Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nasty malware, can't even run HJT.


  • This topic is locked This topic is locked
5 replies to this topic

#1 blackstaroblivion

blackstaroblivion

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NY
  • Local time:09:24 PM

Posted 05 September 2009 - 07:41 PM

I believe I have a big problem with AntiSpy Protector 2009 + Rootkit.
I have run numerous spyware, and antivirus programs with no luck.

I cannot access the internet and am working from a second computer, downloading what I need and transferring.


Root Repeal did not work. It never got past the 'Initializing please wait.....' window. (there is an update on RootRepeal at end of post). Then the computer rebooted. I tried three times with the same result.
With Moderator garmanma's help I have been able to run Win32Kdiag. This is the only log I can produce at the moment.
Log file is located at: C:\Documents and Settings\Compaq_Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB911280\KB911280

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB914388\KB914388

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB914389\KB914389

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB916595\KB916595

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB917344\KB917344

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB917953\KB917953

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB918118\KB918118

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB918439\KB918439

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB919007\KB919007

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920670\KB920670

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920683\KB920683

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920685\KB920685

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920872\KB920872

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB921503\KB921503

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB922819\KB922819

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB923414\KB923414

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB923980\KB923980

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB924270\KB924270

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925902\KB925902

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB926255\KB926255

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB926436\KB926436

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB927779\KB927779

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB927802\KB927802

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB928255\KB928255

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB928843\KB928843

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB929123\KB929123

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB930178\KB930178

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB930916\KB930916

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931261\KB931261

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933360\KB933360

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB935839\KB935839

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB935840\KB935840

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB936021\KB936021

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB938127\KB938127

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB938828\KB938828

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB938829\KB938829

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\acdbmgdhost\acdbmgdhost

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\AcLayer\AcLayer

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\erdnt\erdnt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ErrorRep\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ErrorRep\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\setup.pss\setupupd\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\00f4dcdbcc87699e75212b885cb6bebf\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\05c415ef6d072eb49a51ae487bfc11a6\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07fc28da31fb67510471389f08fbbe93\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\1c57749e6715414b7025f8d316d91db9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\26553d2988faa6629ee272005cd35201\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\2a8c07aaf8ec0a2dbcb5ab11c4e40d88\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\3112269c39ef5d624522fb876634b1d2\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\343df13f0a7d4e9264393401164eed58\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\39a67eb647584bf044c95c49b4bf8722\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\4e0f6637e0e9d8b518d4652361b0aec7\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5e51b5a4cef8a3ba9cc95980fae1c142\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6ebd16cfa495accd1804cd7de17cee70\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\71a994314faa34c74b73fcac7756eea1\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\7d6100e060a1f93df520847b1cd9dc71\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\86a5d4ec598b957d3e4d2a7951b2c258\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\a37be17708731e77e17b179ea94c45de\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\a39d7c907193cb74dabeac9b04866368\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\a4246a739538de4092ff4efee1ce6dd7\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\a8f9af6d7eab2a4aa2140dcdde4eedc2\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b45151c33087fb9df3e7d6e3700f80ed\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\c1835c8cb0bb13f938a8a983ca5edea4\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d130ed3c2e7e410b5d831b3fad9ac078\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d201072cb58fab95908d9431c4a9ed6f\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\db28a0b760baa74ad8a6115c5936adf2\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dfb1b328cf19d4352aeb86f82e39c295\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\e50981864c541bdea07741b88d379a52\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\ed49db3e3eb4e8cd7de32a9e4fb59630\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f29eba4fac3ab17c766d661ddeebef0f\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f90f6c0c452945125b5a22f96ec4c469\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\fd021e0d3be9e9d32612eef4c870a5b4\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\fde4a5af73d5aee9b5faba71cbff1d6c\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\RCCBakup\RCCBakup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Apple Computer\iTunes\iTunes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{5E41BDC3-3E9B-4A7D-ADED-969491FFC466}\{5E41BDC3-3E9B-4A7D-ADED-969491FFC466}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Data\Data

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Msg\Msg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView\SampleView

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec\Symantec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Apple Computer\iTunes\iTunes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Online Services\Online Services

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\drivers\458407d.sys

[1] 2009-08-29 14:04:08 88780 C:\WINDOWS\system32\drivers\458407d.sys ()



Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\dumprep.exe

[1] 2004-08-04 08:00:00 10752 C:\WINDOWS\system32\dllcache\dumprep.exe (Microsoft Corporation)

[1] 2004-08-04 08:00:00 10752 C:\WINDOWS\system32\dumprep.exe ()



Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 08:00:00 55808 C:\WINDOWS\system32\dllcache\eventlog.dll (Microsoft Corporation)

[1] 2004-08-04 08:00:00 63488 C:\WINDOWS\system32\eventlog.dll ()

[2] 2004-08-04 08:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Macromed\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\drivers\w32x86\3\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\drivers\WIN40\WIN40

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\drivers\x64\x64

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\TEMP\_avast4_\_avast4_

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Web\Wallpaper\Scenery\Scenery

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^



Finished!


