-13 23:53:09 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-07-13 23:53:08 ----A---- C:\Windows\system32\riched20.dll
2009-07-13 23:53:08 ----A---- C:\Windows\system32\RacEngn.dll
2009-07-13 23:53:08 ----A---- C:\Windows\system32\Magnify.exe
2009-07-13 23:53:08 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-07-13 23:53:08 ----A---- C:\Windows\system32\fdBth.dll
2009-07-13 23:53:07 ----A---- C:\Windows\system32\spoolss.dll
2009-07-13 23:53:07 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-07-13 23:53:07 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-07-13 23:53:07 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-07-13 23:53:07 ----A---- C:\Windows\system32\milcore.dll
2009-07-13 23:53:07 ----A---- C:\Windows\system32\CertEnroll.dll
2009-07-13 23:53:07 ----A---- C:\Windows\system32\bcrypt.dll
2009-07-13 23:53:06 ----A---- C:\Windows\system32\jscript.dll
2009-07-13 23:53:05 ----A---- C:\Windows\system32\Storprop.dll
2009-07-13 23:53:05 ----A---- C:\Windows\system32\msvcp60.dll
2009-07-13 23:53:05 ----A---- C:\Windows\system32\msjtes40.dll
2009-07-13 23:53:05 ----A---- C:\Windows\system32\infocardapi.dll
2009-07-13 23:53:05 ----A---- C:\Windows\system32\gpedit.dll
2009-07-13 23:53:05 ----A---- C:\Windows\system32\es.dll
2009-07-13 23:53:04 ----A---- C:\Windows\system32\WMPhoto.dll
2009-07-13 23:53:04 ----A---- C:\Windows\system32\WebClnt.dll
2009-07-13 23:53:04 ----A---- C:\Windows\system32\mstext40.dll
2009-07-13 23:53:04 ----A---- C:\Windows\system32\msexcl40.dll
2009-07-13 23:53:04 ----A---- C:\Windows\system32\advapi32.dll
2009-07-13 23:53:03 ----A---- C:\Windows\system32\vssapi.dll
2009-07-13 23:53:03 ----A---- C:\Windows\system32\slwmi.dll
2009-07-13 23:53:03 ----A---- C:\Windows\system32\msxbde40.dll
2009-07-13 23:53:03 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-13 23:53:03 ----A---- C:\Windows\system32\comsvcs.dll
2009-07-13 23:53:02 ----A---- C:\Windows\system32\mstscax.dll
2009-07-13 23:53:02 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-07-13 23:53:02 ----A---- C:\Windows\system32\authui.dll
2009-07-13 23:53:01 ----A---- C:\Windows\system32\vbscript.dll
2009-07-13 23:53:01 ----A---- C:\Windows\system32\PresentationHost.exe
2009-07-13 23:53:01 ----A---- C:\Windows\system32\newdev.dll
2009-07-13 23:53:01 ----A---- C:\Windows\system32\msrepl40.dll
2009-07-13 23:53:00 ----A---- C:\Windows\system32\propsys.dll
2009-07-13 23:53:00 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-13 23:53:00 ----A---- C:\Windows\system32\iasrecst.dll
2009-07-13 23:53:00 ----A---- C:\Windows\system32\eudcedit.exe
2009-07-13 23:53:00 ----A---- C:\Windows\system32\crypt32.dll
2009-07-13 23:52:59 ----A---- C:\Windows\system32\setupapi.dll
2009-07-13 23:52:59 ----A---- C:\Windows\system32\mspbde40.dll
2009-07-13 23:52:59 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-13 23:52:59 ----A---- C:\Windows\system32\explorer.exe
2009-07-13 23:52:59 ----A---- C:\Windows\system32\d3d9.dll
2009-07-13 23:52:58 ----A---- C:\Windows\system32\msltus40.dll
2009-07-13 23:52:58 ----A---- C:\Windows\system32\davclnt.dll
2009-07-13 23:52:57 ----A---- C:\Windows\system32\shlwapi.dll
2009-07-13 23:52:57 ----A---- C:\Windows\system32\msrd3x40.dll
2009-07-13 23:52:57 ----A---- C:\Windows\system32\mfc42.dll
2009-07-13 23:52:57 ----A---- C:\Windows\system32\browseui.dll
2009-07-13 23:52:56 ----A---- C:\Windows\system32\wevtapi.dll
2009-07-13 23:52:56 ----A---- C:\Windows\system32\photowiz.dll
2009-07-13 23:52:56 ----A---- C:\Windows\system32\nlhtml.dll
2009-07-13 23:52:54 ----A---- C:\Windows\system32\win32spl.dll
2009-07-13 23:52:54 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-07-13 23:52:54 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-07-13 23:52:54 ----A---- C:\Windows\system32\quartz.dll
2009-07-13 23:52:54 ----A---- C:\Windows\system32\oleaut32.dll
2009-07-13 23:52:54 ----A---- C:\Windows\system32\msv1_0.dll
2009-07-13 23:52:54 ----A---- C:\Windows\system32\kerberos.dll
2009-07-13 23:52:53 ----A---- C:\Windows\system32\xmlfilter.dll
2009-07-13 23:52:53 ----A---- C:\Windows\system32\winhttp.dll
2009-07-13 23:52:53 ----A---- C:\Windows\system32\netshell.dll
2009-07-13 23:52:53 ----A---- C:\Windows\system32\mswstr10.dll
2009-07-13 23:52:53 ----A---- C:\Windows\system32\msctf.dll
2009-07-13 23:52:53 ----A---- C:\Windows\system32\apds.dll
2009-07-13 23:52:52 ----A---- C:\Windows\system32\msvcrt.dll
2009-07-13 23:52:52 ----A---- C:\Windows\system32\mfc42u.dll
2009-07-13 23:52:51 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-07-13 23:52:51 ----A---- C:\Windows\system32\secur32.dll
2009-07-13 23:52:51 ----A---- C:\Windows\system32\msrd2x40.dll
2009-07-13 23:52:51 ----A---- C:\Windows\system32\eapphost.dll
2009-07-13 23:52:50 ----A---- C:\Windows\system32\propdefs.dll
2009-07-13 23:52:50 ----A---- C:\Windows\system32\odbc32.dll
2009-07-13 23:52:49 ----A---- C:\Windows\system32\shdocvw.dll
2009-07-13 23:52:48 ----A---- C:\Windows\system32\WsmSvc.dll
2009-07-13 23:52:48 ----A---- C:\Windows\system32\wevtutil.exe
2009-07-13 23:52:48 ----A---- C:\Windows\system32\mssitlb.dll
2009-07-13 23:52:48 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-07-13 23:52:48 ----A---- C:\Windows\system32\dbgeng.dll
2009-07-13 23:52:47 ----A---- C:\Windows\system32\usp10.dll
