Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Same Problem -- Search Results Hijacked!


  • This topic is locked This topic is locked
29 replies to this topic

#1 KSPrincess

KSPrincess

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado
  • Local time:04:35 PM

Posted 05 February 2010 - 12:02 PM

This is new to me, so here I go!
Same problem, seach results are redirected to a different webpage.
Below is hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:16 AM, on 2/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\AdobeCS2\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\AdobeCS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trea.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL (file missing)
R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll
R3 - URLSearchHook: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GoodShopToolbar - {0b4d6b1c-d1a6-4b21-9412-cc846ebfa818} - C:\Program Files\GoodSearch.com\GoodSearch Toolbar\adxloader.dll
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll
O2 - BHO: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: GoodSearchBar - {10834e9a-d475-4a24-ad01-f3f24f71b28e} - C:\Program Files\GoodSearch.com\GoodSearch Toolbar\adxloader.dll
O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\AdobeCS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Pando] C:\Program Files\Pando Networks\Pando\Pando.exe /Minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.ebay.com
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1242408713364
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = treadomain.org
O17 - HKLM\Software\..\Telephony: DomainName = treadomain.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = treadomain.org
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 14705 bytes


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:35 AM

Posted 12 February 2010 - 03:26 PM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • log.txt
  • info.txt
  • Gmer log

Thanks

unite.jpg


#3 KSPrincess

KSPrincess
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado
  • Local time:04:35 PM

Posted 15 February 2010 - 12:53 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by tammyb at 2010-02-12 14:00:23
Microsoft Windows XP Professional Service Pack 2
System drive C: has 13 GB (17%) free of 76 GB
Total RAM: 1014 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:00:41 PM, on 2/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\AdobeCS2\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\AdobeCS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Distillr\AcroTray.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
C:\Program Files\AdobeCS2\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\TAMMYB~1.TRE\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\TAMMYB~1.TRE\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\tammyb.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trea.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL (file missing)
R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll
R3 - URLSearchHook: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GoodShopToolbar - {0b4d6b1c-d1a6-4b21-9412-cc846ebfa818} - C:\Program Files\GoodSearch.com\GoodSearch Toolbar\adxloader.dll
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll
O2 - BHO: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: GoodSearchBar - {10834e9a-d475-4a24-ad01-f3f24f71b28e} - C:\Program Files\GoodSearch.com\GoodSearch Toolbar\adxloader.dll
O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll
O3 - Toolbar: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\AdobeCS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.ebay.com
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1242408713364
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = treadomain.org
O17 - HKLM\Software\..\Telephony: DomainName = treadomain.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = treadomain.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = treadomain.org
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 15096 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}]
Pando Search Assistant BHO - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0b4d6b1c-d1a6-4b21-9412-cc846ebfa818}]
GoodShopToolbar - C:\Program Files\GoodSearch.com\GoodSearch Toolbar\adxloader.dll [2008-08-04 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
MHTBPos00 Class - C:\Program Files\Family Toolbar\tbcore3.dll [2009-05-07 2642432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{601ED020-FB6C-11D3-87D8-0050DA59922B}]
WsftpBrowserHelper Class - C:\Program Files\WS_FTP Pro\wsbho2K0.dll [2003-12-16 118830]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
Wisdom-soft toolbar - C:\Program Files\Wisdom-soft\tbWisd.dll [2007-07-17 1379352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-08-07 138608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-03 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-08 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar BHO - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll [2009-11-18 506720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4}]
Pando Toolbar BHO - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2009-06-03 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-11 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
Locked
{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - Pando Toolbar - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2009-06-03 266240]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{10834e9a-d475-4a24-ad01-f3f24f71b28e} - GoodSearchBar - C:\Program Files\GoodSearch.com\GoodSearch Toolbar\adxloader.dll [2008-08-04 315392]
{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - Family Toolbar - C:\Program Files\Family Toolbar\tbcore3.dll [2009-05-07 2642432]
{6dfc55bb-bfff-485a-9709-90c3fdf6db58} - Wisdom-soft toolbar - C:\Program Files\Wisdom-soft\tbWisd.dll [2007-07-17 1379352]
{8dcb7100-df86-4384-8842-8fa844297b3f} - MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll [2009-11-18 506720]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-03 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-02-29 66680]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2004-03-12 124128]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"AdobeVersionCue"=C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe [2003-10-13 1732608]
"Adobe Version Cue CS2"=C:\Program Files\AdobeCS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [2005-04-04 856064]
""= []
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"MSN Toolbar"=C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe [2009-11-18 240480]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-07-17 288080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-22 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autochk]
C:\DOCUME~1\TAMMYB~1.TRE\protect.dll,_IWMPEvents@16 []