UPDATE I was able to at least hit the scan button on RootRepeal with the following log results.
08:43:57: DeviceIoControl Error! Error Code = 0x0
08:43:57: DeviceIoControl Error! Error Code = 0x0
08:43:57: DeviceIoControl Error! Error Code = 0x0
08:43:57: DeviceIoControl Error! Error Code = 0x0
08:43:57: DeviceIoControl Error! Error Code = 0x0
08:43:57: DeviceIoControl Error! Error Code = 0x0

Edited by blackstaroblivion, 05 September 2009 - 07:50 PM.


BC AdBot (Login to Remove)

 


#2 blackstaroblivion

blackstaroblivion
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NY
  • Local time:09:24 PM

Posted 10 September 2009 - 06:42 PM

I have reformatted my C Drive and have started fresh. I believe from reading other topics that ultimately this is the way to go if personal and sensitive information is on the computer. As a precaution I have posted the Hijackthis logfile from the reformatted computer. If there is anything amiss, or if a moderator thinks I should take further precautions, please let me know. Otherwise I think this matter is closed.



C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Xenophilius\Desktop\Programs\AV Spyware & Utility\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

--
End of file - 5481 bytes

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:09:24 PM

Posted 21 September 2009 - 12:54 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 blackstaroblivion

blackstaroblivion
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NY
  • Local time:09:24 PM