2009-07-13 23:52:47 ----A---- C:\Windows\system32\mshtmled.dll
2009-07-13 23:52:47 ----A---- C:\Windows\system32\ieapfltr.dll
2009-07-13 23:52:46 ----A---- C:\Windows\system32\netlogon.dll
2009-07-13 23:52:46 ----A---- C:\Windows\system32\msscb.dll
2009-07-13 23:52:46 ----A---- C:\Windows\system32\msctfp.dll
2009-07-13 23:52:46 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-07-13 23:52:46 ----A---- C:\Windows\system32\drvinst.exe
2009-07-13 23:52:46 ----A---- C:\Windows\system32\devmgr.dll
2009-07-13 23:52:46 ----A---- C:\Windows\system32\adsldpc.dll
2009-07-13 23:52:45 ----A---- C:\Windows\system32\WSDApi.dll
2009-07-13 23:52:45 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-07-13 23:52:45 ----A---- C:\Windows\system32\Wldap32.dll
2009-07-13 23:52:45 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-07-13 23:52:45 ----A---- C:\Windows\system32\wcnwiz.dll
2009-07-13 23:52:45 ----A---- C:\Windows\system32\schannel.dll
2009-07-13 23:52:45 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-07-13 23:52:45 ----A---- C:\Windows\system32\evr.dll
2009-07-13 23:52:44 ----A---- C:\Windows\system32\wcncsvc.dll
2009-07-13 23:52:44 ----A---- C:\Windows\system32\services.exe
2009-07-13 23:52:44 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-07-13 23:52:44 ----A---- C:\Windows\system32\mimefilt.dll
2009-07-13 23:52:44 ----A---- C:\Windows\system32\iertutil.dll
2009-07-13 23:52:44 ----A---- C:\Windows\system32\comdlg32.dll
2009-07-13 23:52:44 ----A---- C:\Windows\system32\adtschema.dll
2009-07-13 23:52:43 ----A---- C:\Windows\system32\mswdat10.dll
2009-07-13 23:52:43 ----A---- C:\Windows\system32\msjter40.dll
2009-07-13 23:52:43 ----A---- C:\Windows\system32\msdtcprx.dll
2009-07-13 23:52:43 ----A---- C:\Windows\system32\msdrm.dll
2009-07-13 23:52:43 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-07-13 23:52:43 ----A---- C:\Windows\system32\certcli.dll
2009-07-13 23:52:42 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-07-13 23:52:42 ----A---- C:\Windows\system32\taskeng.exe
2009-07-13 23:52:42 ----A---- C:\Windows\system32\rtffilt.dll
2009-07-13 23:52:42 ----A---- C:\Windows\system32\reg.exe
2009-07-13 23:52:42 ----A---- C:\Windows\system32\dnsapi.dll
2009-07-13 23:52:42 ----A---- C:\Windows\system32\certutil.exe
2009-07-13 23:52:41 ----A---- C:\Windows\system32\rsaenh.dll
2009-07-13 23:52:41 ----A---- C:\Windows\system32\msstrc.dll
2009-07-13 23:52:41 ----A---- C:\Windows\system32\msshooks.dll
2009-07-13 23:52:41 ----A---- C:\Windows\system32\msscntrs.dll
2009-07-13 23:52:41 ----A---- C:\Windows\system32\msihnd.dll
2009-07-13 23:52:41 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-07-13 23:52:40 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-07-13 23:52:40 ----A---- C:\Windows\system32\netapi32.dll
2009-07-13 23:52:40 ----A---- C:\Windows\system32\mtxclu.dll
2009-07-13 23:52:40 ----A---- C:\Windows\system32\mscories.dll
2009-07-13 23:52:40 ----A---- C:\Windows\system32\inetcomm.dll
2009-07-13 23:52:40 ----A---- C:\Windows\system32\hidserv.dll
2009-07-13 23:52:40 ----A---- C:\Windows\system32\fundisc.dll
2009-07-13 23:52:40 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-07-13 23:52:40 ----A---- C:\Windows\system32\dfshim.dll
2009-07-13 23:52:40 ----A---- C:\Windows\system32\cryptsvc.dll
2009-07-13 23:52:39 ----A---- C:\Windows\system32\wdc.dll
2009-07-13 23:52:39 ----A---- C:\Windows\system32\shsvcs.dll
2009-07-13 23:52:39 ----A---- C:\Windows\system32\msiexec.exe
2009-07-13 23:52:39 ----A---- C:\Windows\system32\imapi.dll
2009-07-13 23:52:39 ----A---- C:\Windows\system32\gameux.dll
2009-07-13 23:52:39 ----A---- C:\Windows\system32\chsbrkr.dll
2009-07-13 23:52:38 ----A---- C:\Windows\system32\pnidui.dll
2009-07-13 23:52:38 ----A---- C:\Windows\system32\imm32.dll
2009-07-13 23:52:38 ----A---- C:\Windows\system32\iassdo.dll
2009-07-13 23:52:37 ----A---- C:\Windows\system32\spcmsg.dll
2009-07-13 23:52:37 ----A---- C:\Windows\system32\slmgr.vbs
2009-07-13 23:52:37 ----A---- C:\Windows\system32\scrrun.dll
2009-07-13 23:52:37 ----A---- C:\Windows\system32\autofmt.exe
2009-07-13 23:52:34 ----A---- C:\Windows\system32\pdh.dll
2009-07-13 23:52:34 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-07-13 23:52:34 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-07-13 23:52:34 ----A---- C:\Windows\system32\azroles.dll
2009-07-13 23:52:33 ----A---- C:\Windows\system32\wmpmde.dll
2009-07-13 23:52:33 ----A---- C:\Windows\system32\winlogon.exe
2009-07-13 23:52:33 ----A---- C:\Windows\system32\SyncCenter.dll
2009-07-13 23:52:33 ----A---- C:\Windows\system32\pidgenx.dll
2009-07-13 23:52:32 ----A---- C:\Windows\system32\ncrypt.dll
2009-07-13 23:52:32 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-07-13 23:52:32 ----A---- C:\Windows\system32\comuid.dll
2009-07-13 23:52:32 ----A---- C:\Windows\system32\certmgr.dll
2009-07-13 23:52:31 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-07-13 23:52:31 ----A---- C:\Windows\system32\untfs.dll
2009-07-13 23:52:31 ----A---- C:\Windows\system32\spp.dll
2009-07-13 23:52:31 ----A---- C:\Windows\system32\sethc.exe
2009-07-13 23:52:31 ----A---- C:\Windows\system32\scrobj.dll
2009-07-13 23:52:31 ----A---- C:\Windows\system32\rtutils.dll
2009-07-13 23:52:31 ----A---- C:\Windows\system32\iassam.dll
2009-07-13 23:52:30 ----A---- C:\Windows\system32\taskcomp.dll