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\tammyb.TREADOMAIN\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2004-03-12 83176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoWelcomeScreen"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\SYSTEM32\java.exe"="C:\WINDOWS\SYSTEM32\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe"="C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2"
"C:\Program Files\WS_FTP Pro\wsftppro.exe"="C:\Program Files\WS_FTP Pro\wsftppro.exe:*:Enabled:WS_FTP Pro Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\Pando Networks\Pando\Pando.exe"="C:\Program Files\Pando Networks\Pando\Pando.exe:*:Enabled:Pando"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c5f4c5c-4091-11de-b198-001143bcfe59}]
shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe


======List of files/folders created in the last 1 months======

2010-02-12 14:00:23 ----D---- C:\rsit
2010-02-11 14:20:26 ----D---- C:\Program Files\QuarkXPress 7.0
2010-02-11 11:25:37 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-02-11 11:25:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-02-11 03:33:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-02-11 03:33:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-02-11 03:32:38 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-02-11 03:32:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-02-11 03:31:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-11 03:31:16 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-11 03:30:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-02-11 03:30:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-02-11 03:21:37 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-11 03:21:09 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-11 03:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-02-11 03:20:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-02-11 03:19:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-11 03:19:26 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-11 03:19:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-11 03:18:29 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-02-11 03:18:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-02-11 03:17:40 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-11 03:17:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-11 03:16:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-02-11 03:16:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-11 03:15:45 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-02-11 03:14:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-11 03:13:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-11 03:13:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-11 03:13:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-02-11 03:12:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-02-11 03:12:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-11 03:12:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-11 03:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-11 03:11:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-11 03:10:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-02-11 03:10:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-02-11 03:09:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-02-11 03:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-02-11 03:09:11 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-02-11 03:08:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-02-11 03:08:23 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-11 03:08:00 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-11 03:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-02-11 03:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-02-11 03:06:40 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-02-11 03:05:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-11 03:05:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-02-11 03:05:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-02-11 03:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-11 03:04:23 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-11 03:03:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-02-11 03:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-02-11 03:03:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-02-11 03:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-02-11 03:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-02-11 03:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-02-11 03:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-11 03:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-11 03:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-10 16:10:22 ----HD---- C:\WINDOWS\msdownld.tmp
2010-02-10 15:56:51 ----D---- C:\a0a930825de4ec2c49
2010-02-10 15:27:43 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-02-10 14:18:12 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-02-10 13:40:04 ----A---- C:\WINDOWS\system32\igfxres.dll
2010-02-10 13:37:02 ----D---- C:\WINDOWS\Prefetch
2010-02-10 13:26:33 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-02-10 13:11:30 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-02-10 13:11:30 ----A---- C:\WINDOWS\system32\irclass.dll
2010-02-10 13:11:11 ----RA---- C:\WINDOWS\SET9E.tmp
2010-02-10 13:11:07 ----RA---- C:\WINDOWS\SET92.tmp
2010-02-10 13:11:05 ----RA---- C:\WINDOWS\SET8F.tmp
2010-02-02 11:42:56 ----D---- C:\Program Files\TrendMicro
2010-02-02 08:00:51 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-02-02 08:00:36 ----D---- C:\Program Files\SUPERAntiSpyware
2010-02-02 08:00:36 ----D---- C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\SUPERAntiSpyware.com
2010-02-02 07:59:45 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-28 13:55:05 ----D---- C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Malwarebytes
2010-01-28 13:54:44 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-01-28 13:54:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-28 07:27:25 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
2010-01-28 07:26:48 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-28 07:26:48 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-28 07:26:48 ----A---- C:\WINDOWS\system32\java.exe
2010-01-27 10:18:06 ----D---- C:\Program Files\a-squared Anti-Malware
2010-01-27 00:44:48 ----A---- C:\WINDOWS\system32\muweb.dll
2010-01-27 00:44:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-01-27 00:44:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-01-26 15:51:44 ----D---- C:\Program Files\Microsoft
2010-01-26 15:51:40 ----D---- C:\Program Files\MSN Toolbar
2010-01-26 15:46:32 ----D---- C:\Program Files\MSN Toolbar Installer
2010-01-21 21:33:01 ----D---- C:\WINDOWS\system32\IOSUBSYS

