Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware stayed on computer even after a C: drive format


  • This topic is locked This topic is locked
29 replies to this topic

#1 The Punisher

The Punisher

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 03 February 2010 - 04:23 AM

Ok so a little bit history befor i post the logs.. about a week back a yahoo messengerwindow of my friend opened up and told me to check out this link its one of the funniest pics ive ever seen.. so thinking it was my friend i clicked on the link and boom i got infected.. avast and MBAM started ringing sirens like crazy.. thinking it would be easier to save my data and format c drive and format it.. so thats what i did.

but today when i started my laptop i got the same warnings and ip block warnings from avast and MBAM respectively.

every time i start up my laptop i get some warnings from avast and i move the infected files to the chest.. here is the screen shot of the infected files and the avast chest:




i also get a continuous message from MBAM that ip blocked.. ip blocked.. something in my laptop is calling these ip's that MBAM is blocking.. i dont know where to get that list from.

now for the logs smile.gif

here is the DDS log:


DDS (Ver_09-12-01.01) - FAT32x86
Run by Owner at 14:04:38.65 on Wed 02/03/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1361 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\WINDOWS\system32\FpLogonServ.exe
C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\PROGRA~1\ALWILS~2\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\RMClock\RMClock.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RMClock] "c:\program files\rmclock\RMClockLauncher.exe"
uRun: [Pidgin] c:\program files\pidgin\pidgin.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [avast!] c:\progra~1\alwils~2\avast4\ashDisp.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [<NO NAME>]
mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s
mRun: [TPWAUDAP] c:\program files\lenovo\hotkey\TpWAudAp.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [DSLSTATEXE] c:\program files\bt voyager 105 adsl modem\dslstat.exe icon
mRun: [DSLAGENTEXE] c:\program files\bt voyager 105 adsl modem\dslagent.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\lenovo\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
mPolicies-explorer: MaxRecentDocs = 18 (0x12)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Send to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: {B4CB1B56-6863-41CF-9F44-1655DA04468F} = 203.99.163.240,202.125.132.12
Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
Notify: igfxcui - igfxdev.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\pn95u3bb.default\
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\pn95u3bb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\pn95u3bb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-31 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-31 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-31 138680]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2007-1-19 61440]
R2 FNF5SVC;Fn+F5 Service;c:\program files\lenovo\hotkey\FnF5svc.exe [2008-3-14 54560]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-31 236368]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-31 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-31 352920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-31 19160]
R3 RTCore32;RTCore32;c:\program files\rmclock\RTCore32.sys [2010-1-31 4608]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-1-31 30192]

=============== Created Last 30 ================

2010-02-01 23:21:41 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-02-01 23:20:58 24576 ----a-w- c:\windows\system32\CoInst.dll
2010-02-01 23:20:58 160963 ----a-w- c:\windows\system32\drivers\gtipdsp.bin
2010-02-01 23:20:58 160951 ------w- c:\windows\system32\drivers\gtipdsp_.bin
2010-02-01 23:20:58 148338 ----a-w- c:\windows\system32\drivers\gwausb.sys
2010-02-01 23:20:57 15321 ------w- c:\windows\wwdslcfg.ini
2010-02-01 23:20:57 12288 ------w- c:\windows\system32\CplEng.dll
2010-02-01 23:20:57 0 d-----w- c:\program files\BT Voyager 105 ADSL Modem
2010-01-31 22:38:38 0 d-----w- c:\docume~1\owner\applic~1\.purple
2010-01-31 22:37:06 0 d-----w- c:\docume~1\owner\applic~1\GrabPro
2010-01-31 22:29:37 0 d-----w- C:\Downloads
2010-01-31 22:29:32 0 d-----w- c:\program files\Orbitdownloader
2010-01-31 22:15:02 0 d-----w- c:\program files\uTorrent
2010-01-31 22:14:35 0 d-----w- c:\docume~1\owner\applic~1\uTorrent
2010-01-31 21:05:23 0 d--h--w- c:\docume~1\alluse~1\applic~1\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
2010-01-31 21:05:16 0 d-----w- c:\program files\Stardock
2010-01-31 20:59:11 940794 ----a-w- c:\windows\system32\LoopyMusic.wav
2010-01-31 20:59:11 146650 ----a-w- c:\windows\system32\BuzzingBee.wav
2010-01-31 20:47:10 0 d-----w- c:\program files\Synaptics
2010-01-31 20:46:43 176 ----a-w- c:\windows\system32\drivers\RTHDAEQ0.dat
2010-01-31 20:46:19 0 d-----w- c:\program files\Realtek
2010-01-31 20:43:43 68608 ------w- c:\windows\system32\agrsmdel.exe
2010-01-31 20:43:39 0 d-----w- c:\windows\Options
2010-01-31 20:42:48 319488 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-01-31 20:42:48 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-01-31 20:40:19 0 d-----w- c:\program files\Lenovo Fingerprint Software
2010-01-31 19:58:48 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-01-31 19:58:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-31 19:58:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-31 19:58:41 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-31 19:58:41 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-31 19:52:03 0 d-----w- c:\program files\ALWIL Software Security
2010-01-31 18:12:45 0 d-----w- c:\program files\MediaLooks
2010-01-31 18:12:39 0 d-----w- c:\program files\QuickTime Alternative
2010-01-31 18:12:21 0 d-----w- c:\program files\K-Lite Codec Pack
2010-01-31 18:12:15 0 d-----w- c:\program files\Foxit Software
2010-01-31 18:12:15 0 d-----w- c:\docume~1\owner\applic~1\Foxit
2010-01-31 18:12:12 0 d-----w- c:\program files\Unlocker
2010-01-31 18:11:49 0 d-----w- c:\program files\UPHClean
2010-01-31 18:11:38 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-31 18:02:39 0 d-sh--w- c:\documents and settings\all users\DRM
2010-01-31 18:02:24 0 d--h--w- c:\program files\WindowsUpdate
2010-01-31 18:02:12 0 d-----w- c:\program files\Windows Media Connect 2
2010-01-31 18:01:49 0 d-----w- c:\program files\common files\MSSoap
2010-01-31 17:59:31 0 d-----w- c:\program files\MSXML 4.0
2010-01-31 17:57:50 0 d-----w- c:\program files\Windows NT
2010-01-31 17:42:10 0 d-----w- c:\program files\common files\ODBC
2010-01-31 17:42:07 0 d-----w- c:\program files\common files\SpeechEngines
2010-01-31 17:39:28 0 d-----r- c:\documents and settings\all users\Documents
2010-01-31 09:17:35 0 d-----w- c:\program files\Lenovo
2010-01-31 09:09:13 0 d-----w- c:\program files\Paint.NET
2010-01-31 09:08:35 0 d-----w- c:\program files\Pidgin
2010-01-31 09:08:26 0 d-----w- c:\program files\common files\GTK
2010-01-31 09:06:26 0 d-----w- c:\program files\RMClock

==================== Find3M ====================

2010-01-31 20:46:18 315392 ----a-w- c:\windows\HideWin.exe
2010-01-31 18:11:24 410984 ----a-w- c:\windows\system32\deploytk.dll
2010-01-31 18:00:56 21640 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 14:04:54.37 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 The Punisher

The Punisher
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 03 February 2010 - 05:06 AM

so after reading some of the other posts here i see that people having MBAM are required to post an MBAM log as well.. so here is the report of my quick scan MBAM log:

Malwarebytes' Anti-Malware 1.44
Database version: 3682
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/3/2010 2:41:39 PM
mbam-log-2010-02-03 (14-41-39).txt

Scan type: Quick Scan
Objects scanned: 106912
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, up to more than a week, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Elise - forum moderator

Edited by elise025, 03 February 2010 - 12:36 PM.