2009-07-13 23:52:30 ----A---- C:\Windows\system32\autochk.exe
2009-07-13 23:52:29 ----A---- C:\Windows\system32\printui.dll
2009-07-13 23:52:29 ----A---- C:\Windows\system32\iasnap.dll
2009-07-13 23:52:29 ----A---- C:\Windows\system32\autoconv.exe
2009-07-13 23:52:28 ----A---- C:\Windows\system32\WMVDECOD.DLL
2009-07-13 23:52:28 ----A---- C:\Windows\system32\userenv.dll
2009-07-13 23:52:28 ----A---- C:\Windows\system32\osk.exe
2009-07-13 23:52:28 ----A---- C:\Windows\system32\onex.dll
2009-07-13 23:52:28 ----A---- C:\Windows\system32\mswsock.dll
2009-07-13 23:52:28 ----A---- C:\Windows\system32\cscript.exe
2009-07-13 23:52:28 ----A---- C:\Windows\system32\basecsp.dll
2009-07-13 23:52:28 ----A---- C:\Windows\system32\audiodg.exe
2009-07-13 23:52:26 ----A---- C:\Windows\system32\WinSCard.dll
2009-07-13 23:52:26 ----A---- C:\Windows\system32\winmm.dll
2009-07-13 23:52:26 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-07-13 23:52:26 ----A---- C:\Windows\system32\WerFault.exe
2009-07-13 23:52:26 ----A---- C:\Windows\system32\Utilman.exe
2009-07-13 23:52:26 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-07-13 23:52:26 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-07-13 23:52:26 ----A---- C:\Windows\system32\RelMon.dll
2009-07-13 23:52:26 ----A---- C:\Windows\system32\rdpencom.dll
2009-07-13 23:52:26 ----A---- C:\Windows\system32\offfilt.dll
2009-07-13 23:52:26 ----A---- C:\Windows\system32\msftedit.dll
2009-07-13 23:52:25 ----A---- C:\Windows\system32\wscript.exe
2009-07-13 23:52:25 ----A---- C:\Windows\system32\stobject.dll
2009-07-13 23:52:25 ----A---- C:\Windows\system32\SndVol.exe
2009-07-13 23:52:25 ----A---- C:\Windows\system32\prnntfy.dll
2009-07-13 23:52:25 ----A---- C:\Windows\system32\odbccp32.dll
2009-07-13 23:52:25 ----A---- C:\Windows\system32\msnetobj.dll
2009-07-13 23:52:25 ----A---- C:\Windows\system32\mscms.dll
2009-07-13 23:52:25 ----A---- C:\Windows\system32\mfplat.dll
2009-07-13 23:52:25 ----A---- C:\Windows\system32\iasdatastore.dll
2009-07-13 23:52:25 ----A---- C:\Windows\system32\diskraid.exe
2009-07-13 23:52:25 ----A---- C:\Windows\system32\AudioEng.dll
2009-07-13 23:52:25 ----A---- C:\Windows\system32\apphelp.dll
2009-07-13 23:52:25 ----A---- C:\Windows\system32\adsmsext.dll
2009-07-13 23:52:24 ----A---- C:\Windows\system32\wscntfy.dll
2009-07-13 23:52:24 ----A---- C:\Windows\system32\wlangpui.dll
2009-07-13 23:52:24 ----A---- C:\Windows\system32\ulib.dll
2009-07-13 23:52:24 ----A---- C:\Windows\system32\rastapi.dll
2009-07-13 23:52:24 ----A---- C:\Windows\system32\pnpsetup.dll
2009-07-13 23:52:24 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-07-13 23:52:24 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-07-13 23:52:24 ----A---- C:\Windows\system32\fdProxy.dll
2009-07-13 23:52:24 ----A---- C:\Windows\system32\dsound.dll
2009-07-13 23:52:24 ----A---- C:\Windows\system32\diskpart.exe
2009-07-13 23:52:24 ----A---- C:\Windows\system32\cryptui.dll
2009-07-13 23:52:23 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-07-13 23:52:23 ----A---- C:\Windows\system32\vdsdyn.dll
2009-07-13 23:52:23 ----A---- C:\Windows\system32\rastls.dll
2009-07-13 23:52:23 ----A---- C:\Windows\system32\rasapi32.dll
2009-07-13 23:52:23 ----A---- C:\Windows\system32\netiohlp.dll
2009-07-13 23:52:23 ----A---- C:\Windows\system32\logman.exe
2009-07-13 23:52:23 ----A---- C:\Windows\system32\iepeers.dll
2009-07-13 23:52:23 ----A---- C:\Windows\system32\iashlpr.dll
2009-07-13 23:52:23 ----A---- C:\Windows\system32\gpapi.dll
2009-07-13 23:52:22 ----A---- C:\Windows\system32\wusa.exe
2009-07-13 23:52:22 ----A---- C:\Windows\system32\ntprint.dll
2009-07-13 23:52:22 ----A---- C:\Windows\system32\mscorier.dll
2009-07-13 23:52:22 ----A---- C:\Windows\system32\iasrad.dll
2009-07-13 23:52:21 ----A---- C:\Windows\system32\zipfldr.dll
2009-07-13 23:52:21 ----A---- C:\Windows\system32\wshext.dll
2009-07-13 23:52:21 ----A---- C:\Windows\system32\netcenter.dll
2009-07-13 23:52:21 ----A---- C:\Windows\system32\findstr.exe
2009-07-13 23:52:20 ----A---- C:\Windows\system32\wer.dll
2009-07-13 23:52:20 ----A---- C:\Windows\system32\webcheck.dll
2009-07-13 23:52:20 ----A---- C:\Windows\system32\rasdlg.dll
2009-07-13 23:52:20 ----A---- C:\Windows\system32\iassvcs.dll
2009-07-13 23:52:19 ----A---- C:\Windows\system32\wsnmp32.dll
2009-07-13 23:52:19 ----A---- C:\Windows\system32\themecpl.dll
2009-07-13 23:52:19 ----A---- C:\Windows\system32\mssprxy.dll
2009-07-13 23:52:18 ----A---- C:\Windows\system32\tsbyuv.dll
2009-07-13 23:52:18 ----A---- C:\Windows\system32\slcc.dll
2009-07-13 23:52:18 ----A---- C:\Windows\system32\scansetting.dll
2009-07-13 23:52:18 ----A---- C:\Windows\system32\powrprof.dll
2009-07-13 23:52:18 ----A---- C:\Windows\system32\ntmarta.dll
2009-07-13 23:52:18 ----A---- C:\Windows\system32\msutb.dll
2009-07-13 23:52:18 ----A---- C:\Windows\system32\mstsc.exe
2009-07-13 23:52:18 ----A---- C:\Windows\system32\mstlsapi.dll
2009-07-13 23:52:18 ----A---- C:\Windows\system32\iasads.dll
2009-07-13 23:52:18 ----A---- C:\Windows\system32\iasacct.dll
2009-07-13 23:52:17 ----A---- C:\Windows\system32\powercpl.dll
2009-07-13 23:52:17 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-07-13 23:52:17 ----A---- C:\Windows\system32\newdev.exe
2009-07-13 23:52:17 ----A---- C:\Windows\system32\networkmap.dll