======List of files/folders modified in the last 1 months======

2010-02-12 14:00:35 ----D---- C:\WINDOWS\temp
2010-02-12 14:00:06 ----D---- C:\Downloads
2010-02-12 09:18:19 ----D---- C:\WINDOWS
2010-02-12 01:17:41 ----D---- C:\WINDOWS\SECURITY
2010-02-11 21:00:11 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-11 21:00:10 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-11 21:00:09 ----HD---- C:\WINDOWS\INF
2010-02-11 15:52:21 ----RD---- C:\Program Files
2010-02-11 15:52:21 ----D---- C:\Program Files\Quark
2010-02-11 15:31:19 ----SD---- C:\WINDOWS\Tasks
2010-02-11 15:28:54 ----D---- C:\WINDOWS\system32\IAS
2010-02-11 15:28:51 ----D---- C:\Program Files\Symantec AntiVirus
2010-02-11 15:26:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-11 14:22:35 ----SHD---- C:\WINDOWS\Installer
2010-02-11 14:21:45 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Quark
2010-02-11 14:21:22 ----SHD---- C:\Config.Msi
2010-02-11 14:07:09 ----D---- C:\WINDOWS\SYSTEM32
2010-02-11 12:50:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-11 11:27:11 ----D---- C:\WINDOWS\system32\DRIVERS
2010-02-11 11:25:43 ----RSHDC---- C:\WINDOWS\system32\DLLCACHE
2010-02-11 11:25:33 ----A---- C:\WINDOWS\imsins.BAK
2010-02-11 11:03:51 ----D---- C:\Program Files\Google
2010-02-11 10:58:54 ----D---- C:\Program Files\Smart PDF Converter
2010-02-11 10:57:17 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-11 08:21:02 ----D---- C:\WINDOWS\Help
2010-02-11 08:21:02 ----D---- C:\Program Files\Internet Explorer
2010-02-11 08:11:20 ----D---- C:\WINDOWS\ie8updates
2010-02-11 08:11:16 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-11 08:08:50 ----HDC---- C:\WINDOWS\ie8
2010-02-11 08:05:59 ----D---- C:\WINDOWS\system32\en-US
2010-02-11 07:38:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJPLM
2010-02-11 07:36:04 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJ
2010-02-11 07:21:13 ----SHD---- C:\WINDOWS\CSC
2010-02-11 07:17:03 ----D---- C:\WINDOWS\AppPatch
2010-02-11 07:17:02 ----D---- C:\WINDOWS\system32\WBEM
2010-02-11 07:17:00 ----D---- C:\WINDOWS\system32\Setup
2010-02-11 03:15:12 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2010-02-11 03:10:00 ----D---- C:\Program Files\Outlook Express
2010-02-10 14:18:22 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-10 13:53:33 ----A---- C:\WINDOWS\hpbafd.ini
2010-02-10 13:52:36 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-02-10 13:45:14 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-10 13:39:36 ----D---- C:\WINDOWS\Registration
2010-02-10 13:38:46 ----A---- C:\WINDOWS\setuplog.txt
2010-02-10 13:38:00 ----D---- C:\WINDOWS\system32\Restore
2010-02-10 13:38:00 ----D---- C:\System Volume Information
2010-02-10 13:35:53 ----D---- C:\WINDOWS\system32\INETSRV
2010-02-10 13:35:53 ----D---- C:\WINDOWS\system32\CONFIG
2010-02-10 13:27:36 ----A---- C:\WINDOWS\OEWABLog.txt
2010-02-10 13:27:30 ----A---- C:\WINDOWS\ODBCINST.INI
2010-02-10 13:26:36 ----RD---- C:\WINDOWS\Web
2010-02-10 13:26:26 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-02-10 13:26:14 ----A---- C:\WINDOWS\win.ini
2010-02-10 13:26:09 ----D---- C:\WINDOWS\system32\OOBE
2010-02-10 13:26:07 ----D---- C:\WINDOWS\SRCHASST
2010-02-10 13:26:04 ----D---- C:\Program Files\Windows Media Player
2010-02-10 13:25:56 ----D---- C:\Program Files\Movie Maker
2010-02-10 13:25:44 ----D---- C:\Program Files\NetMeeting
2010-02-10 13:25:38 ----D---- C:\Program Files\Common Files\System
2010-02-10 13:24:23 ----D---- C:\WINDOWS\system32\Com
2010-02-10 13:23:51 ----D---- C:\Program Files\Windows NT
2010-02-10 13:22:47 ----SH---- C:\boot.ini
2010-02-10 13:11:37 ----A---- C:\WINDOWS\system.ini
2010-02-10 13:11:30 ----D---- C:\WINDOWS\SYSTEM
2010-02-10 13:11:19 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
2010-02-10 06:06:53 ----D---- C:\WINDOWS\system32\USMT
2010-02-10 06:06:37 ----D---- C:\WINDOWS\MUI