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:48 PM

Posted 10 February 2010 - 10:34 AM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • log.txt
  • info.txt
  • Gmer log

Thanks

unite.jpg


#4 The Punisher

The Punisher
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 13 February 2010 - 10:52 AM

hey syler, sorry for the late reply.. the email notifications dont work.. i never got email of your reply.

so here are the required logs:

info.txt

info.txt logfile of random's system information tool 1.06 2010-02-13 20:13:41

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Alt-Tab Task Switcher Powertoy for Windows XP-->MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
ALWIL Software Security 4.8.1296.0-->C:\Program Files\ALWIL Software Security\ALWIL Software Security\Uninstall.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BT Voyager 105 ADSL Modem-->C:\Program Files\BT Voyager 105 ADSL Modem\uninstall.exe
FileZilla Client 3.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
GTK+ Runtime 2.14.7 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
HashCheck Shell Extension (x86-32)-->regsvr32.exe /u /i /n "C:\WINDOWS\system32\ShellExt\HashCheck.dll"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IconPackager-->"C:\Documents and Settings\All Users\Application Data\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}\IconPackager.exe" REMOVE=TRUE MODIFY=FALSE
IconPackager-->C:\Documents and Settings\All Users\Application Data\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}\IconPackager.exe
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
K-Lite Mega Codec Pack 5.0.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lenovo Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Lenovo Fingerprint Software-->MsiExec.exe /X{EC422FB2-9F4D-4FB1-A5CE-5F741132EBC5}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\OPMWXPUP.inf,DefaultUninstall
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (3.0.1)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
On Screen Display-->rundll32.exe "C:\Program Files\Lenovo\HOTKEY\cleanup.dll",InfUninstall DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_3k.inf
Open Command Prompt Shell Extension (x86-32)-->regsvr32.exe /u /i /n "C:\WINDOWS\system32\ShellExt\CmdOpen.dll"
Opera 10.10-->MsiExec.exe /X{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
QuickTime Alternative 2.9.0-->"C:\Program Files\QuickTime Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.32-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Swiff Player 1.5-->"C:\Program Files\GlobFX\Swiff Player\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Unlocker 1.8.8-->C:\Program Files\Unlocker\uninst.exe
User Profile Hive Cleanup Service-->MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

Securitycenter WMI appears to be broken

======System event log======

Computer Name: ANONYMOUS
Event Code: 4
Message: Broadcom NetLink ™ Fast Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 111
Source Name: b57w2k
Time Written: 20100131135425.000000-360
Event Type: warning
User:

Computer Name: ANONYMOUS
Event Code: 4
Message: Broadcom NetLink ™ Fast Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 88
Source Name: b57w2k
Time Written: 20100131121440.000000-360
Event Type: warning
User:

Computer Name: ANONYMOUS
Event Code: 20
Message: Printer Driver Microsoft XPS Document Writer for Windows NT x86 Version-3 was added or updated. Files:- mxdwdrv.dll, unidrvui.dll, mxdwdui.gpd, unidrv.hlp, mxdwdui.dll, mxdwdui.ini, stddtype.gdl, stdnames.gpd, stdschem.gdl, stdschmx.gdl, unidrv.dll, unires.dll, XpsSvcs.dll.

Record Number: 45
Source Name: Print
Time Written: 20100131120833.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ANONYMOUS
Event Code: 4
Message: Broadcom NetLink ™ Fast Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 16
Source Name: b57w2k
Time Written: 20100131120508.000000-360
Event Type: warning
User:

Computer Name: MACHINENAME
Event Code: 4
Message: Broadcom NetLink ™ Fast Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 5
Source Name: b57w2k
Time Written: 20100131055329.000000-360
Event Type: warning
User:

=====Application event log=====

Computer Name: ANONYMOUS
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 15
Source Name: WinMgmt
Time Written: 20100131120021.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ANONYMOUS
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 14
Source Name: WinMgmt
Time Written: 20100131120021.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ANONYMOUS
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 13
Source Name: WinMgmt
Time Written: 20100131120021.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ANONYMOUS
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 12
Source Name: WinMgmt
Time Written: 20100131120021.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ANONYMOUS
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 11
Source Name: WinMgmt
Time Written: 20100131120019.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=0f0a
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEVMGR_SHOW_NONPRESENT_DEVICES"=1