2009-07-13 23:52:17 ----A---- C:\Windows\system32\lpk.dll
2009-07-13 23:52:17 ----A---- C:\Windows\system32\icardres.dll
2009-07-13 23:52:17 ----A---- C:\Windows\system32\authz.dll
2009-07-13 23:52:16 ----A---- C:\Windows\system32\wlanhlp.dll
2009-07-13 23:52:16 ----A---- C:\Windows\system32\themeui.dll
2009-07-13 23:52:16 ----A---- C:\Windows\system32\systemcpl.dll
2009-07-13 23:52:16 ----A---- C:\Windows\system32\sud.dll
2009-07-13 23:52:16 ----A---- C:\Windows\system32\samlib.dll
2009-07-13 23:52:16 ----A---- C:\Windows\system32\pcaui.dll
2009-07-13 23:52:16 ----A---- C:\Windows\system32\mmci.dll
2009-07-13 23:52:16 ----A---- C:\Windows\system32\connect.dll
2009-07-13 23:52:16 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-07-13 23:52:15 ----A---- C:\Windows\system32\wpcao.dll
2009-07-13 23:52:15 ----A---- C:\Windows\system32\wlanpref.dll
2009-07-13 23:52:15 ----A---- C:\Windows\system32\vdsutil.dll
2009-07-13 23:52:15 ----A---- C:\Windows\system32\usercpl.dll
2009-07-13 23:52:15 ----A---- C:\Windows\system32\tapisrv.dll
2009-07-13 23:52:15 ----A---- C:\Windows\system32\rpchttp.dll
2009-07-13 23:52:15 ----A---- C:\Windows\system32\regapi.dll
2009-07-13 23:52:15 ----A---- C:\Windows\system32\qdvd.dll
2009-07-13 23:52:15 ----A---- C:\Windows\system32\msinfo32.exe
2009-07-13 23:52:15 ----A---- C:\Windows\system32\ieaksie.dll
2009-07-13 23:52:15 ----A---- C:\Windows\system32\autoplay.dll
2009-07-13 23:52:14 ----A---- C:\Windows\system32\WMPEncEn.dll
2009-07-13 23:52:14 ----A---- C:\Windows\system32\scksp.dll
2009-07-13 23:52:14 ----A---- C:\Windows\system32\scesrv.dll
2009-07-13 23:52:14 ----A---- C:\Windows\system32\mpr.dll
2009-07-13 23:52:14 ----A---- C:\Windows\system32\feclient.dll
2009-07-13 23:52:13 ----A---- C:\Windows\system32\wscisvif.dll
2009-07-13 23:52:13 ----A---- C:\Windows\system32\rekeywiz.exe
2009-07-13 23:52:13 ----A---- C:\Windows\system32\psisdecd.dll
2009-07-13 23:52:13 ----A---- C:\Windows\system32\oleprn.dll
2009-07-13 23:52:13 ----A---- C:\Windows\system32\iaspolcy.dll
2009-07-13 23:52:13 ----A---- C:\Windows\system32\Faultrep.dll
2009-07-13 23:52:13 ----A---- C:\Windows\system32\dot3msm.dll
2009-07-13 23:52:13 ----A---- C:\Windows\system32\AudioSes.dll
2009-07-13 23:52:12 ----A---- C:\Windows\system32\TSTheme.exe
2009-07-13 23:52:12 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-07-13 23:52:12 ----A---- C:\Windows\system32\scecli.dll
2009-07-13 23:52:12 ----A---- C:\Windows\system32\rasplap.dll
2009-07-13 23:52:12 ----A---- C:\Windows\system32\rasgcw.dll
2009-07-13 23:52:12 ----A---- C:\Windows\system32\qedit.dll
2009-07-13 23:52:12 ----A---- C:\Windows\system32\perfdisk.dll
2009-07-13 23:52:12 ----A---- C:\Windows\system32\ncryptui.dll
2009-07-13 23:52:12 ----A---- C:\Windows\system32\hdwwiz.exe
2009-07-13 23:52:12 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-07-13 23:52:12 ----A---- C:\Windows\system32\extmgr.dll
2009-07-13 23:52:12 ----A---- C:\Windows\system32\dpapimig.exe
2009-07-13 23:52:12 ----A---- C:\Windows\system32\certreq.exe
2009-07-13 23:52:11 ----A---- C:\Windows\system32\whealogr.dll
2009-07-13 23:52:11 ----A---- C:\Windows\system32\tcpmon.dll
2009-07-13 23:52:11 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-07-13 23:52:11 ----A---- C:\Windows\system32\spwinsat.dll
2009-07-13 23:52:11 ----A---- C:\Windows\system32\fdWSD.dll
2009-07-13 23:52:11 ----A---- C:\Windows\system32\cmmon32.exe
2009-07-13 23:52:10 ----A---- C:\Windows\system32\SCardSvr.dll
2009-07-13 23:52:10 ----A---- C:\Windows\system32\conime.exe
2009-07-13 23:52:10 ----A---- C:\Windows\system32\cmdial32.dll
2009-07-13 23:52:09 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-07-13 23:52:09 ----A---- C:\Windows\system32\wlanui.dll
2009-07-13 23:52:09 ----A---- C:\Windows\system32\wiaaut.dll
2009-07-13 23:52:09 ----A---- C:\Windows\system32\rasppp.dll
2009-07-13 23:52:09 ----A---- C:\Windows\system32\raschap.dll
2009-07-13 23:52:09 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-07-13 23:52:09 ----A---- C:\Windows\system32\fontext.dll
2009-07-13 23:52:09 ----A---- C:\Windows\system32\dsprop.dll
2009-07-13 23:52:08 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-07-13 23:52:08 ----A---- C:\Windows\system32\wlanmsm.dll
2009-07-13 23:52:08 ----A---- C:\Windows\system32\shwebsvc.dll
2009-07-13 23:52:08 ----A---- C:\Windows\system32\shsetup.dll
2009-07-13 23:52:08 ----A---- C:\Windows\system32\rasmontr.dll
2009-07-13 23:52:08 ----A---- C:\Windows\system32\oobefldr.dll
2009-07-13 23:52:08 ----A---- C:\Windows\system32\occache.dll
2009-07-13 23:52:08 ----A---- C:\Windows\system32\mscandui.dll
2009-07-13 23:52:08 ----A---- C:\Windows\system32\modemui.dll
2009-07-13 23:52:08 ----A---- C:\Windows\system32\dimsroam.dll
2009-07-13 23:52:08 ----A---- C:\Windows\system32\chtbrkr.dll
2009-07-13 23:52:07 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-07-13 23:52:07 ----A---- C:\Windows\system32\dataclen.dll
2009-07-13 23:52:07 ----A---- C:\Windows\system32\credui.dll
2009-07-13 23:52:07 ----A---- C:\Windows\system32\blackbox.dll
2009-07-13 23:52:06 ----A---- C:\Windows\system32\WSDMon.dll
2009-07-13 23:52:06 ----A---- C:\Windows\system32\netplwiz.dll
2009-07-13 23:52:05 ----A---- C:\Windows\system32\wscapi.dll
2009-07-13 23:52:05 ----A---- C:\Windows\system32\wpcsvc.dll