2010-02-10 06:06:36 ----D---- C:\WINDOWS\IME
2010-02-10 06:06:36 ----D---- C:\WINDOWS\EHOME
2010-02-10 06:06:35 ----RSD---- C:\WINDOWS\Fonts
2010-02-10 06:06:34 ----D---- C:\WINDOWS\Media
2010-02-10 06:06:23 ----D---- C:\WINDOWS\PeerNet
2010-02-10 06:06:09 ----D---- C:\WINDOWS\system32\NPP
2010-02-10 06:06:02 ----D---- C:\WINDOWS\MSAGENT
2010-02-10 06:02:58 ----D---- C:\WINDOWS\TWAIN_32
2010-02-10 06:02:06 ----D---- C:\WINDOWS\system32\ICSXML
2010-02-10 06:01:27 ----D---- C:\WINDOWS\system32\1033
2010-02-10 06:00:25 ----D---- C:\WINDOWS\Driver Cache
2010-02-10 06:00:24 ----D---- C:\WINDOWS\WinSxS
2010-02-09 14:39:59 ----D---- C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Adobe
2010-02-09 14:39:59 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2010-02-05 09:05:45 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2010-02-02 11:42:59 ----SD---- C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Microsoft
2010-02-02 07:59:45 ----D---- C:\Program Files\Common Files
2010-02-01 12:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-28 07:27:18 ----D---- C:\Program Files\Common Files\Java
2010-01-28 07:26:21 ----D---- C:\Program Files\Java
2010-01-27 14:11:44 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-26 15:52:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-26 15:50:50 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-26 10:44:55 ----D---- C:\Program Files\MSN
2010-01-25 15:02:31 ----D---- C:\WINDOWS\Temporary Internet Files
2010-01-25 11:07:46 ----D---- C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Apple Computer
2010-01-25 10:46:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2010-01-19 11:49:20 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2010-01-14 11:12:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-03-11 263616]
R2 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-05-29 186112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100210.004\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100210.004\navex15.sys []
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-03-11 16288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 kungsfumfiqvun;kungsfumfiqvun; C:\WINDOWS\system32\drivers\kungsfcobfdwjc.sys []
S3 epstw2k;SCM Parallel Port SCSI Driver; C:\WINDOWS\system32\DRIVERS\epstw2k.sys [2004-08-04 114944]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 scsiscan;SCSI Scanner Driver; C:\WINDOWS\system32\DRIVERS\scsiscan.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Adobe Version Cue CS2;Adobe Version Cue CS2; C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe [2005-04-04 163840]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-02-29 255096]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-02-29 242808]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2004-03-12 29928]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-17 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-08-07 242048]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2004-03-12 1221864]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-07-13 72704]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-08 135664]
S3 AdobeVersionCue;AdobeVersionCue; C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe [2003-10-13 61440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-02-29 87160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-03-16 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-21 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2005-11-28 68096]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-03-11 193760]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 ATMsrvc;ATM Service; C:\WINDOWS\System32\ATMsrvc.exe [2000-05-24 15360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 Ntfahsa;Ntfahsa; C:\WINDOWS\system32\drivers\pciidex.sys [2004-08-04 25088]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2010-02-12 14:00:49