-----------------EOF-----------------



log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-02-13 20:13:31
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (43%) free of 20 GB
Total RAM: 2038 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:39 PM, on 2/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\FpLogonServ.exe
C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\PROGRA~1\ALWILS~2\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\RMClock\RMClock.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~2\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RMClock] "C:\Program Files\RMClock\RMClockLauncher.exe"
O4 - HKCU\..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4CB1B56-6863-41CF-9F44-1655DA04468F}: NameServer = 203.99.163.240,202.125.132.12
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 9081 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{320E3278-46DF-44EF-A931-74442C9DE8E1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2010-01-12 240912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"CoolSwitch"=C:\WINDOWS\system32\taskswitch.exe [2002-03-19 45632]
"avast!"=C:\PROGRA~1\ALWILS~2\Avast4\ashDisp.exe [2009-11-24 81000]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-01-31 30192]
""= []
"FingerPrintSoftware"=C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [2007-03-02 933888]
"TPWAUDAP"=C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [2008-03-11 54560]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2006-01-25 53248]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-19 774233]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-01-21 134656]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-01-21 166912]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-01-21 134656]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]
"DSLSTATEXE"=C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe [2003-06-28 1658965]
"DSLAGENTEXE"=C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe [2003-08-19 16384]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"RMClock"=C:\Program Files\RMClock\RMClockLauncher.exe [2008-02-29 61440]
"Pidgin"=C:\Program Files\Pidgin\pidgin.exe [2010-01-08 45603]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office10\OSA.EXE
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ATFUS]
C:\WINDOWS\system32\FpWinLogonNp.dll [2007-02-27 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-01-21 205824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2008-08-08 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-24 3584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-07-19 133632]
IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll [2009-11-18 70960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"MaxRecentDocs"=
"NoSMConfigurePrograms"=
"NoDriveTypeAutoRun"=
"NoRecentDocsNetHood"=
"MemCheckBoxInRunDlg"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files\Mozilla Firefox\FIREFOX.EXE"="C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-02-13 20:13:31 ----D---- C:\rsit
2010-02-13 15:50:33 ----D---- C:\Program Files\GlobFX
2010-02-13 00:36:55 ----D---- C:\Program Files\trend micro
2010-02-08 22:28:59 ----D---- C:\Documents and Settings\All Users\Application Data\BlurayD
2010-02-08 22:28:58 ----D---- C:\Documents and Settings\Owner\Application Data\AVCWare Studio
2010-02-08 20:22:54 ----D---- C:\Documents and Settings\Owner\Application Data\GetRightToGo
2010-02-08 19:15:41 ----D---- C:\Documents and Settings\Owner\Application Data\FileZilla
2010-02-06 20:11:33 ----D---- C:\Program Files\Common Files\Skype
2010-02-06 20:11:32 ----RD---- C:\Program Files\Skype
2010-02-06 19:57:51 ----D---- C:\Documents and Settings\Owner\Application Data\Skype
2010-02-06 19:57:35 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-02-05 23:31:13 ----A---- C:\WINDOWS\system32\javaws.exe
2010-02-05 23:31:13 ----A---- C:\WINDOWS\system32\javaw.exe
2010-02-05 23:31:13 ----A---- C:\WINDOWS\system32\java.exe
2010-02-05 18:16:18 ----D---- C:\Documents and Settings\Owner\Application Data\Opera
2010-02-04 11:46:22 ----A---- C:\WINDOWS\ODBC.INI
2010-02-04 11:45:54 ----D---- C:\Program Files\Microsoft ActiveSync
2010-02-04 11:45:42 ----D---- C:\Program Files\Common Files\Designer
2010-02-04 11:45:02 ----D---- C:\WINDOWS\ShellNew
2010-02-03 20:10:48 ----D---- C:\Documents and Settings\Owner\Application Data\ImgBurn
2010-02-03 15:49:54 ----D---- C:\Documents and Settings\Owner\Application Data\Thunderbird
2010-02-03 15:48:59 ----D---- C:\Program Files\Mozilla Thunderbird
2010-02-03 01:24:55 ----D---- C:\WINDOWS\Sun
2010-02-01 17:20:58 ----A---- C:\WINDOWS\system32\CoInst.dll
2010-02-01 17:20:57 ----N---- C:\WINDOWS\wwdslcfg.ini
2010-02-01 17:20:57 ----N---- C:\WINDOWS\system32\CplEng.dll
2010-02-01 17:20:57 ----D---- C:\Program Files\BT Voyager 105 ADSL Modem
2010-02-01 17:17:22 ----A---- C:\WINDOWS\ntbtlog.txt
2010-02-01 00:26:29 ----D---- C:\Documents and Settings\Owner\Application Data\Media Player Classic
2010-02-01 00:25:47 ----D---- C:\Documents and Settings\Owner\Application Data\WinRAR
2010-01-31 19:55:20 ----D---- C:\Documents and Settings\Owner\Application Data\Macromedia
2010-01-31 19:45:57 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-01-31 16:39:31 ----D---- C:\Documents and Settings\Owner\Application Data\gtk-2.0
2010-01-31 16:38:38 ----D---- C:\Documents and Settings\Owner\Application Data\.purple
2010-01-31 16:37:06 ----D---- C:\Documents and Settings\Owner\Application Data\GrabPro
2010-01-31 16:37:01 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-01-31 16:29:37 ----D---- C:\Downloads
2010-01-31 16:29:32 ----D---- C:\Program Files\Orbitdownloader
2010-01-31 16:29:31 ----D---- C:\Documents and Settings\Owner\Application Data\Orbit
2010-01-31 16:23:47 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2010-01-31 16:15:02 ----D---- C:\Program Files\uTorrent
2010-01-31 16:14:35 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2010-01-31 15:05:23 ----HD---- C:\Documents and Settings\All Users\Application Data\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
2010-01-31 15:05:16 ----D---- C:\Program Files\Stardock
2010-01-31 14:47:33 ----A---- C:\WINDOWS\system32\igxprd32.dll
2010-01-31 14:47:33 ----A---- C:\WINDOWS\system32\igfxtray.exe
2010-01-31 14:47:33 ----A---- C:\WINDOWS\system32\igfxpers.exe
2010-01-31 14:47:33 ----A---- C:\WINDOWS\system32\igfxexps.dll
2010-01-31 14:47:32 ----A---- C:\WINDOWS\system32\igxpgd32.dll
2010-01-31 14:47:32 ----A---- C:\WINDOWS\system32\igxpdx32.dll
2010-01-31 14:47:32 ----A---- C:\WINDOWS\system32\igxpdv32.dll
2010-01-31 14:47:32 ----A---- C:\WINDOWS\system32\igfxsrvc.exe
2010-01-31 14:47:32 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2010-01-31 14:47:32 ----A---- C:\WINDOWS\system32\igfxress.dll
2010-01-31 14:47:32 ----A---- C:\WINDOWS\system32\igfxpph.dll
2010-01-31 14:47:32 ----A---- C:\WINDOWS\system32\igfxext.exe
2010-01-31 14:47:32 ----A---- C:\WINDOWS\system32\igfxdo.dll
2010-01-31 14:47:32 ----A---- C:\WINDOWS\system32\igfxdev.dll
2010-01-31 14:47:32 ----A---- C:\WINDOWS\system32\igfxCoIn_v5029.dll
2010-01-31 14:47:32 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2010-01-31 14:47:32 ----A---- C:\WINDOWS\system32\ig4icd32.dll
2010-01-31 14:47:32 ----A---- C:\WINDOWS\system32\ig4dev32.dll
2010-01-31 14:47:32 ----A---- C:\WINDOWS\system32\hkcmd.exe
2010-01-31 14:47:32 ----A---- C:\WINDOWS\system32\hccutils.dll
2010-01-31 14:47:31 ----D---- C:\WINDOWS\system32\Lang
2010-01-31 14:47:31 ----A---- C:\WINDOWS\system32\igxpun.exe
2010-01-31 14:47:31 ----A---- C:\WINDOWS\system32\difxapi.dll
2010-01-31 14:47:10 ----D---- C:\Program Files\Synaptics
2010-01-31 14:47:10 ----A---- C:\WINDOWS\system32\SynTPFcs.dll
2010-01-31 14:47:10 ----A---- C:\WINDOWS\system32\SynTPCo2.dll
2010-01-31 14:47:10 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2010-01-31 14:47:10 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2010-01-31 14:47:10 ----A---- C:\WINDOWS\system32\SynCOM.dll
2010-01-31 14:46:42 ----A---- C:\WINDOWS\system32\ChCfg.exe
2010-01-31 14:46:26 ----D---- C:\WINDOWS\system32\RTCOM
2010-01-31 14:46:21 ----A---- C:\WINDOWS\SoundMan.exe
2010-01-31 14:46:21 ----A---- C:\WINDOWS\SkyTel.exe
2010-01-31 14:46:21 ----A---- C:\WINDOWS\RtlUpd.exe
2010-01-31 14:46:20 ----A---- C:\WINDOWS\RTLCPL.exe