2009-07-13 23:52:05 ----A---- C:\Windows\system32\wmpeffects.dll
2009-07-13 23:52:05 ----A---- C:\Windows\system32\networkexplorer.dll
2009-07-13 23:52:05 ----A---- C:\Windows\system32\mstime.dll
2009-07-13 23:52:05 ----A---- C:\Windows\system32\msscp.dll
2009-07-13 23:52:05 ----A---- C:\Windows\system32\msrating.dll
2009-07-13 23:52:05 ----A---- C:\Windows\system32\logagent.exe
2009-07-13 23:52:05 ----A---- C:\Windows\system32\InkEd.dll
2009-07-13 23:52:05 ----A---- C:\Windows\system32\ifmon.dll
2009-07-13 23:52:05 ----A---- C:\Windows\system32\gpresult.exe
2009-07-13 23:52:05 ----A---- C:\Windows\system32\cipher.exe
2009-07-13 23:52:05 ----A---- C:\Windows\system32\AUDIOKSE.dll
2009-07-13 23:52:04 ----A---- C:\Windows\system32\wpdwcn.dll
2009-07-13 23:52:04 ----A---- C:\Windows\system32\thawbrkr.dll
2009-07-13 23:52:04 ----A---- C:\Windows\system32\softkbd.dll
2009-07-13 23:52:04 ----A---- C:\Windows\system32\sendmail.dll
2009-07-13 23:52:04 ----A---- C:\Windows\system32\msimtf.dll
2009-07-13 23:52:04 ----A---- C:\Windows\system32\msctfui.dll
2009-07-13 23:52:04 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-07-13 23:52:04 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-07-13 23:52:03 ----A---- C:\Windows\system32\wshbth.dll
2009-07-13 23:52:03 ----A---- C:\Windows\system32\wmdrmdev.dll
2009-07-13 23:52:03 ----A---- C:\Windows\system32\WMADMOD.DLL
2009-07-13 23:52:03 ----A---- C:\Windows\system32\version.dll
2009-07-13 23:52:03 ----A---- C:\Windows\system32\puiapi.dll
2009-07-13 23:52:03 ----A---- C:\Windows\system32\olepro32.dll
2009-07-13 23:52:03 ----A---- C:\Windows\system32\msisip.dll
2009-07-13 23:52:03 ----A---- C:\Windows\system32\mprapi.dll
2009-07-13 23:52:03 ----A---- C:\Windows\system32\input.dll
2009-07-13 23:52:03 ----A---- C:\Windows\system32\fc.exe
2009-07-13 23:52:03 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-07-13 23:52:03 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-07-13 23:52:03 ----A---- C:\Windows\system32\dmsynth.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\wsdchngr.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\wmdrmnet.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\rrinstaller.exe
2009-07-13 23:52:02 ----A---- C:\Windows\system32\rasdial.exe
2009-07-13 23:52:02 ----A---- C:\Windows\system32\rasdiag.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\msjint40.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\l2nacp.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\ipconfig.exe
2009-07-13 23:52:02 ----A---- C:\Windows\system32\ftp.exe
2009-07-13 23:52:02 ----A---- C:\Windows\system32\fdWCN.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\fdSSDP.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\eappcfg.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\eapp3hst.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\dot3cfg.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\dmusic.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\cscdll.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\cscapi.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-07-13 23:52:02 ----A---- C:\Windows\system32\bthudtask.exe
2009-07-13 23:52:02 ----A---- C:\Windows\system32\aaclient.dll
2009-07-13 23:52:01 ----A---- C:\Windows\system32\tsgqec.dll
2009-07-13 23:52:01 ----A---- C:\Windows\system32\tscupgrd.exe
2009-07-13 23:52:01 ----A---- C:\Windows\system32\slcinst.dll
2009-07-13 23:52:01 ----A---- C:\Windows\system32\ocsetup.exe
2009-07-13 23:52:01 ----A---- C:\Windows\system32\nslookup.exe
2009-07-13 23:52:01 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-07-13 23:52:01 ----A---- C:\Windows\system32\MSMPEG2ENC.DLL
2009-07-13 23:52:01 ----A---- C:\Windows\system32\MSAC3ENC.DLL
2009-07-13 23:52:01 ----A---- C:\Windows\system32\mmcico.dll
2009-07-13 23:52:01 ----A---- C:\Windows\system32\mfps.dll
2009-07-13 23:52:01 ----A---- C:\Windows\system32\mfpmp.exe
2009-07-13 23:52:01 ----A---- C:\Windows\system32\hbaapi.dll
2009-07-13 23:52:01 ----A---- C:\Windows\system32\gpupdate.exe
2009-07-13 23:52:01 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-07-13 23:52:01 ----A---- C:\Windows\system32\fdeploy.dll
2009-07-13 23:52:01 ----A---- C:\Windows\system32\eappgnui.dll
2009-07-13 23:52:01 ----A---- C:\Windows\system32\atmlib.dll
2009-07-13 23:52:00 ----A---- C:\Windows\system32\wmpps.dll
2009-07-13 23:52:00 ----A---- C:\Windows\system32\winrnr.dll
2009-07-13 23:52:00 ----A---- C:\Windows\system32\vdmdbg.dll
2009-07-13 23:52:00 ----A---- C:\Windows\system32\slwga.dll
2009-07-13 23:52:00 ----A---- C:\Windows\system32\odbcconf.dll
2009-07-13 23:52:00 ----A---- C:\Windows\system32\NcdProp.dll
2009-07-13 23:51:59 ----A---- C:\Windows\system32\spwmp.dll
2009-07-13 23:51:59 ----A---- C:\Windows\system32\midimap.dll
2009-07-13 23:51:58 ----A---- C:\Windows\system32\wmploc.DLL
2009-07-13 23:51:58 ----A---- C:\Windows\system32\msimsg.dll
2009-07-13 23:51:58 ----A---- C:\Windows\system32\mferror.dll
2009-07-13 23:51:58 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-07-13 23:51:58 ----A---- C:\Windows\system32\dxmasf.dll
2009-07-13 23:51:47 ----A---- C:\Windows\system32\wdscore.dll
2009-07-13 23:51:41 ----A---- C:\Windows\system32\drvstore.dll
2009-07-07 17:07:28 ----D---- C:\Program Files (x86)\Symantec