Posted 22 September 2009 - 02:06 PM

Here are the log files from HJT and RSIT

HJT Log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Xenophilius at 2009-09-22 15:01:37
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 19 GB (27%) free of 70 GB
Total RAM: 3262 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:01:46 PM, on 9/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Xenophilius\Desktop\Programs\AV Spyware & Utility\RSIT.exe
C:\Documents and Settings\Xenophilius\Desktop\Programs\AV Spyware & Utility\Xenophilius.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GroupManager] C:\WINDOWS\system32\groupmanager.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 6613 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-13 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-13 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-13 344064]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2006-03-17 184320]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-22 620152]
""= []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-13 1603152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-13 149280]
"GroupManager"=C:\WINDOWS\system32\groupmanager.exe [2009-03-18 32256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"=C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [2007-07-17 868352]
"CTRegRun"=C:\WINDOWS\CTRegRun.EXE [2006-10-05 53248]
"CreativeTaskScheduler"=C:\Program Files\Creative\Shared Files\CTSched.exe [2006-11-16 53341]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-13 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-09-22 15:01:36 ----D---- C:\rsit
2009-09-21 10:53:32 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-09-21 08:43:05 ----D---- C:\Program Files\Lavasoft
2009-09-21 08:43:05 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-09-21 08:41:19 ----D---- C:\Program Files\AdAware 2008 Pro
2009-09-19 20:30:46 ----D---- C:\Documents and Settings\Xenophilius\Application Data\AVS4YOU
2009-09-19 20:30:44 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2009-09-19 20:27:02 ----D---- C:\Program Files\Common Files\AVSMedia
2009-09-19 20:27:01 ----D---- C:\Program Files\AVS4YOU
2009-09-19 20:27:01 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-09-19 20:27:01 ----A---- C:\WINDOWS\system32\msvcr70.dll
2009-09-19 20:27:01 ----A---- C:\WINDOWS\system32\msvcp70.dll
2009-09-19 20:27:01 ----A---- C:\WINDOWS\system32\mfc70.dll
2009-09-19 20:27:01 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2009-09-18 16:27:52 ----D---- C:\Documents and Settings\Xenophilius\Application Data\Lavasoft
2009-09-17 21:44:19 ----D---- C:\Documents and Settings\Xenophilius\Application Data\Auslogics
2009-09-17 21:44:13 ----D---- C:\Program Files\Auslogics
2009-09-14 11:39:53 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2009-09-14 11:39:51 ----D---- C:\Documents and Settings\Xenophilius\Application Data\Azureus
2009-09-14 11:39:31 ----D---- C:\Program Files\Vuze
2009-09-14 03:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-09-13 12:22:33 ----D---- C:\WINDOWS\Sun
2009-09-13 12:22:10 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-13 12:22:10 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-13 12:22:10 ----A---- C:\WINDOWS\system32\java.exe
2009-09-13 12:22:10 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-09-13 12:21:54 ----D---- C:\Program Files\Java
2009-09-13 12:21:26 ----D---- C:\Documents and Settings\Xenophilius\Application Data\Sun
2009-09-13 03:13:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-09-13 03:13:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-09-13 03:12:54 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-09-13 03:12:49 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-09-13 03:12:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-09-13 03:12:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-09-13 03:12:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-09-13 03:12:14 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-09-13 03:12:04 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-09-13 03:11:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-13 03:11:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-13 03:11:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-09-13 03:11:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-09-13 03:07:05 ----D---- C:\1c25e194cd42239ca8d64846ad
2009-09-13 03:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-09-13 03:03:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-13 03:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-09-13 03:03:22 ----D---- C:\Program Files\MSXML 6.0
2009-09-13 03:03:14 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-09-13 03:03:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-13 03:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-09-13 03:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-09-13 03:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-09-13 03:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-13 03:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-09-13 03:02:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-09-13 03:02:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-13 03:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-09-13 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-09-13 03:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-09-13 03:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-09-13 03:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-09-13 03:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-09-13 03:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-09-13 03:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-09-13 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-09-13 03:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-09-13 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-13 03:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-09-13 03:01:15 ----D---- C:\WINDOWS\ServicePackFiles
2009-09-13 03:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-09-13 03:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-09-13 03:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-09-13 03:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-09-13 03:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-09-13 03:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-09-13 03:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-09-13 03:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-09-13 03:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-09-13 03:00:24 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-09-13 03:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-09-13 01:56:31 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-09-12 11:50:26 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-09-12 11:50:24 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-09-12 11:50:14 ----D---- C:\WINDOWS\system32\PreInstall
2009-09-12 11:50:12 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-09-12 11:50:11 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-11 23:35:53 ----D---- C:\Civil 3D Projects
2009-09-11 22:28:05 ----D---- C:\Documents and Settings\Xenophilius\Application Data\Macromedia
2009-09-11 20:49:03 ----A---- C:\WINDOWS\system32\wpa.bak
2009-09-11 10:54:28 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-09-11 04:29:48 ----D---- C:\Documents and Settings\Xenophilius\Application Data\Creative
2009-09-10 21:18:25 ----D---- C:\Program Files\Common Files\CANON
2009-09-10 21:17:19 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonBJ
2009-09-10 21:17:09 ----A---- C:\WINDOWS\system32\CNMLM97.DLL
2009-09-10 21:17:05 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2009-09-10 21:16:52 ----HD---- C:\Program Files\CanonBJ
2009-09-10 21:14:54 ----D---- C:\Program Files\Canon
2009-09-10 20:46:32 ----D---- C:\Program Files\HydroCAD
2009-09-10 20:46:32 ----A---- C:\WINDOWS\UnDeploy.exe
2009-09-10 18:23:09 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-09-10 18:23:07 ----D---- C:\Program Files\Alwil Software
2009-09-10 18:04:28 ----D---- C:\Documents and Settings\Xenophilius\Application Data\Mozilla