======Uninstall list======

-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
-->msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}\zidxp.exe"
-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01958032-9877-4118-B87F-9EFA74B3F15F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3E4251D-8364-4698-B0E0-A7C799384403}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
360Share Pro(remove only)-->"C:\Program Files\360Share Pro\bt-uninst.exe"
Adobe Acrobat 8.2.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000003}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=d:\adobe creative suite 2.0/lang=0409
Adobe Creative Suite-->C:\PROGRA~1\INSTAL~1\{D52EC~1\setup.exe /Relaunched=yes /Uninstall /Relaunched=yes
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Manager Deluxe 4.1-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL2.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon CanoScan 5600F User Registration-->C:\Program Files\Canon\IJEREG\CanoScan 5600F\UNINST.EXE
Canon MP Navigator EX 2.0-->"C:\Program Files\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 2.0\uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CanoScan 5600F Scanner Driver-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4808\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4808 /L0x0009
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Director 5.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Macromedia\Director 5.0\DeIsL1.isu"
Family Toolbar-->C:\Program Files\Family Toolbar\ToolUninstall.exe
GoodSearch Toolbar-->MsiExec.exe /I{F4552E24-D5B5-4DE6-83B8-DC574B9DCEB9}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Graboid Video 1.65-->C:\Program Files\Graboid\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Inkjet Printer/Scanner Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Ipswitch WS_FTP Pro-->C:\WINDOWS\ISUNINST.EXE -f"C:\PROGRA~1\WS_FTP~1\uninst.isu" -c"C:\PROGRA~1\WS_FTP~1\FTPInstUtils.dll"
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
LiveUpdate 2.0 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Director 7-->C:\PROGRA~1\MACROM~1\DIRECT~2\UNWISE.EXE C:\PROGRA~1\MACROM~1\DIRECT~2\install.log
Macromedia Fireworks-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Macromedia\Fireworks\DeIsL2.isu"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Default Manager-->MsiExec.exe /X{61BEA823-ECAF-49F1-8378-A59B3B8AD247}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MSN Toolbar Platform-->MsiExec.exe /I{2B4508B3-7403-44FF-8FBC-5CCD032E3635}
MSN Toolbar-->C:\Program Files\MSN Toolbar Installer\InstallManager.exe /UNINSTALL
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
ODF Viewer Beta 2-->C:\Program Files\OD Fellowship\ODF Viewer Beta 2\uninst.exe
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
Pando Toolbar-->rundll32 C:\PROGRA~1\PandoBar\bar\1.bin\PandoBar.dll,O
Pando-->C:\Program Files\Pando Networks\Pando\PandoUninst.exe
PhotoFilmStrip 1.1-->"C:\Program Files\PhotoFilmStrip\unins000.exe"
QuarkXPress 7.0-->MsiExec.exe /I{A38048C6-89D1-44EC-BC95-E95DD4A19B5E}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec AntiVirus-->MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
The Big Box of Art 410,000-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{03A5F2B6-6948-4E97-8164-BD7B6407C5D6}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Wisdom-soft Set up ScreenHunter 5.1 Free-->C:\PROGRA~1\WISDOM~2\UNWISE.EXE C:\PROGRA~1\WISDOM~2\INSTALL.LOG
Wisdom-soft Toolbar-->C:\PROGRA~1\WISDOM~3\UNWISE.EXE C:\PROGRA~1\WISDOM~3\INSTALL.LOG