======List of files/folders modified in the last 1 months======

2009-08-06 17:09:34 ----D---- C:\Windows\Temp
2009-08-06 17:05:47 ----D---- C:\Windows\Prefetch
2009-08-04 12:29:10 ----SD---- C:\Windows\Downloaded Program Files
2009-08-04 12:29:09 ----D---- C:\Windows
2009-08-04 12:29:09 ----D---- \Windows
2009-08-03 09:46:36 ----SHD---- C:\System Volume Information
2009-08-03 09:46:36 ----SHD---- \System Volume Information
2009-08-02 10:25:10 ----D---- C:\Windows\System32
2009-08-02 10:25:10 ----D---- C:\Windows\inf
2009-07-29 07:07:48 ----D---- C:\Windows\SysWOW64
2009-07-29 03:01:20 ----D---- C:\Windows\winsxs
2009-07-29 03:00:51 ----SHD---- C:\Windows\Installer
2009-07-27 05:01:49 ----RD---- C:\Program Files (x86)
2009-07-27 05:01:49 ----RD---- \Program Files (x86)
2009-07-25 09:53:45 ----HD---- C:\ProgramData
2009-07-25 09:53:45 ----HD---- \ProgramData
2009-07-19 21:04:46 ----D---- C:\Program Files (x86)\Common Files
2009-07-15 03:05:36 ----D---- C:\Program Files (x86)\Windows Mail
2009-07-14 04:54:21 ----D---- C:\Windows\Microsoft.NET
2009-07-14 04:54:15 ----RSD---- C:\Windows\assembly
2009-07-14 00:54:24 ----D---- C:\Windows\rescache
2009-07-14 00:40:33 ----SHD---- C:\Boot
2009-07-14 00:40:33 ----SHD---- \Boot
2009-07-14 00:39:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-14 00:33:29 ----D---- C:\Program Files (x86)\Windows Sidebar
2009-07-14 00:33:28 ----D---- C:\Program Files (x86)\Windows Media Player
2009-07-14 00:33:28 ----D---- C:\Program Files (x86)\Windows Calendar
2009-07-14 00:33:28 ----D---- C:\Program Files (x86)\Internet Explorer
2009-07-14 00:33:26 ----D---- C:\Program Files (x86)\Windows Photo Gallery
2009-07-14 00:33:26 ----D---- C:\Program Files (x86)\Common Files\System
2009-07-14 00:33:22 ----D---- C:\Windows\servicing
2009-07-14 00:33:22 ----D---- C:\Windows\ehome
2009-07-14 00:32:51 ----D---- C:\Windows\system32\XPSViewer
2009-07-14 00:32:51 ----D---- C:\Windows\system32\lv-LV
2009-07-14 00:32:51 ----D---- C:\Windows\system32\da-DK
2009-07-14 00:32:50 ----D---- C:\Windows\system32\sk-SK
2009-07-14 00:32:50 ----D---- C:\Windows\system32\ko-KR
2009-07-14 00:32:50 ----D---- C:\Windows\system32\hr-HR
2009-07-14 00:32:50 ----D---- C:\Windows\system32\et-EE
2009-07-14 00:32:47 ----D---- C:\Windows\system32\en-US
2009-07-14 00:32:44 ----D---- C:\Windows\system32\de-DE
2009-07-14 00:32:43 ----D---- C:\Windows\system32\oobe
2009-07-14 00:32:43 ----D---- C:\Windows\system32\migration
2009-07-14 00:32:43 ----D---- C:\Windows\system32\it-IT
2009-07-14 00:32:43 ----D---- C:\Windows\system32\el-GR
2009-07-14 00:32:39 ----D---- C:\Windows\system32\sv-SE
2009-07-14 00:32:39 ----D---- C:\Windows\system32\setup
2009-07-14 00:32:39 ----D---- C:\Windows\system32\ru-RU
2009-07-14 00:32:39 ----D---- C:\Windows\system32\he-IL
2009-07-14 00:32:39 ----D---- C:\Windows\system32\fr-FR
2009-07-14 00:32:39 ----D---- C:\Windows\system32\fi-FI
2009-07-14 00:32:39 ----D---- C:\Windows\system32\AdvancedInstallers
2009-07-14 00:32:38 ----D---- C:\Windows\system32\zh-CN
2009-07-14 00:32:38 ----D---- C:\Windows\system32\SLUI
2009-07-14 00:32:38 ----D---- C:\Windows\system32\pt-PT
2009-07-14 00:32:38 ----D---- C:\Windows\system32\hu-HU
2009-07-14 00:32:38 ----D---- C:\Windows\system32\en
2009-07-14 00:32:38 ----D---- C:\Windows\system32\cs-CZ
2009-07-14 00:32:37 ----D---- C:\Windows\system32\zh-TW
2009-07-14 00:32:37 ----D---- C:\Windows\system32\sr-Latn-CS
2009-07-14 00:32:37 ----D---- C:\Windows\system32\sl-SI
2009-07-14 00:32:37 ----D---- C:\Windows\system32\manifeststore
2009-07-14 00:32:37 ----D---- C:\Windows\system32\es-ES
2009-07-14 00:32:36 ----D---- C:\Windows\system32\uk-UA
2009-07-14 00:32:36 ----D---- C:\Windows\system32\tr-TR
2009-07-14 00:32:36 ----D---- C:\Windows\system32\th-TH
2009-07-14 00:32:36 ----D---- C:\Windows\system32\ro-RO
2009-07-14 00:32:36 ----D---- C:\Windows\system32\pl-PL
2009-07-14 00:32:36 ----D---- C:\Windows\system32\ja-JP
2009-07-14 00:32:36 ----D---- C:\Windows\system32\bg-BG
2009-07-14 00:32:33 ----D---- C:\Windows\system32\wbem
2009-07-14 00:32:32 ----D---- C:\Windows\system32\nl-NL
2009-07-14 00:32:32 ----D---- C:\Windows\system32\nb-NO
2009-07-14 00:32:32 ----D---- C:\Windows\system32\lt-LT
2009-07-14 00:32:32 ----D---- C:\Windows\system32\ar-SA
2009-07-14 00:32:31 ----D---- C:\Windows\system32\pt-BR
2009-07-14 00:32:31 ----D---- C:\Windows\system32\migwiz
2009-07-14 00:31:31 ----D---- C:\Windows\IME
2009-07-14 00:30:13 ----RSD---- C:\Windows\Fonts
2009-07-14 00:30:11 ----D---- C:\Windows\AppPatch
2009-07-14 00:25:28 ----D---- C:\Windows\system32\RTCOM
2009-07-13 23:09:41 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-07-13 23:09:38 ----D---- C:\Windows\system32\drivers
2009-07-10 15:24:08 ----RD---- C:\Users
2009-07-10 15:24:08 ----RD---- \Users
2009-07-07 17:08:59 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared
2009-07-07 17:08:05 ----RD---- C:\Program Files
2009-07-07 17:08:05 ----RD---- \Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2009-06-16 475696]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys []
R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [2008-10-13 441904]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [2008-10-13 32304]
R1 WPS;WPS; \??\C:\Windows\system32\drivers\wpsdrvnt.sys []
R2 int15;int15; \??\C:\Windows\SysWOW64\drivers\int15_64.sys [2008-06-11 17952]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 dhdusb.NTamd64;Dynex Wireless G USB Network Adapter Service; C:\Windows\system32\DRIVERS\bcmusbdhdlh64.sys []
R3 e1yexpress;Intel® Gigabit Network Connections Driver; C:\Windows\system32\DRIVERS\e1y60x64.sys []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-06-16 131632]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys []
R3 gwfilt64;gwfilt64; C:\Windows\system32\drivers\gwfilt64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 NAVENG;NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20090805.037\ENG64.SYS [2009-06-16 136752]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20090805.037\EX64.SYS [2009-06-16 1461808]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RTS5121.sys []
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys []
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS []
R3 Teefer2;Teefer2 Miniport; C:\Windows\system32\DRIVERS\teefer2.sys []
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
R3 WpsHelper;WpsHelper; \??\C:\Windows\system32\drivers\WpsHelper.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\Windows\system32\AB7E.tmp []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [2009-01-26 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [2009-01-26 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 RTL8187Se;Realtek RTL8187S Wireless LAN PCIE Network Adapter; C:\Windows\system32\DRIVERS\RTL8187Se.sys []
S3 Rts516xIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [2008-10-13 480816]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\Rts5161ccid.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agr64svc.exe []
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-08-14 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-08-14 108392]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2008-04-29 417792]
R2 ETService;Empowering Technology Service; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-07-20 354840]
R2 McciCMService;McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [2009-01-26 303104]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-01-11 66872]
R2 SmcService;Symantec Management Client; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [2008-12-08 3081544]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2008-12-08 2440120]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-29