2009-09-10 18:04:17 ----D---- C:\Program Files\Mozilla Firefox
2009-09-10 05:21:07 ----D---- C:\Documents and Settings\Xenophilius\Application Data\Ahead
2009-09-10 05:19:30 ----D---- C:\Program Files\Common Files\Ahead
2009-09-10 05:19:30 ----A---- C:\WINDOWS\system32\picn20.dll
2009-09-10 05:19:30 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2009-09-10 05:19:30 ----A---- C:\WINDOWS\system32\ImagXpr5.dll
2009-09-10 05:19:30 ----A---- C:\WINDOWS\system32\imagx5.dll
2009-09-10 05:19:30 ----A---- C:\WINDOWS\system32\imagr5.dll
2009-09-10 05:19:27 ----D---- C:\Program Files\Ahead
2009-09-10 05:18:08 ----D---- C:\Documents and Settings\Xenophilius\Application Data\WinRAR
2009-09-10 05:17:07 ----D---- C:\Program Files\WinRAR
2009-09-10 04:55:19 ----D---- C:\Program Files\Microsoft Works
2009-09-10 04:55:04 ----D---- C:\Program Files\Microsoft Visual Studio
2009-09-10 04:54:39 ----D---- C:\Program Files\Microsoft.NET
2009-09-10 04:52:31 ----D---- C:\WINDOWS\SHELLNEW
2009-09-10 04:52:03 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-09-10 04:51:42 ----RHD---- C:\MSOCache
2009-09-10 04:24:10 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-09-10 04:21:19 ----D---- C:\Program Files\Adobe
2009-09-10 03:55:51 ----D---- C:\Documents and Settings\Xenophilius\Application Data\Adobe
2009-09-10 03:55:49 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-09-10 03:52:52 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-09-10 03:52:51 ----D---- C:\Program Files\Common Files\Adobe
2009-09-10 03:38:50 ----D---- C:\Program Files\PowerISO
2009-09-10 00:40:54 ----D---- C:\Program Files\Autodesk
2009-09-10 00:32:54 ----D---- C:\Program Files\Common Files\Autodesk Shared
2009-09-10 00:32:54 ----D---- C:\Program Files\AutoCAD Land Desktop 2009
2009-09-10 00:32:54 ----D---- C:\Land Projects 2009
2009-09-10 00:32:54 ----D---- C:\Documents and Settings\Xenophilius\Application Data\Autodesk
2009-09-10 00:32:54 ----D---- C:\Documents and Settings\All Users\Application Data\Autodesk
2009-09-10 00:31:45 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-09-10 00:31:40 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-09-10 00:31:31 ----D---- C:\Program Files\Common Files\Designer
2009-09-10 00:31:23 ----D---- C:\Program Files\Microsoft Office
2009-09-10 00:30:47 ----D---- C:\Program Files\MSBuild
2009-09-10 00:27:47 ----D---- C:\WINDOWS\system32\XPSViewer
2009-09-10 00:27:45 ----D---- C:\WINDOWS\system32\en-us
2009-09-10 00:27:23 ----D---- C:\Program Files\Reference Assemblies
2009-09-10 00:27:09 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-09-10 00:25:31 ----RSD---- C:\WINDOWS\assembly
2009-09-10 00:25:15 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-10 00:24:57 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-09-10 00:16:50 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-09-10 00:13:18 ----D---- C:\Documents and Settings\All Users\Application Data\Creative
2009-09-10 00:05:12 ----N---- C:\WINDOWS\Ctregrun.exe
2009-09-10 00:04:00 ----N---- C:\WINDOWS\system32\CTSVCCTL.EXE
2009-09-10 00:04:00 ----N---- C:\WINDOWS\system32\CTSVCCDA.EXE
2009-09-10 00:03:51 ----D---- C:\Program Files\Creative
2009-09-10 00:03:45 ----D---- C:\Program Files\Common Files\Creative
2009-09-10 00:03:44 ----HD---- C:\Program Files\Creative Installation Information
2009-09-10 00:03:24 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-09-10 00:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-09-10 00:03:06 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-09-10 00:02:53 ----D---- C:\WINDOWS\system32\LogFiles
2009-09-10 00:02:48 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-09-10 00:02:46 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-09-09 22:00:08 ----SHD---- C:\RECYCLER
2009-09-09 21:46:10 ----D---- C:\Program Files\ATI Technologies
2009-09-09 21:46:00 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-09-09 21:44:44 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-09-09 21:44:37 ----D---- C:\Program Files\Realtek AC97
2009-09-09 21:44:35 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll
2009-09-09 21:44:35 ----A---- C:\WINDOWS\system32\ChCfg.exe
2009-09-09 21:44:35 ----A---- C:\WINDOWS\soundman.exe
2009-09-09 21:44:35 ----A---- C:\WINDOWS\ALCXMNTR.EXE
2009-09-09 21:44:33 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-09 21:44:33 ----A---- C:\WINDOWS\system32\RTLCPL.exe
2009-09-09 21:44:33 ----A---- C:\WINDOWS\alcupd.exe
2009-09-09 21:44:33 ----A---- C:\WINDOWS\alcrmv.exe
2009-09-09 21:44:26 ----D---- C:\Program Files\Common Files\InstallShield
2009-09-09 12:06:14 ----D---- C:\Documents and Settings\Xenophilius\Application Data\Identities
2009-09-09 12:06:13 ----HD---- C:\Program Files\Uninstall Information
2009-09-09 12:06:08 ----SD---- C:\Documents and Settings\Xenophilius\Application Data\Microsoft
2009-09-09 12:06:08 ----ASH---- C:\Documents and Settings\Xenophilius\Application Data\desktop.ini
2009-09-09 12:04:07 ----D---- C:\WINDOWS\SoftwareDistribution
2009-09-09 12:04:06 ----SD---- C:\WINDOWS\system32\Microsoft
2009-09-09 12:04:06 ----D---- C:\WINDOWS\Prefetch
2009-09-09 12:04:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-09 12:00:43 ----D---- C:\WINDOWS\system32\xircom
2009-09-09 12:00:43 ----D---- C:\Program Files\xerox
2009-09-09 12:00:43 ----D---- C:\Program Files\microsoft frontpage
2009-09-09 12:00:35 ----A---- C:\WINDOWS\control.ini
2009-09-09 12:00:35 ----A---- C:\AUTOEXEC.BAT
2009-09-09 12:00:22 ----A---- C:\WINDOWS\OEWABLog.txt
2009-09-09 12:00:18 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-09-09 11:59:32 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-09 11:59:32 ----RD---- C:\WINDOWS\Offline Web Pages
2009-09-09 11:59:32 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-09-09 11:59:26 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-09-09 11:59:21 ----HD---- C:\Program Files\WindowsUpdate
2009-09-09 11:59:00 ----D---- C:\WINDOWS\system32\DirectX
2009-09-09 11:58:41 ----A---- C:\WINDOWS\system32\atrace.dll
2009-09-09 11:58:38 ----A---- C:\WINDOWS\system32\desktop.ini
2009-09-09 11:58:38 ----A---- C:\WINDOWS\desktop.ini
2009-09-09 11:58:26 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-09-09 11:58:25 ----A---- C:\WINDOWS\system32\acctres.dll
2009-09-09 11:58:24 ----D---- C:\Program Files\Common Files\Services
2009-09-09 11:58:19 ----SD---- C:\WINDOWS\Tasks
2009-09-09 11:58:19 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-09-09 11:58:18 ----D---- C:\Program Files\Common Files\MSSoap
2009-09-09 11:58:13 ----D---- C:\WINDOWS\srchasst
2009-09-09 11:58:12 ----D---- C:\WINDOWS\system32\Macromed
2009-09-09 11:58:08 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-09-09 11:58:08 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-09-09 11:58:08 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-09-09 11:58:08 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-09-09 11:58:08 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-09-09 11:58:07 ----A---- C:\WINDOWS\system32\wups.dll
2009-09-09 11:58:07 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-09-09 11:58:07 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-09-09 11:58:07 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-09-09 11:58:07 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-09-09 11:58:07 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-09-09 11:58:07 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-09-09 11:58:07 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-09-09 11:58:01 ----D---- C:\Program Files\Movie Maker
2009-09-09 11:57:57 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-09-09 11:57:57 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-09-09 11:57:57 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-09-09 11:57:57 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-09-09 11:57:52 ----D---- C:\WINDOWS\system32\Restore
2009-09-09 11:57:52 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-09-09 11:57:52 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-09-09 11:57:52 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-09-09 11:57:51 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-09-09 11:57:51 ----A---- C:\WINDOWS\system32\srclient.dll