=====HijackThis Backups=====

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [2009-05-08]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-05-08]
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-05-08]
O3 - Toolbar: GoodSearch Toolbar - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL [2009-05-08]
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-05-08]
O20 - Winlogon Notify: __c00EB8F6 - C:\WINDOWS\system32\__c00EB8F6.dat [2009-05-08]
O20 - Winlogon Notify: 2cbd9e22583 - C:\WINDOWS\System32\DSSUSBF32.dll [2009-05-08]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======System event log======

Computer Name: TAMMY
Event Code: 40961
Message: The Security System could not establish a secured connection with the server ldap/treasrv2.treadomain.org/treadomain.org@TREADOMAIN.ORG. No authentication protocol was available.

Record Number: 21056
Source Name: LSASRV
Time Written: 20100204090849.000000-420
Event Type: warning
User:

Computer Name: TAMMY
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 21055
Source Name: Disk
Time Written: 20100204090027.000000-420
Event Type: warning
User:

Computer Name: TAMMY
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 21051
Source Name: Disk
Time Written: 20100204083140.000000-420
Event Type: warning
User:

Computer Name: TAMMY
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 21050
Source Name: Disk
Time Written: 20100204081706.000000-420
Event Type: warning
User:

Computer Name: TAMMY
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 21045
Source Name: Disk
Time Written: 20100204073005.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: TAMMY
Event Code: 6
Message:


Could not scan 1 files inside C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip due to extraction errors encountered by the Decomposer Engines.

Record Number: 28606
Source Name: Symantec AntiVirus
Time Written: 20100203230201.000000-420
Event Type: warning
User:

Computer Name: TAMMY
Event Code: 6
Message:


Could not scan 1 files inside C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip due to extraction errors encountered by the Decomposer Engines.

Record Number: 28605
Source Name: Symantec AntiVirus
Time Written: 20100203230201.000000-420
Event Type: warning
User:

Computer Name: TAMMY
Event Code: 6
Message:


Could not scan 1 files inside C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip due to extraction errors encountered by the Decomposer Engines.

Record Number: 28604
Source Name: Symantec AntiVirus
Time Written: 20100203230201.000000-420
Event Type: warning
User:

Computer Name: TAMMY
Event Code: 6
Message:


Could not scan 1 files inside C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip due to extraction errors encountered by the Decomposer Engines.

Record Number: 28603
Source Name: Symantec AntiVirus
Time Written: 20100203230201.000000-420
Event Type: warning
User:

Computer Name: TAMMY
Event Code: 6
Message:


Could not scan 1 files inside C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer.zip due to extraction errors encountered by the Decomposer Engines.

Record Number: 28602
Source Name: Symantec AntiVirus
Time Written: 20100203230201.000000-420
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Adobe\AGL;C:\WINDOWS\system32\gs\gs7.05\bin;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-15 10:12:34
Windows 5.1.2600 Service Pack 2
Running: zj5fynem.exe; Driver: C:\DOCUME~1\TAMMYB~1.TRE\LOCALS~1\Temp\fxtdipoc.sys