2010-01-31 14:46:20 ----A---- C:\WINDOWS\RTHDCPL.exe
2010-01-31 14:46:20 ----A---- C:\WINDOWS\MicCal.exe
2010-01-31 14:46:19 ----D---- C:\Program Files\Realtek
2010-01-31 14:46:19 ----A---- C:\WINDOWS\alcwzrd.exe
2010-01-31 14:46:19 ----A---- C:\WINDOWS\Alcmtr.exe
2010-01-31 14:46:17 ----A---- C:\WINDOWS\RtlExUpd.dll
2010-01-31 14:46:17 ----A---- C:\WINDOWS\HideWin.exe
2010-01-31 14:43:43 ----N---- C:\WINDOWS\system32\agrsmdel.exe
2010-01-31 14:43:39 ----D---- C:\WINDOWS\Options
2010-01-31 14:42:53 ----A---- C:\WINDOWS\system32\results.txt
2010-01-31 14:42:48 ----A---- C:\WINDOWS\system32\AegisI5Installer.exe
2010-01-31 14:42:27 ----D---- C:\Documents and Settings\All Users\Application Data\Intel
2010-01-31 14:40:19 ----D---- C:\Program Files\Lenovo Fingerprint Software
2010-01-31 13:58:48 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2010-01-31 13:58:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-31 13:58:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-31 13:52:22 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-31 13:52:20 ----D---- C:\Program Files\Alwil Software
2010-01-31 13:52:03 ----D---- C:\Program Files\ALWIL Software Security
2010-01-31 12:12:45 ----D---- C:\Program Files\MediaLooks
2010-01-31 12:12:43 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-01-31 12:12:39 ----D---- C:\Program Files\QuickTime Alternative
2010-01-31 12:12:26 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-01-31 12:12:26 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-01-31 12:12:25 ----A---- C:\WINDOWS\system32\unrar.dll
2010-01-31 12:12:25 ----A---- C:\WINDOWS\avisplitter.ini
2010-01-31 12:12:24 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-01-31 12:12:24 ----A---- C:\WINDOWS\system32\huffyuv.dll
2010-01-31 12:12:23 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-01-31 12:12:23 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-01-31 12:12:23 ----A---- C:\WINDOWS\system32\x264vfw.dll
2010-01-31 12:12:23 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2010-01-31 12:12:23 ----A---- C:\WINDOWS\system32\vp6vfw.dll
2010-01-31 12:12:23 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2010-01-31 12:12:23 ----A---- C:\WINDOWS\system32\dpl100.dll
2010-01-31 12:12:22 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2010-01-31 12:12:22 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-01-31 12:12:22 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-01-31 12:12:22 ----A---- C:\WINDOWS\system32\divx.dll
2010-01-31 12:12:21 ----D---- C:\Program Files\K-Lite Codec Pack
2010-01-31 12:12:18 ----D---- C:\Program Files\7-Zip
2010-01-31 12:12:15 ----D---- C:\Program Files\Foxit Software
2010-01-31 12:12:15 ----D---- C:\Documents and Settings\Owner\Application Data\Foxit
2010-01-31 12:12:12 ----D---- C:\Program Files\Unlocker
2010-01-31 12:11:57 ----D---- C:\WINDOWS\Downloaded Installations
2010-01-31 12:11:49 ----D---- C:\Program Files\UPHClean
2010-01-31 12:11:38 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-01-31 12:11:29 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-31 12:11:20 ----D---- C:\Program Files\Java
2010-01-31 12:11:08 ----D---- C:\Documents and Settings\Owner\Application Data\Sun
2010-01-31 12:08:49 ----D---- C:\WINDOWS\system32\XPSViewer
2010-01-31 12:08:49 ----D---- C:\Program Files\MSBuild
2010-01-31 12:08:44 ----D---- C:\Program Files\Reference Assemblies
2010-01-31 12:08:28 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-01-31 12:07:10 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-01-31 12:07:03 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-01-31 12:05:35 ----HD---- C:\Program Files\Uninstall Information
2010-01-31 12:05:04 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2010-01-31 12:05:04 ----ASH---- C:\Documents and Settings\Owner\Application Data\desktop.ini
2010-01-31 12:05:01 ----SHD---- C:\System Volume Information
2010-01-31 12:04:58 ----D---- C:\WINDOWS\Prefetch
2010-01-31 12:04:57 ----SD---- C:\WINDOWS\system32\Microsoft
2010-01-31 12:04:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-31 12:03:23 ----A---- C:\WINDOWS\control.ini
2010-01-31 12:03:23 ----A---- C:\AUTOEXEC.BAT
2010-01-31 12:03:12 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-01-31 12:03:11 ----D---- C:\WINDOWS\system32\dllcache
2010-01-31 12:02:31 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-01-31 12:02:29 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-01-31 12:02:24 ----HD---- C:\Program Files\WindowsUpdate
2010-01-31 12:02:12 ----D---- C:\Program Files\Windows Media Connect 2
2010-01-31 12:01:55 ----A---- C:\WINDOWS\system32\atrace.dll
2010-01-31 12:01:54 ----A---- C:\WINDOWS\system32\desktop.ini
2010-01-31 12:01:54 ----A---- C:\WINDOWS\desktop.ini
2010-01-31 12:01:50 ----SD---- C:\WINDOWS\Tasks
2010-01-31 12:01:50 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-01-31 12:01:49 ----D---- C:\Program Files\Common Files\MSSoap
2010-01-31 12:01:40 ----D---- C:\WINDOWS\srchasst
2010-01-31 12:01:38 ----D---- C:\WINDOWS\system32\Macromed
2010-01-31 12:01:35 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-01-31 12:01:35 ----A---- C:\WINDOWS\system32\wups.dll
2010-01-31 12:01:35 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-01-31 12:01:35 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-01-31 12:01:35 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-01-31 12:01:35 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-01-31 12:01:34 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-01-31 12:01:34 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-01-31 12:01:34 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-01-31 12:01:34 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-01-31 12:01:34 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-01-31 12:01:34 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2010-01-31 12:01:34 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-01-31 12:01:34 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-01-31 12:01:33 ----D---- C:\WINDOWS\system32\bits
2010-01-31 12:01:33 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-01-31 12:01:33 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-01-31 12:01:33 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-01-31 12:01:33 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-01-31 12:01:28 ----D---- C:\WINDOWS\system32\Restore
2010-01-31 12:01:28 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-01-31 12:01:28 ----A---- C:\WINDOWS\system32\fltMc.exe
2010-01-31 12:01:28 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-01-31 12:01:27 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-01-31 12:01:27 ----A---- C:\WINDOWS\system32\srclient.dll
2010-01-31 12:01:27 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-01-31 12:01:27 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-01-31 12:01:26 ----A---- C:\WINDOWS\system32\mstask.dll
2010-01-31 12:01:26 ----A---- C:\WINDOWS\system32\isign32.dll
2010-01-31 12:01:26 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-01-31 12:01:26 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-01-31 12:01:26 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-01-31 12:01:20 ----D---- C:\Program Files\Common Files\System
2010-01-31 12:01:01 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2010-01-31 12:00:37 ----D---- C:\Program Files\ComPlus Applications
2010-01-31 12:00:35 ----A---- C:\WINDOWS\vbaddin.ini
2010-01-31 12:00:35 ----A---- C:\WINDOWS\vb.ini
2010-01-31 12:00:31 ----D---- C:\WINDOWS\Registration
2010-01-31 11:59:51 ----RSD---- C:\WINDOWS\assembly
2010-01-31 11:59:50 ----D---- C:\Program Files\Windows Media Player
2010-01-31 11:59:44 ----A---- C:\WINDOWS\system32\xpssvcs.dll
2010-01-31 11:59:39 ----A---- C:\WINDOWS\system32\winUsbCoinstaller.dll
2010-01-31 11:59:38 ----A---- C:\WINDOWS\system32\WdfCoInstaller01007.dll
2010-01-31 11:59:37 ----A---- C:\WINDOWS\system32\WUDFUpdate_01007.dll
2010-01-31 11:59:36 ----A---- C:\WINDOWS\system32\imapi2fs.dll
2010-01-31 11:59:36 ----A---- C:\WINDOWS\system32\imapi2.dll
2010-01-31 11:59:35 ----D---- C:\WINDOWS\system32\DRM
2010-01-31 11:59:35 ----A---- C:\WINDOWS\system32\SecProc_ssp_isv.dll
2010-01-31 11:59:35 ----A---- C:\WINDOWS\system32\SecProc_ssp.dll
2010-01-31 11:59:35 ----A---- C:\WINDOWS\system32\RmActivate_ssp_isv.exe
2010-01-31 11:59:35 ----A---- C:\WINDOWS\system32\RmActivate_ssp.exe