2009-09-09 11:57:51 ----A---- C:\WINDOWS\system32\ils.dll
2009-09-09 11:57:50 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-09-09 11:57:50 ----A---- C:\WINDOWS\system32\msconf.dll
2009-09-09 11:57:50 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-09-09 11:57:50 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-09-09 11:57:50 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-09-09 11:57:46 ----D---- C:\Program Files\NetMeeting
2009-09-09 11:57:46 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-09-09 11:57:46 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-09-09 11:57:45 ----A---- C:\WINDOWS\system32\inetres.dll
2009-09-09 11:57:45 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-09-09 11:57:40 ----D---- C:\Program Files\Outlook Express
2009-09-09 11:57:40 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-09-09 11:57:40 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-09-09 11:57:40 ----A---- C:\WINDOWS\system32\mstask.dll
2009-09-09 11:57:40 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-09-09 11:57:40 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-09-09 11:57:39 ----A---- C:\WINDOWS\system32\isign32.dll
2009-09-09 11:57:39 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-09-09 11:57:30 ----D---- C:\Program Files\Common Files\System
2009-09-09 11:57:29 ----D---- C:\Program Files\Internet Explorer
2009-09-09 11:57:18 ----D---- C:\Program Files\ComPlus Applications
2009-09-09 11:57:15 ----A---- C:\WINDOWS\vbaddin.ini
2009-09-09 11:57:15 ----A---- C:\WINDOWS\vb.ini
2009-09-09 11:57:11 ----D---- C:\WINDOWS\Registration
2009-09-09 11:56:45 ----D---- C:\Program Files\Online Services
2009-09-09 11:56:44 ----D---- C:\Program Files\Windows Media Player
2009-09-09 11:56:40 ----D---- C:\Program Files\Messenger
2009-09-09 11:56:37 ----D---- C:\Program Files\MSN Gaming Zone
2009-09-09 11:56:37 ----A---- C:\WINDOWS\system32\write.exe
2009-09-09 11:56:29 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-09-09 11:56:29 ----A---- C:\WINDOWS\system32\hticons.dll
2009-09-09 11:56:29 ----A---- C:\WINDOWS\system32\avwav.dll
2009-09-09 11:56:29 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-09-09 11:56:28 ----A---- C:\WINDOWS\system32\winchat.exe
2009-09-09 11:56:28 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-09-09 11:56:23 ----A---- C:\WINDOWS\system32\getuname.dll
2009-09-09 11:56:23 ----A---- C:\WINDOWS\system32\charmap.exe
2009-09-09 11:56:23 ----A---- C:\WINDOWS\system32\calc.exe
2009-09-09 11:56:22 ----A---- C:\WINDOWS\system32\winmine.exe
2009-09-09 11:56:22 ----A---- C:\WINDOWS\system32\sol.exe
2009-09-09 11:56:22 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-09-09 11:56:22 ----A---- C:\WINDOWS\system32\freecell.exe
2009-09-09 11:56:21 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-09-09 11:56:21 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-09-09 11:56:21 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-09-09 11:56:21 ----A---- C:\WINDOWS\system32\tskill.exe
2009-09-09 11:56:21 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-09-09 11:56:21 ----A---- C:\WINDOWS\system32\tscon.exe
2009-09-09 11:56:21 ----A---- C:\WINDOWS\system32\shadow.exe
2009-09-09 11:56:21 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-09-09 11:56:21 ----A---- C:\WINDOWS\system32\reset.exe
2009-09-09 11:56:21 ----A---- C:\WINDOWS\system32\regini.exe
2009-09-09 11:56:21 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-09-09 11:56:21 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-09-09 11:56:21 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-09-09 11:56:21 ----A---- C:\WINDOWS\system32\msg.exe
2009-09-09 11:56:20 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-09-09 11:56:20 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-09-09 11:56:20 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-09-09 11:56:20 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-09-09 11:56:20 ----A---- C:\WINDOWS\system32\logoff.exe
2009-09-09 11:56:20 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-09-09 11:56:20 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-09-09 11:56:19 ----A---- C:\WINDOWS\system32\stclient.dll
2009-09-09 11:56:19 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-09-09 11:56:19 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-09-09 11:56:19 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-09-09 11:56:13 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-09-09 11:55:54 ----D---- C:\Program Files\MSN
2009-09-09 11:55:53 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-09-09 11:55:53 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-09-09 11:55:52 ----D---- C:\Program Files\Windows NT
2009-09-09 11:55:52 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-09-09 11:55:52 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-09-09 11:55:52 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-09-09 11:55:51 ----A---- C:\WINDOWS\system32\spider.exe
2009-09-09 11:55:51 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-09-09 11:55:50 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-09-09 11:55:50 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-09-09 11:55:50 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-09-09 11:55:49 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-09-09 11:55:49 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-09-09 11:55:49 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-09-09 11:55:49 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-09-09 11:55:47 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-09-09 11:55:47 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-09-09 11:55:46 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-09-09 11:55:46 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-09-09 11:55:46 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-09-09 11:55:46 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-09-09 11:55:46 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-09-09 11:55:46 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-09-09 11:55:46 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-09-09 11:55:45 ----D---- C:\WINDOWS\system32\MsDtc
2009-09-09 11:55:45 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-09-09 11:55:45 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-09-09 11:55:45 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-09-09 11:55:45 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-09-09 11:55:44 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-09-09 11:55:44 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-09-09 11:55:44 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-09-09 11:55:43 ----D---- C:\WINDOWS\system32\Com
2009-09-09 11:55:43 ----A---- C:\WINDOWS\system32\colbact.dll
2009-09-09 11:55:43 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-09-09 11:55:43 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-09-09 11:55:42 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-09-09 11:55:42 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-09-09 11:55:40 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-09-09 11:55:39 ----A---- C:\WINDOWS\system32\comuid.dll
2009-09-09 11:55:39 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-09-09 11:55:31 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-09-09 11:55:31 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-09-09 11:55:30 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-09-09 11:55:30 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-09-09 07:54:16 ----A---- C:\WINDOWS\system32\h323log.txt
2009-09-09 07:48:59 ----A---- C:\WINDOWS\system32\usbui.dll
2009-09-09 07:47:46 ----A---- C:\WINDOWS\imsins.BAK
2009-09-09 07:47:43 ----SHD---- C:\WINDOWS\Installer
2009-09-09 07:47:43 ----D---- C:\Program Files\Common Files\ODBC
2009-09-09 07:47:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-09 07:47:43 ----A---- C:\WINDOWS\ODBCINST.INI
2009-09-09 07:47:39 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-09-09 07:47:38 ----RD---- C:\Program Files