89920]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs

Shared\Service\AL6Licensing.exe [2008-11-11 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs

Shared\Service\CTAELicensing.exe [2008-01-09 79360]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-22 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [2008-06-30 3093872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

[2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]
S3 SNAC;Symantec Network Access Control; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [2008-12-08 388424]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-07-01 316664]
S3 Symantec Core LC;Symantec Core LC; C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-01-09 1245064]

-----------------EOF-----------------

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:05 AM

Posted 06 August 2009 - 05:26 PM

Hello,

Yes, I read everything, but many times things change after that long and I want to be as up to date as possible. :thumbup2: This tool does run on 64s....as you know we don't have many available to us, and this is one of the few. I didn't see it run in the other thread, so maybe it will come up with the file(s) we're looking for. :)

Please download F-Secure Blacklight (fsbl.exe) and save to your C:\ drive.
  • Open a command window by going to Start > Run and typing: cmd
  • Copy/paste or type the following in the command window: C:\fsbl.exe /expert
  • Hit "Enter" to start the program and then close the cmd box.
  • Accept the user agreement and click "Next".
  • Click "Scan".
  • After the scan is complete, click "Next", then "Exit".
  • BlackLight will create a log in C:\ drive named "fsbl-xxxxxxx.log" (the xxxxxxx will be the date and time of the scan).
  • The log will have a list of all items found. Do not choose to rename any yet!
    I want to see the log first because legitimate items can also be present...like "wbemtest.exe" and "tcptest.exe.
  • Exit Blacklight and post the contents of the log in your next reply.
Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Please Help Us

Please Help Us
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 06 August 2009 - 05:36 PM

Alright sir, I have to have to run it in administrator powers to be able to run the said program, if I just go to the C-Drive and right click on the exe, and let it run as administrator will it give me the same results you're looking for. I hate to sound like a complete moron, but I want to make sure it'll give you what you need before I go and do something stupid.

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:05 AM

Posted 06 August 2009 - 05:43 PM

You don't sound like a moron at all. What ever you need to do to run it is fine. :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 Please Help Us

Please Help Us
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 06 August 2009 - 06:00 PM

My, my it seems something is going wrong. It didn't detect a single item, perhaps it because I didn't run it in safe mode. I'm not sure, so should I do that or do you have another idea?

Sorry, I'm suspecting its something I did on my own end, or that this may be deeper then I originally thought.

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:05 AM

Posted 06 August 2009 - 06:06 PM

No no....no need for safe mode. By chance, have you done a Windows search for these files? I'd like to know as much as I can about how you found them, and what might be picking them up now. I cannot see the same things you do, so I have to rely a lot on what you tell me about the problem. :thumbup2:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 Please Help Us

Please Help Us
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 06 August 2009 - 06:16 PM

Alright I'll tell you everything I know/done. Well, for starters I noticed the file while running a scan with Symantec's End Point Protection (Blllehhh Symantec), and while watching it flash the various files it was scanning I noticed the "9129837.exe" file, and then watched as it was hidden by the "hide_evr2" file. I paused the scanned and restarting it, watching it so I could get the exact numbers for the exe file that quickly passed across my eyes. I wrote it down, and noticed when that even when I paused the scanned the file was still quickly replaced with the "hide_evr2". Doing a few google searches later, and checking BC's file database, it turns out this file is a bit unwanted. So far out of all the virus scanners I'd tried, only Symantec's manages to show the file, and even then it doesn't pick it or the hide_evr2 as a threat. I've tried digging around in C, doing window searches, the only thing that shows it is the Symantec scan.

So that's really it, the only thing showing that it exists is Symantec's scanner, and even then it won't pick up the file as a threat. So I'm not really sure what's the case here my friend, perhaps I'm just insane and having crazy virus hallucinations. :thumbup2:

Joking aside, I'm not really sure what the deal is, nothing else seems to be picking up this mysterious file, and from what I've seen this file isn't something I want to have. I rather not have to resort to reinstalling everything (double since this isn't really my computer, I'm just the "clean up" boy if you will), and I rather have it clean instead of running around doing things it shouldn't. That's really all I can report friend, thank you for your patience, hopefully we'll find an end to this. (Also if you want I can try and get screen shots of the symantec scanning the file).

Edited by Please Help Us, 06 August 2009 - 06:18 PM.


#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:05 AM

Posted 06 August 2009 - 06:29 PM

Thank you....every little bit helps. :thumbup2:

Now in the other thread you told the person helping you that 9129837.exe shows in your running processes....is that correct? Can you navigate to that file? Also....do you have a full path to the other file? I didn't see that you mentioned it in the other thread.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 Please Help Us

Please Help Us
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 06 August 2009 - 06:40 PM

Hm it must of been a typo, since I do not see it in my running processes. At least a file that runs under that exact name anyway, I see nothing that could be connected to it either in the run menu.

Both of them are just in C:\windows folder from the looks of it.
Also I know this is only the hide_evr2.sys item, but they "scan" right after another so its the same thing just put 9129837.exe in front of the line instead.
http://i32.tinypic.com/156r1ac.jpg

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:05 AM

Posted 06 August 2009 - 06:43 PM

See if this will run :

Download Silent Runners.zip and extract it to a new folder on your Desktop.
  • Run the Silent Runners.vbs file.
  • You will receive a prompt: "Do you want to skip supplementary searches?" - click "NO."
  • If your antivirus has a script blocker, you will get a warning asking if you want to allow Silent Runners.vbs to run.
  • This script is not malicious so please allow it.
  • A text file will appear in the folder - it's not done, let it run. (It won't appear to be doing anything!)
  • Once the "All Done!" prompt flashes up, open the text file, and copy & paste it in your next reply.
Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 Please Help Us

Please Help Us
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 06 August 2009 - 07:13 PM

Alright then, here's the text file. :thumbup2:

Ran a bit short, but I waited till the "All Done" came on, so here it is!



"Silent Runners.vbs", revision 59, http://www.silentrunners.org/
Operating System: Windows Vista
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS]
"swg" = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."]
"CTRegRun" = "C:\Windows\CTRegRun.EXE" ["Creative Technology Ltd "]
"EA Core" = ""C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent" ["Electronic Arts"]
"Steam" = ""C:\Program Files (x86)\Valve\Steam\Steam.exe" -silent" ["Valve Corporation"]
"msnmsgr" = ""C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background" [MS]
"WMPNSCFG" = "C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide"
"RunDLLEntry" = "C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry" [MS]
"RtHDVCpl" = "RAVCpl64.exe" ["Realtek Semiconductor"]
"Skytel" = "Skytel.exe" [file not found]
"IAAnotif" = ""C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"" ["Intel Corporation"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll" ["Advanced Micro Devices, Inc."]
"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files (x86)\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
"{28803F59-3A75-4058-995F-4EE5503B023C}" = "Wireless Devices"
-> {HKLM...CLSID} = "Bluetooth Devices"
\InProcServer32\(Default) = "C:\Windows\system32\FunctionDiscoveryFolder.dll" [MS]
"{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}" = "Enhanced Storage Data Source"
-> {HKLM...CLSID} = "Enhanced Storage Data Source"
\InProcServer32\(Default) = "C:\Windows\system32\EhStorShell.dll" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files (x86)\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files (x86)\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files (x86)\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]