2010-01-31 11:59:34 ----A---- C:\WINDOWS\system32\SecProc_isv.dll
2010-01-31 11:59:34 ----A---- C:\WINDOWS\system32\RmActivate_isv.exe
2010-01-31 11:59:34 ----A---- C:\WINDOWS\system32\RmActivate.exe
2010-01-31 11:59:33 ----A---- C:\WINDOWS\system32\SecProc.dll
2010-01-31 11:59:33 ----A---- C:\WINDOWS\system32\msdrm.dll
2010-01-31 11:59:32 ----A---- C:\WINDOWS\system32\msxml4r.dll
2010-01-31 11:59:32 ----A---- C:\WINDOWS\system32\msxml4.dll
2010-01-31 11:59:31 ----D---- C:\Program Files\MSXML 4.0
2010-01-31 11:59:21 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2010-01-31 11:59:21 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2010-01-31 11:59:21 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2010-01-31 11:59:21 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2010-01-31 11:59:21 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2010-01-31 11:59:20 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2010-01-31 11:59:20 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2010-01-31 11:59:20 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2010-01-31 11:59:20 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2010-01-31 11:59:20 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2010-01-31 11:59:20 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2010-01-31 11:59:19 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2010-01-31 11:59:19 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2010-01-31 11:59:19 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2010-01-31 11:59:19 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2010-01-31 11:59:19 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2010-01-31 11:59:19 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2010-01-31 11:59:18 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2010-01-31 11:59:18 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2010-01-31 11:59:18 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2010-01-31 11:59:18 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2010-01-31 11:59:18 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2010-01-31 11:59:18 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2010-01-31 11:59:17 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2010-01-31 11:59:17 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2010-01-31 11:59:17 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2010-01-31 11:59:17 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2010-01-31 11:59:17 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2010-01-31 11:59:17 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2010-01-31 11:59:16 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2010-01-31 11:59:16 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2010-01-31 11:59:16 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2010-01-31 11:59:16 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2010-01-31 11:59:16 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2010-01-31 11:59:16 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2010-01-31 11:59:16 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2010-01-31 11:59:15 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2010-01-31 11:59:14 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2010-01-31 11:59:13 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2010-01-31 11:59:12 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2010-01-31 11:59:11 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2010-01-31 11:59:10 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2010-01-31 11:59:08 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2010-01-31 11:59:08 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2010-01-31 11:59:07 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2010-01-31 11:59:06 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2010-01-31 11:59:05 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2010-01-31 11:59:04 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2010-01-31 11:59:04 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2010-01-31 11:59:03 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2010-01-31 11:59:02 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2010-01-31 11:59:01 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2010-01-31 11:59:01 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2010-01-31 11:59:00 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2010-01-31 11:59:00 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2010-01-31 11:59:00 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2010-01-31 11:59:00 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2010-01-31 11:58:59 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2010-01-31 11:58:59 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2010-01-31 11:58:59 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2010-01-31 11:58:59 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2010-01-31 11:58:58 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2010-01-31 11:58:58 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2010-01-31 11:58:57 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2010-01-31 11:58:57 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2010-01-31 11:58:56 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2010-01-31 11:58:56 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2010-01-31 11:58:55 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2010-01-31 11:58:55 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2010-01-31 11:58:54 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2010-01-31 11:58:54 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2010-01-31 11:58:53 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2010-01-31 11:58:43 ----D---- C:\WINDOWS\SoftwareDistribution
2010-01-31 11:58:43 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-31 11:58:42 ----A---- C:\WINDOWS\system32\muweb.dll
2010-01-31 11:58:42 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-01-31 11:58:42 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-01-31 11:58:42 ----A---- C:\WINDOWS\system32\MicrosoftUpdateCatalogWebControl.dll
2010-01-31 11:58:41 ----A---- C:\WINDOWS\system32\WgaTray.exe.bak
2010-01-31 11:58:41 ----A---- C:\WINDOWS\system32\WgaTray.exe
2010-01-31 11:58:41 ----A---- C:\WINDOWS\system32\WgaLogon.dll.bak
2010-01-31 11:58:41 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2010-01-31 11:58:41 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-01-31 11:58:40 ----D---- C:\WINDOWS\system32\PreInstall
2010-01-31 11:58:29 ----A---- C:\WINDOWS\system32\netfxperf.dll
2010-01-31 11:58:25 ----D---- C:\Program Files\Internet Explorer
2010-01-31 11:58:12 ----D---- C:\WINDOWS\Microsoft.NET
2010-01-31 11:58:12 ----A---- C:\WINDOWS\system32\write.exe
2010-01-31 11:58:07 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-01-31 11:58:00 ----A---- C:\WINDOWS\system32\getuname.dll
2010-01-31 11:57:59 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-01-31 11:57:59 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-01-31 11:57:59 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-01-31 11:57:59 ----A---- C:\WINDOWS\system32\tskill.exe
2010-01-31 11:57:59 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-01-31 11:57:59 ----A---- C:\WINDOWS\system32\reset.exe
2010-01-31 11:57:59 ----A---- C:\WINDOWS\system32\charmap.exe
2010-01-31 11:57:59 ----A---- C:\WINDOWS\system32\calc.exe
2010-01-31 11:57:58 ----A---- C:\WINDOWS\system32\tscon.exe
2010-01-31 11:57:58 ----A---- C:\WINDOWS\system32\shadow.exe
2010-01-31 11:57:58 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-01-31 11:57:58 ----A---- C:\WINDOWS\system32\regini.exe
2010-01-31 11:57:58 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-01-31 11:57:58 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-01-31 11:57:58 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-01-31 11:57:58 ----A---- C:\WINDOWS\system32\msg.exe
2010-01-31 11:57:58 ----A---- C:\WINDOWS\system32\logoff.exe
2010-01-31 11:57:58 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-01-31 11:57:57 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-01-31 11:57:52 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-01-31 11:57:50 ----D---- C:\Program Files\Windows NT