2009-09-09 07:47:38 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-09 07:47:38 ----D---- C:\Program Files\Common Files
2009-09-09 07:47:36 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-09-09 07:47:36 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-09-09 07:47:36 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-09-09 07:47:34 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-09-09 07:47:34 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-09-09 07:47:34 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-09-09 07:47:34 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-09-09 07:47:34 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-09-09 07:47:34 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-09-09 07:47:34 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-09-09 07:47:34 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-09-09 07:47:34 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-09-09 07:47:34 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-09-09 07:47:34 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-09-09 07:47:34 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-09-09 07:47:32 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-09-09 07:47:32 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-09-09 07:47:32 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-09-09 07:47:32 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-09-09 07:47:32 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-09-09 07:47:32 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-09-09 07:47:32 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-09-09 07:47:31 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-09-09 07:47:31 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-09-09 07:47:31 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-09-09 07:47:31 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-09-09 07:47:31 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-09-09 07:47:30 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-09-09 07:47:30 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-09-09 07:47:29 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-09-09 07:47:29 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-09-09 07:47:29 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-09-09 07:47:29 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-09-09 07:47:29 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-09-09 07:47:29 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-09-09 07:47:29 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-09-09 07:47:29 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-09-09 07:47:29 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-09-09 07:47:29 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-09-09 07:47:29 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-09-09 07:47:27 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-09-09 07:47:27 ----A---- C:\WINDOWS\system32\irclass.dll
2009-09-09 07:47:27 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-09-09 07:47:27 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-09-09 07:47:27 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-09-09 07:47:25 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-09-09 07:47:25 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-09-09 07:47:25 ----A---- C:\WINDOWS\system32\batt.dll
2009-09-09 07:47:24 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-09-09 07:47:23 ----A---- C:\WINDOWS\system32\storprop.dll
2009-09-09 07:47:16 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-09-09 07:47:13 ----RA---- C:\WINDOWS\SET8.tmp
2009-09-09 07:47:10 ----RA---- C:\WINDOWS\SET4.tmp
2009-09-09 07:47:09 ----RA---- C:\WINDOWS\SET3.tmp
2009-09-09 07:47:03 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-09 07:47:03 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-09 07:46:58 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-09 07:46:40 ----A---- C:\WINDOWS\setuplog.txt
2009-09-09 07:46:37 ----D---- C:\Documents and Settings
2009-09-09 07:46:36 ----SHD---- C:\System Volume Information
2009-09-09 07:45:17 ----SH---- C:\boot.ini
2009-09-09 07:37:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-09 07:37:36 ----RSD---- C:\WINDOWS\Fonts
2009-09-09 07:37:36 ----RD---- C:\WINDOWS\Web
2009-09-09 07:37:36 ----HD---- C:\WINDOWS\inf
2009-09-09 07:37:36 ----D---- C:\WINDOWS\WinSxS
2009-09-09 07:37:36 ----D---- C:\WINDOWS\twain_32
2009-09-09 07:37:36 ----D---- C:\WINDOWS\Temp
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\wins
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\wbem
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\usmt
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\spool
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\ShellExt
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\Setup
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\ras
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\oobe
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\npp
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\mui
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\inetsrv
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\IME
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\icsxml
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\ias
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\export
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\drivers
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\dhcp
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\config
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\3com_dmi
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\3076
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\2052
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\1054
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\1042
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\1041
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\1037
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\1033
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\1031
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\1028
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32\1025
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system32
2009-09-09 07:37:36 ----D---- C:\WINDOWS\system
2009-09-09 07:37:36 ----D---- C:\WINDOWS\security
2009-09-09 07:37:36 ----D---- C:\WINDOWS\Resources
2009-09-09 07:37:36 ----D---- C:\WINDOWS\repair
2009-09-09 07:37:36 ----D---- C:\WINDOWS\Provisioning
2009-09-09 07:37:36 ----D---- C:\WINDOWS\PeerNet
2009-09-09 07:37:36 ----D---- C:\WINDOWS\pchealth
2009-09-09 07:37:36 ----D---- C:\WINDOWS\mui
2009-09-09 07:37:36 ----D---- C:\WINDOWS\msapps
2009-09-09 07:37:36 ----D---- C:\WINDOWS\msagent
2009-09-09 07:37:36 ----D---- C:\WINDOWS\Media
2009-09-09 07:37:36 ----D---- C:\WINDOWS\java
2009-09-09 07:37:36 ----D---- C:\WINDOWS\ime
2009-09-09 07:37:36 ----D---- C:\WINDOWS\Help
2009-09-09 07:37:36 ----D---- C:\WINDOWS\Driver Cache
2009-09-09 07:37:36 ----D---- C:\WINDOWS\Debug
2009-09-09 07:37:36 ----D---- C:\WINDOWS\Cursors
2009-09-09 07:37:36 ----D---- C:\WINDOWS\Connection Wizard
2009-09-09 07:37:36 ----D---- C:\WINDOWS\Config
2009-09-09 07:37:36 ----D---- C:\WINDOWS\AppPatch
2009-09-09 07:37:36 ----D---- C:\WINDOWS\addins
2009-09-09 07:37:36 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2009-09-10 04:52:49 ----A---- C:\WINDOWS\win.ini
2009-09-09 07:47:37 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-03-17 26844]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-29 3644928]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-13 1313792]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2009-09-21 611664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-13 376832]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-13 153376]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-10 654848]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-13 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-09-10 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
RSIT LOG
info.txt logfile of random's system information tool 1.06 2009-09-22 15:01:48