Default executables:
--------------------

HKLM\SOFTWARE\Classes\.hta\(Default) = "htafile"
<<!>> HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = "C:\Windows\SysWOW64\mshta.exe "%1" %*" [MS]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoActiveDesktop" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"ForceActiveDesktopOn" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoActiveDesktopChanges" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"BindDirectlyToPropertySetStorage" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

"DisableTaskmgr" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options|
Remove Task Manager}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}

"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}

"EnableLUA" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}

"EnableVirtualization" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}

"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}

"EnableUIADesktopToggle" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\Jim\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\Windows\system32\logon.scr" [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

CTPlayAudioOnArrivalu\
"Provider" = "Creative MediaSource 5 Player"
"InvokeProgID" = "CTAutoPLu.AudioCDPlayer.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\CTAutoPLu.AudioCDPlayer.1\shell\open\command\(Default) = ""C:\Program Files (x86)\Creative\MediaSource5\CTCMSu.exe" /T=CLASSKEY_AudioCD IN %L PlayNow" ["Creative Technology Ltd"]

CTPlayMusicFilesOnArrivalu\
"Provider" = "Creative MediaSource 5 Player"
"InvokeProgID" = "CTAutoPLu.MusicFilesPlayer.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\CTAutoPLu.MusicFilesPlayer.1\shell\open\command\(Default) = ""C:\Program Files (x86)\Creative\MediaSource5\CTCMSu.exe" /PlayNow "%L"" ["Creative Technology Ltd"]

MSEnhancedStorageHandler\
"Provider" = "@C:\Windows\system32\EhStorShell.dll,-108"
"ProgID" = "EhStorShell.AutoplayHandler"
"InitCmdLine" = "Authorize"
HKLM\SOFTWARE\Classes\EhStorShell.AutoplayHandler\CLSID\(Default) = "{36F54939-CD3B-4C73-92D5-F9A389ED631C}"
-> {HKLM...CLSID} = "Enhanced Storage Autoplay Handler Class"
\InProcServer32\(Default) = "C:\Windows\system32\EhStorShell.dll" [MS]

MSPlayCDAudioOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.AudioCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"" [MS]

MSPlayDVDMovieOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.DVD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"" [MS]

MSPlaySuperVideoCDMovieOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.VCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS]

MSPlayVideoCDMovieOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.VCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS]

MSRipCDAudioOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.RipCD"
"InvokeVerb" = "Rip"
HKLM\SOFTWARE\Classes\WMP.RipCD\shell\Rip\Command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /RipAudioCD "%L" " [MS]

MSWMPBurnCDOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.BurnCD"
"InvokeVerb" = "Burn"
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" " [MS]

MSWMPBurnDataDVDArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.BurnDVD"
"InvokeVerb" = "Burn"
HKLM\SOFTWARE\Classes\WMP.BurnDVD\shell\Burn\Command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:DVDWrite /Device:"%L" " [MS]

NeroAutoPlay9AudioToNeroDigital\
"Provider" = "Nero SoundTrax"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero SoundTrax\SoundTrax.exe /" ["Nero AG"]

NeroAutoPlay9CDAudio\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero Burning ROM\Nero.exe /New:AudioCD %L" ["Nero AG"]

NeroAutoPlay9CopyCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero Burning ROM\Nero.exe /Dialog:DiscCopy %L" ["Nero AG"]

NeroAutoPlay9DataDisc\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero Burning ROM\Nero.exe /New:ISODisc %L" ["Nero AG"]

NeroAutoPlay9DVDVideoToNeroDigital\
"Provider" = "Nero Recode"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "DVDVideoToNeroDigital_PlayDVDMovieOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DVDVideoToNeroDigital_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero Recode\Recode.exe /New:ReAuthorNeroDigital" ["Nero AG"]

NeroAutoPlay9LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

NeroAutoPlay9PlayAudioCD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay9PlayDVD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay9RipCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "RipCD_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero Burning ROM\Nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay9TranscodeVideo\
"Provider" = "Nero Recode"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]

NeroAutoPlay9VideoCapture\
"Provider" = "Nero Vision"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files (x86)\Nero\Nero 9\Nero Vision\NeroVision.exe" /New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay9ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]

P2GCDBurningOnArrival\
"Provider" = "Power2Go"
"InvokeProgID" = "BlankCD"
"InvokeVerb" = "OpenWithPower2Go"
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = ""C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L"" ["Cyberlink"]

P2GDVDBurningOnArrival\
"Provider" = "Power2Go"
"InvokeProgID" = "BlankDVD"
"InvokeVerb" = "OpenWithPower2Go"
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = ""C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L"" ["Cyberlink"]


Startup items in "Jim" & "All Users" startup folders:
-----------------------------------------------------

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"SmartCopy" -> shortcut to: "C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe" [null data]
"SmartLauncher" -> shortcut to: "C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe" ["North Star com."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Agere Modem Call Progress Audio, AgereModemAudio, "C:\Windows\system32\agr64svc.exe" ["Agere Systems"]
Ati External Event Utility, Ati External Event Utility, "C:\Windows\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
CNG Key Isolation, KeyIso, "C:\Windows\system32\lsass.exe" [MS]
Computer Browser, Browser, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [MS]}
Creative Audio Service, CTAudSvcService, "C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe" ["Creative Technology Ltd"]
Empowering Technology Service, ETService, "C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe" [null data]
Extensible Authentication Protocol, EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]}
Human Interface Device Access, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.dll" [MS]}
Intel® Matrix Storage Event Monitor, IAANTMON, "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe" ["Intel Corporation"]
McciCMService, McciCMService, ""C:\Program Files (x86)\Common Files\Motive\McciCMService.exe"" ["Motive Communications, Inc."]
Nero BackItUp Scheduler 4.0, Nero BackItUp Scheduler 4.0, "C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe" ["Nero AG"]
PnkBstrA, PnkBstrA, "C:\Windows\system32\PnkBstrA.exe" [file not found]
Secure Socket Tunneling Protocol Service, SstpSvc, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\sstpsvc.dll" [MS]}
Symantec Endpoint Protection, Symantec AntiVirus, ""C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Symantec Management Client, SmcService, ""C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Windows Driver Foundation - User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}
Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
WLAN AutoConfig, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]}


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
LIDIL hpzlllhn\Driver = "hpzlllhn.dll" ["Hewlett-Packard Company"]


---------- (launch time: 2009-08-06 19:07:02)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 218 seconds.
---------- (total run time: 244 seconds)

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:05 AM

Posted 06 August 2009 - 07:40 PM

Thank you. :thumbup2: Guess what? Nothing there. Let me have some time to see what else I can come up with and I'll get back to you as soon as I can. :)

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 Please Help Us

Please Help Us
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 06 August 2009 - 07:56 PM

Alright then, thank you so much for your time so far, I await for any more ideas you may have. Please take your time friend, you've been wonderful so far. :)

I'll await for your next post, like a fruit fly to a mellon. :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users