2010-01-31 11:57:50 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-01-31 11:57:49 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-01-31 11:57:49 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-01-31 11:57:48 ----A---- C:\WINDOWS\system32\tsgqec.dll
2010-01-31 11:57:48 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-01-31 11:57:48 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2010-01-31 11:57:47 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-01-31 11:57:47 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-01-31 11:57:47 ----A---- C:\WINDOWS\system32\aaclient.dll
2010-01-31 11:57:46 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-01-31 11:57:46 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-01-31 11:57:46 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-01-31 11:57:46 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-01-31 11:57:46 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-01-31 11:57:46 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-01-31 11:57:46 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-01-31 11:57:46 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-01-31 11:57:46 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-01-31 11:57:46 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-01-31 11:57:45 ----D---- C:\WINDOWS\system32\MsDtc
2010-01-31 11:57:45 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-01-31 11:57:45 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-01-31 11:57:45 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-01-31 11:57:45 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-01-31 11:57:45 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-01-31 11:57:44 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-01-31 11:57:44 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-01-31 11:57:44 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-01-31 11:57:44 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-01-31 11:57:43 ----D---- C:\WINDOWS\system32\Com
2010-01-31 11:57:43 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-01-31 11:57:43 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-01-31 11:57:43 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-01-31 11:57:43 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-01-31 11:57:43 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-01-31 11:57:43 ----A---- C:\WINDOWS\system32\colbact.dll
2010-01-31 11:57:42 ----A---- C:\WINDOWS\system32\stclient.dll
2010-01-31 11:57:42 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-01-31 11:57:42 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-01-31 11:57:42 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-01-31 11:57:42 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-01-31 11:57:42 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-01-31 11:57:41 ----A---- C:\WINDOWS\system32\comuid.dll
2010-01-31 11:57:41 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-01-31 11:57:41 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-01-31 11:57:41 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-01-31 11:57:34 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-01-31 11:57:34 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-01-31 11:57:34 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-01-31 11:57:31 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-01-31 11:54:56 ----A---- C:\WINDOWS\system32\h323log.txt
2010-01-31 11:54:06 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2010-01-31 11:54:06 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-01-31 11:52:45 ----A---- C:\WINDOWS\system32\usbui.dll
2010-01-31 11:42:11 ----SHD---- C:\WINDOWS\Installer
2010-01-31 11:42:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-31 11:42:10 ----D---- C:\Program Files\Common Files\ODBC
2010-01-31 11:42:10 ----A---- C:\WINDOWS\ODBCINST.INI
2010-01-31 11:42:07 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-01-31 11:42:06 ----RD---- C:\Program Files
2010-01-31 11:42:06 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-31 11:42:06 ----D---- C:\Program Files\Common Files
2010-01-31 11:41:58 ----A---- C:\WINDOWS\system32\uniime.dll
2010-01-31 11:41:44 ----A---- C:\WINDOWS\system32\c_g18030.dll
2010-01-31 11:41:43 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2010-01-31 11:41:43 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2010-01-31 11:41:42 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2010-01-31 11:41:42 ----A---- C:\WINDOWS\system32\kbdax2.dll
2010-01-31 11:41:42 ----A---- C:\WINDOWS\system32\kbd106n.dll
2010-01-31 11:41:42 ----A---- C:\WINDOWS\system32\kbd101.dll
2010-01-31 11:41:42 ----A---- C:\WINDOWS\system32\imjp81k.dll
2010-01-31 11:41:42 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2010-01-31 11:41:34 ----RA---- C:\WINDOWS\system32\kbdarmw.dll
2010-01-31 11:41:34 ----RA---- C:\WINDOWS\system32\kbdarme.dll
2010-01-31 11:41:34 ----A---- C:\WINDOWS\system32\Thawbrkr.dll
2010-01-31 11:41:33 ----RA---- C:\WINDOWS\system32\kbdgeo.dll
2010-01-31 11:41:32 ----RA---- C:\WINDOWS\system32\kbdintel.dll
2010-01-31 11:41:32 ----RA---- C:\WINDOWS\system32\kbdinpun.dll
2010-01-31 11:41:32 ----RA---- C:\WINDOWS\system32\kbdinmar.dll
2010-01-31 11:41:32 ----RA---- C:\WINDOWS\system32\kbdinkan.dll
2010-01-31 11:41:32 ----RA---- C:\WINDOWS\system32\kbdinhin.dll
2010-01-31 11:41:32 ----RA---- C:\WINDOWS\system32\kbdinguj.dll
2010-01-31 11:41:31 ----RA---- C:\WINDOWS\system32\kbdintam.dll
2010-01-31 11:41:31 ----RA---- C:\WINDOWS\system32\kbdindev.dll
2010-01-31 11:41:31 ----A---- C:\WINDOWS\system32\c_iscii.dll
2010-01-31 11:41:30 ----RA---- C:\WINDOWS\system32\kbdvntc.dll
2010-01-31 11:41:27 ----RA---- C:\WINDOWS\system32\kbdurdu.dll
2010-01-31 11:41:27 ----RA---- C:\WINDOWS\system32\kbdsyr2.dll
2010-01-31 11:41:27 ----RA---- C:\WINDOWS\system32\kbdsyr1.dll
2010-01-31 11:41:27 ----RA---- C:\WINDOWS\system32\kbdfa.dll
2010-01-31 11:41:27 ----RA---- C:\WINDOWS\system32\kbddiv2.dll
2010-01-31 11:41:27 ----RA---- C:\WINDOWS\system32\kbddiv1.dll
2010-01-31 11:41:27 ----A---- C:\WINDOWS\system32\kbdusa.dll
2010-01-31 11:41:26 ----RA---- C:\WINDOWS\system32\kbda3.dll
2010-01-31 11:41:26 ----RA---- C:\WINDOWS\system32\kbda2.dll
2010-01-31 11:41:26 ----RA---- C:\WINDOWS\system32\kbda1.dll
2010-01-31 11:41:21 ----RA---- C:\WINDOWS\system32\kbdheb.dll
2010-01-31 11:41:14 ----RA---- C:\WINDOWS\system32\kbdth3.dll
2010-01-31 11:41:14 ----RA---- C:\WINDOWS\system32\kbdth2.dll
2010-01-31 11:41:14 ----RA---- C:\WINDOWS\system32\kbdth1.dll
2010-01-31 11:41:14 ----RA---- C:\WINDOWS\system32\kbdth0.dll
2010-01-31 11:41:13 ----A---- C:\WINDOWS\system32\ftlx041e.dll
2010-01-31 11:41:13 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2010-01-31 11:41:12 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2010-01-31 11:41:11 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2010-01-31 11:41:10 ----A---- C:\WINDOWS\system32\msir3jp.dll
2010-01-31 11:40:49 ----A---- C:\WINDOWS\system32\kbd101a.dll
2010-01-31 11:40:35 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2010-01-31 11:40:35 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2010-01-31 11:40:35 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2010-01-31 11:40:03 ----A---- C:\WINDOWS\system32\c_is2022.dll
2010-01-31 11:40:02 ----A---- C:\WINDOWS\system32\kbdkor.dll
2010-01-31 11:40:02 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2010-01-31 11:40:02 ----A---- C:\WINDOWS\system32\kbd106.dll
2010-01-31 11:40:02 ----A---- C:\WINDOWS\system32\kbd103.dll
2010-01-31 11:40:02 ----A---- C:\WINDOWS\system32\kbd101c.dll
2010-01-31 11:40:02 ----A---- C:\WINDOWS\system32\kbd101b.dll