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\ZEN_MTP_MEDIA_EXPLORER\Setup.exe" /remove /l0x0009
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 8 Professional - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Auslogics Disk Defrag-->"C:\Program Files\Auslogics\Auslogics Disk Defrag\unins000.exe"
AutoCAD Land Desktop 2009-->C:\Program Files\AutoCAD Land Desktop 2009\Setup\Setup.exe /P {5783F2D7-7008-0409-0002-0060B0CE6BBA} /M ACAD
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManager\unins000.exe"
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Canon iP2600 series User Registration-->C:\Program Files\Canon\IJEREG\iP2600 series\UNINST.EXE
Canon iP2600 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B2DBF55-05D4-4072-87D8-689141E262BD}\SETUP.EXE" -l0x9 /remove
HijackThis 2.0.2-->"C:\Documents and Settings\Xenophilius\Desktop\Programs\AV Spyware & Utility\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HydroCAD-->C:\WINDOWS\UnDeploy.exe "C:\Program Files\HydroCAD\Deploy.log"
Java™ 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x9 -removeonly
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Vuze-->C:\Program Files\Vuze\uninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: avast! antivirus 4.8.1351 [VPS 090921-0]

======System event log======

Computer Name: IRISH-A36E2E16D
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 261
Source Name: Service Control Manager
Time Written: 20090909220106.000000-240
Event Type: error
User:

Computer Name: IRISH-A36E2E16D
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 258
Source Name: Service Control Manager
Time Written: 20090909220106.000000-240
Event Type: error
User:

Computer Name: IRISH-A36E2E16D
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 255
Source Name: Service Control Manager
Time Written: 20090909220106.000000-240
Event Type: error
User:

Computer Name: IRISH-A36E2E16D
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 252
Source Name: Service Control Manager
Time Written: 20090909220105.000000-240
Event Type: error
User:

Computer Name: IRISH-A36E2E16D
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 249
Source Name: Service Control Manager
Time Written: 20090909220105.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: IRISH-A36E2E16D
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 370
Source Name: ASP.NET 2.0.50727.0
Time Written: 20090913031056.000000-240
Event Type: warning
User:

Computer Name: IRISH-A36E2E16D
Event Code: 0
Message: Configuration section system.serviceModel.activation already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 342
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090913030752.000000-240
Event Type: warning
User:

Computer Name: IRISH-A36E2E16D
Event Code: 0
Message: Configuration section system.runtime.serialization already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 341
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090913030752.000000-240
Event Type: warning
User:

Computer Name: IRISH-A36E2E16D
Event Code: 0
Message: Configuration section system.serviceModel already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 340
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090913030752.000000-240
Event Type: warning
User:

Computer Name: IRISH-A36E2E16D
Event Code: 0
Message: Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly.
If you believe this message is an error, check your IIS installation to make sure it is installed properly.

Record Number: 338
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090913030752.000000-240
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:09:24 PM

Posted 23 September 2009 - 01:53 PM

  • If you have not already done so, please download Trend Micro - HijackThis.
  • Double click HJTInstall.exe to begin installation.
  • Accept the installation location, which by default is C:\Program Files\Trend Micro\HijackThis or click the Browse... button if you want to save it in another location.
  • Click Install.
  • A shortcut will be created on your Desktop and HijackThis will run automatically.
  • Click the button labeled Do a system scan only.
  • Click the Scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
  • Click in the boxes to the left of the following entries to place check marks (make sure not to miss any):

    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
  • Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.
Other than the above, your HijackThis log looks good.