2010-01-31 11:39:59 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-01-31 11:39:59 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-01-31 11:39:59 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-01-31 11:39:57 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-01-31 11:39:57 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-01-31 11:39:57 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-01-31 11:39:57 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-01-31 11:39:57 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-01-31 11:39:56 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-01-31 11:39:56 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-01-31 11:39:56 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-01-31 11:39:56 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-01-31 11:39:56 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-01-31 11:39:56 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-01-31 11:39:56 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-01-31 11:39:54 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-01-31 11:39:54 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-01-31 11:39:54 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-01-31 11:39:54 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-01-31 11:39:54 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-01-31 11:39:54 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-01-31 11:39:54 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-01-31 11:39:53 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-01-31 11:39:53 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-01-31 11:39:53 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-01-31 11:39:53 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-01-31 11:39:52 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-01-31 11:39:51 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2010-01-31 11:39:51 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2010-01-31 11:39:51 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2010-01-31 11:39:51 ----RA---- C:\WINDOWS\system32\kbdro.dll
2010-01-31 11:39:51 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2010-01-31 11:39:51 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2010-01-31 11:39:51 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2010-01-31 11:39:51 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2010-01-31 11:39:51 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2010-01-31 11:39:51 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2010-01-31 11:39:51 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2010-01-31 11:39:51 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2010-01-31 11:39:51 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2010-01-31 11:39:40 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-01-31 11:39:40 ----A---- C:\WINDOWS\system32\irclass.dll
2010-01-31 11:39:40 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-01-31 11:39:40 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-01-31 11:39:40 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-01-31 11:39:36 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2010-01-31 11:39:36 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-01-31 11:39:35 ----A---- C:\WINDOWS\system32\storprop.dll
2010-01-31 11:39:35 ----A---- C:\WINDOWS\system32\batt.dll
2010-01-31 11:39:35 ----A---- C:\WINDOWS\NOTEPAD.EXE
2010-01-31 11:39:28 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2010-01-31 11:39:13 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-31 11:39:13 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-31 11:39:07 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-01-31 11:38:37 ----A---- C:\WINDOWS\setuplog.txt
2010-01-31 11:38:23 ----A---- C:\WINDOWS\system32\NETw5r32.dll
2010-01-31 11:38:23 ----A---- C:\WINDOWS\system32\NETw5c32.dll
2010-01-31 11:37:46 ----D---- C:\Documents and Settings
2010-01-31 11:36:50 ----SH---- C:\boot.ini
2010-01-31 11:32:52 ----SD---- C:\WINDOWS\Offline Web Pages
2010-01-31 11:32:52 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-31 11:32:52 ----RSD---- C:\WINDOWS\Fonts
2010-01-31 11:32:52 ----RD---- C:\WINDOWS\Web
2010-01-31 11:32:52 ----HD---- C:\WINDOWS\inf
2010-01-31 11:32:52 ----D---- C:\WINDOWS\WinSxS
2010-01-31 11:32:52 ----D---- C:\WINDOWS\WBEM
2010-01-31 11:32:52 ----D---- C:\WINDOWS\twain_32
2010-01-31 11:32:52 ----D---- C:\WINDOWS\Temp
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\wins
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\wbem
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\usmt
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\spool
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\ShellExt
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\Setup
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\scripting
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\ras
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\npp
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\mui
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\IME
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\icsxml
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\ias
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\export
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\en-US
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\en
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\drivers
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\dhcp
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\config
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\3com_dmi
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\3076
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\2052
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\1054
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\1042
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\1041
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\1037
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\1033
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\1031
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\1028
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32\1025
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system32
2010-01-31 11:32:52 ----D---- C:\WINDOWS\system
2010-01-31 11:32:52 ----D---- C:\WINDOWS\security
2010-01-31 11:32:52 ----D---- C:\WINDOWS\Resources
2010-01-31 11:32:52 ----D---- C:\WINDOWS\repair
2010-01-31 11:32:52 ----D---- C:\WINDOWS\Provisioning
2010-01-31 11:32:52 ----D---- C:\WINDOWS\PeerNet
2010-01-31 11:32:52 ----D---- C:\WINDOWS\pchealth
2010-01-31 11:32:52 ----D---- C:\WINDOWS\Network Diagnostic
2010-01-31 11:32:52 ----D---- C:\WINDOWS\mui
2010-01-31 11:32:52 ----D---- C:\WINDOWS\msapps
2010-01-31 11:32:52 ----D---- C:\WINDOWS\msagent
2010-01-31 11:32:52 ----D---- C:\WINDOWS\Media
2010-01-31 11:32:52 ----D---- C:\WINDOWS\L2Schemas
2010-01-31 11:32:52 ----D---- C:\WINDOWS\java
2010-01-31 11:32:52 ----D---- C:\WINDOWS\ime
2010-01-31 11:32:52 ----D---- C:\WINDOWS\Help
2010-01-31 11:32:52 ----D---- C:\WINDOWS\ehome
2010-01-31 11:32:52 ----D---- C:\WINDOWS\Driver Cache
2010-01-31 11:32:52 ----D---- C:\WINDOWS\Debug
2010-01-31 11:32:52 ----D---- C:\WINDOWS\Cursors
2010-01-31 11:32:52 ----D---- C:\WINDOWS\Connection Wizard
2010-01-31 11:32:52 ----D---- C:\WINDOWS\Config
2010-01-31 11:32:52 ----D---- C:\WINDOWS\AppPatch
2010-01-31 11:32:52 ----D---- C:\WINDOWS\addins
2010-01-31 11:32:52 ----D---- C:\WINDOWS
2010-01-31 10:36:32 ----D---- C:\grub
2010-01-31 03:19:21 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-31 03:19:21 ----A---- C:\WINDOWS\system32\snymsico.dll
2010-01-31 03:19:21 ----A---- C:\WINDOWS\system32\rixdicon.dll
2010-01-31 03:19:17 ----D---- C:\Program Files\Common Files\InstallShield
2010-01-31 03:17:43 ----A---- C:\WINDOWS\system32\btw_ci.dll
2010-01-31 03:17:35 ----D---- C:\Program Files\Lenovo
2010-01-31 03:14:15 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-01-31 03:14:13 ----D---- C:\WINDOWS\system32\DRVSTORE
2010-01-31 03:14:12 ----D---- C:\Program Files\Intel
2010-01-31 03:14:06 ----D---- C:\Intel
2010-01-31 03:11:33 ----D---- C:\Program Files\Google
2010-01-31 03:11:19 ----D---- C:\Program Files\Mozilla Firefox
2010-01-31 03:11:03 ----D---- C:\Program Files\FileZilla FTP Client
2010-01-31 03:10:10 ----D---- C:\Program Files\Notepad++
2010-01-31 03:10:10 ----D---- C:\Documents and Settings\Owner\Application Data\Notepad++
2010-01-31 03:09:50 ----D---- C:\Program Files\Opera
2010-01-31 03:09:13 ----D---- C:\Program Files\Paint.NET
2010-01-31 03:08:35 ----D---- C:\Program Files\Pidgin
2010-01-31 03:08:26 ----D---- C:\Program Files\Common Files\GTK
2010-01-31 03:06:26 ----D---- C:\Program Files\RMClock
2010-01-31 03:00:45 ----D---- C:\Program Files\ImgBurn
2010-01-31 02:59:54 ----D---- C:\Program Files\WinRAR
2010-01-31 02:59:23 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-01-31 02:59:10 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe

======List of files/folders modified in the last 1 months======

2010-02-04 11:46:10 ----A---- C:\WINDOWS\win.ini
2010-01-31 11:42:06 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-24 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-24 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-24 48560]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-01-31 21425]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-24 94160]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2009-07-19 62848]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-11-08 12544]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2009-07-19 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-24 23120]
R3 ATSWPDRV;(****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-04-10 140808]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-12-10 187392]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-10-30 329901]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-10-30 30459]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-11-13 862922]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-10-30 149123]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-10-30 67672]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-01-21 6278560]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-07-19 12160]
R3 NETw5x32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-11-17 3636864]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2009-07-19 61824]
R3 RTCore32;RTCore32; \??\C:\Program Files\RMClock\RTCore32.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2009-07-19 80384]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-19 193088]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2009-07-19 32384]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2009-06-08 30464]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2009-05-12 122240]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanusb;BT Voyager 105 ADSL Modem; C:\WINDOWS\system32\DRIVERS\gwausb.sys [2003-08-15 148338]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-19 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-19 82944]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2009-07-19 133632]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-24 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-24 138680]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe [2006-11-11 266295]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-11-08 434176]
R2 FingerprintServer;Fingerprint Server; C:\WINDOWS\system32\FpLogonServ.exe [2007-01-19 61440]
R2 FNF5SVC;Fn+F5 Service; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [2008-03-14 54560]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-11-08 327680]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-11-08 950272]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-24 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-24 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-01-31 30192]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-07-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-07-19 14848]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


gmer log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-13 20:32:57
Windows 5.1.2600 Service Pack 3
Running: qjmxfdoo.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fgrcypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA8F1E6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA8F1E574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA8F1EA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA8F1E14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA8F1E64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA8F1E08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA8F1E0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA8F1E76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA8F1E72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA8F1E8AE]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA887D6D0]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----


#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:48 PM

Posted 13 February 2010 - 02:29 PM

Hi The Punisher,

I don't see anything in your logs, can you tell me if you are still having the same problems you described in your first post.

unite.jpg


#6 The Punisher

The Punisher
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 14 February 2010 - 01:21 AM

nope.. after the initial infections were removed or quarantined by avast and MBAM, there have not been any more issues.

#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:48 PM

Posted 14 February 2010 - 01:57 PM

It looks like your clean then, I do see one issue with the security center, please do the following.
  • Go to Start >> Run
  • Copy and paste the following command line into the Run box, then click OK.
CMD /C SC QUERY wscsvc>log.txt&START log.txt
  • This will create and open a file called log.txt, please post the contents in your reply.

unite.jpg


#8 The Punisher

The Punisher
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 14 February 2010 - 03:22 PM

thsi is what i got from entering the given command:

QUOTE
[SC] EnumQueryServicesStatus:OpenService FAILED 1060:

The specified service does not exist as an installed service.


#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:48 PM

Posted 15 February 2010 - 11:47 AM

Go to http://www.kellys-korner-xp.com/xp_tweaks.htm
Scroll down to line 338 the click on Restore the Security Center Service.
Save the file that opens to your computer.
Double click the file you saved, Select yes when it prompts you, then Ok.
Reboot your computer.

When you have rebooted run the command in my last post again and post the log.

unite.jpg


#10 The Punisher

The Punisher
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 16 February 2010 - 02:27 PM

here you goes smile.gif

QUOTE
SERVICE_NAME: wscsvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:48 PM

Posted 16 February 2010 - 05:35 PM

That looks fine you just need to make sure it's started and set to automatic do the following, then let me know if it works ok and if your
happy for me to close the topic smile.gif


Click Start >> Run, then type services.msc in the box.
Scroll down to the Security Center service and double click it.
Click the Start button and change the Startup type to Automatic
Then click Apply and Ok.

unite.jpg


#12 The Punisher

The Punisher
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 17 February 2010 - 07:47 AM

thx syler, however this is the error i get when i clicked start:

QUOTE
Error 1083: The executable program that this service is configured to run in does not implement that service


what is the security center? do i need it even after i have an antivirus and MBAM installed?

#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:48 PM

Posted 17 February 2010 - 12:48 PM

The Security center is a windows service which you should have working, please try this following fix and let me know if it works.

http://windowsxp.mvps.org/wscsvcfix.htm

unite.jpg


#14 The Punisher

The Punisher
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 17 February 2010 - 03:24 PM

i followed the directions in the link and thsi time im getting another error:

QUOTE
Error 126: the specified module could not be found


#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:48 PM

Posted 17 February 2010 - 03:38 PM


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy the content of the following codebox into the main textfield :
    CODE
    :filefind
    wscsvc.dll
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan, Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users