A Firewall is an essential part of computer security and you do not appear to have one running on your system. If you have one, and I missed it, please ignore this. If you are relying on the firewall that comes with Vista, then you need to install a third party software firewall. Although Microsoft has improved the Windows Firewall, the Vista Firewall is not much different from Windows Firewall included with Microsoft Windows XP Service Pack 2 except the ability to block outgoing traffic which does not exist in Windows XP. Most of the new features are not available through the firewall's user interface; they are only accessible through the Group Policy Editor. Follow these steps to turn off/disable the Windows Firewall before installing a new firewall.
  • Download the new firewall to your desktop.
  • Disconnect from the Internet.
  • Click Start > Control Panel.
  • Switch to Classic View if you have not already done so.
  • Double click on the Windows Firewall icon.
  • Click Off (Not recommended).
  • Install the new Firewall.
Do not attempt to run two software firewalls since like running two antivirus programs, they will possibly cause problems and conflict with each other.
There are a few firewalls available for free that appear to be good and easy to use:For more information about firewalls, and why a two-way firewall is better than the Windows XP one-way firewall, please read Understanding and Using Firewalls.


Tips To Protect Your Computer
  • Avoid clicking on links in instant messages.
  • Avoid opening email attachments.
  • Avoid visiting every poker site on the net.
  • Avoid downloading all that free cute junk.
  • Avoid using the peer-to-peer file sharing.
  • Avoid getting those handy toolbar doodads for your browsers.
  • Malware is out there just waiting to pounce on your system if you only pass by where they are lurking which may be at some seemingly innocent web site. Be careful because some of the malware are so vicious that no one can possibly save you once you let them in.
  • Remember that new malware emerges every week of the year. Take responsibility for protecting your system because you are its first and best defense.
Please take the time to read the "Steps To Keep Your Computer Clean And Secure" below.

STEPS TO KEEP YOUR COMPUTER CLEAN AND SECURE:

Please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. After cleaning, you will need to disable the System Restore function For Windows XP.
    Files placed in the System volume information folder are source files for the System Restore function that is available in Windows XP operating system. Files that were healed were moved in their original INFECTED state into this folder and it is necessary to DELETE them by following these steps:
    • Close all open programs. Then right-click My Computer on the Windows' desktop
    • Click on Properties.
    • Click on the System Restore tab.
    • Check Turn off System Restore on all drives.
    • Restart the system.
    • Enable System Restore by going through the first four steps again and uncheck the item mentioned in Step d.
    • You can find instructions on how to disable and enable system restore in the Windows XP System Restore Guide.
  • Make your Internet Explorer more secure: This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it asks you if you want to save the settings, press the Yes button.
    • Click Apply > OK button and then the OK to exit the Internet Properties page.
  • Use a Firewall: - I cannot stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls. For more information about firewalls, and why a two-way firewall is better than the Windows XP one-way firewall, please read Understanding and Using Firewalls.
  • Use An Antivirus Software and Keep It Updated: - It is very important that your computer has an antivirus software running on your machine.  This alone can save you a lot of trouble with malware in the future.  It is imperative that you update your antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out. For an article on antivirus programs and a listing of some available ones see the link below:
    Computer Safety On line - Anti-Virus
  • Visit Microsoft's Windows Update Site Frequently: It is important that you visit Microsoft Windows Update regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • You should scan your computer with Spybot S&D on a regular basis just as you would an anti- virus software. A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware from Your Computer
  • You should scan your computer with Ad-Aware 2007/2008 as well as Spybot S&D and your anti-virus program on a regular basis. A tutorial on installing & using this product can be found here:
    Ad-Aware 2008.
  • Update SpywareBlaster (at least weekly): SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firec settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line Anti Malware
  • Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    • Click the start button on the task bar at the bottom of your screen
    • Click run
    • In the dialog box, type services.msc
    • hit enter, then locate dns client
    • Highlight it, then doubleclick it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK.
  • Use an alternative instant messenger program:.Trillian and Miranda IM These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Please read Tony Klein's excellent article: How I got Infected in the First Place
  • Please read Understanding Spyware, Browser Hijackers, and Dialers
  • Please read Simple and easy ways to keep your computer safe and secure on the Internet.
  • If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built in popup blocker (as an added benefit!) that I have ever seen.
    Another good browser is Opera . Opera 9 comes loaded with the tools to keep you productive and safe. Try it today, it's absolutely free. Some of the Opera features are: Customization, BitTorrent, Content blocker, Add your favorite search engines, Thumbnail preview of tabs, Widgets, Transfer manager, Tabbed browsing, Password manager, Sessions (You can save a collection of open tabs as a session, for later retrieval, or start with the pages you had open when Opera was last closed.), Keyboard Shortcuts, Cookie control, a multitude of languages, Validate code, Toggle graphics and style sheets, and Special features such as Full-screen mode, Kiosk mode.
  • Update all these programs regularly: Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  • If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back.
Follow these steps and your potential for being infected again will reduce dramatically.
Good luck!
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:09:24 PM

Posted 28 September 2009 - 06:06 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users