---- System - GMER 1.0.15 ----

SSDT E1010370 ZwConnectPort

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF720AF80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2000] msvcrt.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A90D480 C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2000] msvcrt.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A90D2D0 C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2000] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A90D500 C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2000] msvcrt.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A90D3E0 C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2000] msvcrt.dll!_aligned_free 77C29E33 5 Bytes JMP 0A90D2D0 C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2000] msvcrt.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A90D3C0 C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2000] msvcrt.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A90D420 C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2000] msvcrt.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A90D400 C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2000] msvcrt.dll!_expand 77C29FE5 5 Bytes JMP 0A90D3A0 C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2000] msvcrt.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A90D550 C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2000] msvcrt.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A90D560 C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2000] msvcrt.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A90D581 C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2000] msvcrt.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A90D650 C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2000] msvcrt.dll!_heapused 77C2BE3A 5 Bytes JMP 0A90D620 C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2000] msvcrt.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A90D590 C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2000] msvcrt.dll!_msize 77C2BF6C 5 Bytes JMP 0A90D2E0 C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2000] msvcrt.dll!calloc 77C2C0C3 5 Bytes JMP 0A90D270 C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2000] msvcrt.dll!free 77C2C21B 5 Bytes JMP 0A90D2D0 C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2000] msvcrt.dll!malloc 77C2C407 5 Bytes JMP 0A90D230 C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2000] msvcrt.dll!realloc 77C2C437 5 Bytes JMP 0A90D2B0 C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] USER32.dll!CallNextHookEx 77D4ED6E 5 Bytes JMP 3E2DD189 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 3E2ED964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 3E2156E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 3E3E434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 3E3E43AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 3E3E42E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 3E2548CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 3E3E41B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 3E3E4214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 3E3E4412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 3E3E4276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] ole32.dll!OleLoadFromStream 77518C62 5 Bytes JMP 3E3E4717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 3E2ED9C0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Pando Networks\Pando\Pando.exe[2496] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!CallNextHookEx 77D4ED6E 5 Bytes JMP 3E2DD189 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 3E2ED964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 3E2156E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 3E3E434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 3E3E43AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 3E3E42E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 3E2548CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 3E3E41B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 3E3E4214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 3E3E4412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 3E3E4276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] ole32.dll!OleLoadFromStream 77518C62 5 Bytes JMP 3E3E4717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 3E2ED9C0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3772] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 3E2ED964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3772] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 3E2156E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3772] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 3E3E434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3772] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 3E3E43AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3772] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 3E3E42E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3772] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 3E3E41B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3772] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 3E3E4214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3772] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 3E3E4412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3772] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 3E3E4276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- EOF - GMER 1.0.15 ----


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:35 AM

Posted 15 February 2010 - 02:36 PM

Hi KSPrincess,

Can you tell me if you are still having the problem of being redirected or any other problems?


Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.



Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Then please post back here with the following logs:
  • checkup.txt
  • MBAM log

Thanks

unite.jpg


#5 KSPrincess

KSPrincess
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado
  • Local time:04:35 PM

Posted 16 February 2010 - 05:03 PM

Computer completely shut down and wouldn't boot up -- I was able to get it to boot from the Windows disk, and ran Repair Windows. It seems to have stopped the hi-jacking, but I have a program that won't work -- I have tried uninstalling and reinstalling. Didn't want to completely wipe out the computer and start over if it could be fixed without doing that.
Below are the logs requested. THANK YOU !

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Symantec AntiVirus
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Windows Defender
HijackThis 2.0.2
Java™ 6 Update 18
Java Auto Updater
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.2
``````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
``````````````````````````````
DNS Vulnerability Check:

Unknown. This method cannot test your vulnerability to DNS cache poisoning.

`````````End of Log```````````

Malwarebytes' Anti-Malware 1.44
Database version: 3747
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2/16/2010 2:52:23 PM
mbam-log-2010-02-16 (14-52-23).txt

Scan type: Quick Scan
Objects scanned: 191212
Time elapsed: 35 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:35 AM

Posted 16 February 2010 - 06:18 PM

Can you tell me what program is not working, also is your AntiVirus an up to date version?

Please post a new Rsit log.

unite.jpg


#7 KSPrincess

KSPrincess
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado
  • Local time:04:35 PM

Posted 17 February 2010 - 12:28 PM

Anti-Virus is up-to date.
The program that is not working is Quark Xpress 7.5 -- the program opens, but when I open a document -- it shows as open (but it is not visible).


Below is rsit log as requested.

Logfile of random's system information tool 1.06 (written by random/random)
Run by tammyb at 2010-02-17 10:27:01
Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (15%) free of 76 GB
Total RAM: 1014 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:16 AM, on 2/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\AdobeCS2\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\AdobeCS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\tammyb.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trea.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL (file missing)
R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll
R3 - URLSearchHook: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GoodShopToolbar - {0b4d6b1c-d1a6-4b21-9412-cc846ebfa818} - C:\Program Files\GoodSearch.com\GoodSearch Toolbar\adxloader.dll
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll
O2 - BHO: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: GoodSearchBar - {10834e9a-d475-4a24-ad01-f3f24f71b28e} - C:\Program Files\GoodSearch.com\GoodSearch Toolbar\adxloader.dll
O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll
O3 - Toolbar: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\AdobeCS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_3] C:\WINDOWS\system32\regsvr32 /s /u "C:\WINDOWS\system32\wmv8dmod.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_4] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmvdmod.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_5] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmvdmoe2.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_6] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmadmoe.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_7] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmspdmod.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_8] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmspdmoe.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_9] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmsdmoe.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_21] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\mpg4dmod.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_22] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\mp43dmod.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_23] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\mp4sdmod.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_24] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmsdmod.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_30] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\laprxy.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_31] "C:\WINDOWS\system32\logagent.exe" /RegServer
O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_32] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmvcore.dll"
O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_1] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\drmstor.dll"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.ebay.com
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1242408713364
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = treadomain.org
O17 - HKLM\Software\..\Telephony: DomainName = treadomain.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = treadomain.org
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = treadomain.org
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 16571 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\OGALogon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}]
Pando Search Assistant BHO - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0b4d6b1c-d1a6-4b21-9412-cc846ebfa818}]
GoodShopToolbar - C:\Program Files\GoodSearch.com\GoodSearch Toolbar\adxloader.dll [2008-08-04 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
MHTBPos00 Class - C:\Program Files\Family Toolbar\tbcore3.dll [2009-05-07 2642432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{601ED020-FB6C-11D3-87D8-0050DA59922B}]
WsftpBrowserHelper Class - C:\Program Files\WS_FTP Pro\wsbho2K0.dll [2003-12-16 118830]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
Wisdom-soft toolbar - C:\Program Files\Wisdom-soft\tbWisd.dll [2007-07-17 1379352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-08-07 138608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-03 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-08 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar BHO - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll [2009-11-18 506720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4}]
Pando Toolbar BHO - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2009-06-03 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-11 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
Locked
{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - Pando Toolbar - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2009-06-03 266240]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{10834e9a-d475-4a24-ad01-f3f24f71b28e} - GoodSearchBar - C:\Program Files\GoodSearch.com\GoodSearch Toolbar\adxloader.dll [2008-08-04 315392]
{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - Family Toolbar - C:\Program Files\Family Toolbar\tbcore3.dll [2009-05-07 2642432]
{6dfc55bb-bfff-485a-9709-90c3fdf6db58} - Wisdom-soft toolbar - C:\Program Files\Wisdom-soft\tbWisd.dll [2007-07-17 1379352]
{8dcb7100-df86-4384-8842-8fa844297b3f} - MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll [2009-11-18 506720]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-03 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-02-29 66680]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2004-03-12 124128]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"AdobeVersionCue"=C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe [2003-10-13 1732608]
"Adobe Version Cue CS2"=C:\Program Files\AdobeCS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [2005-04-04 856064]
""= []
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"MSN Toolbar"=C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe [2009-11-18 240480]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-07-17 288080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"OE_WMPWMFSDK_Install_3"=C:\WINDOWS\system32\regsvr32 /s /u C:\WINDOWS\system32\wmv8dmod.dll []
"OE_WMPWMFSDK_Install_4"=C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmvdmod.dll []
"OE_WMPWMFSDK_Install_5"=C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmvdmoe2.dll []
"OE_WMPWMFSDK_Install_6"=C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmadmoe.dll []
"OE_WMPWMFSDK_Install_7"=C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmspdmod.dll []
"OE_WMPWMFSDK_Install_8"=C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmspdmoe.dll []
"OE_WMPWMFSDK_Install_9"=C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmsdmoe.dll []
"OE_WMPWMFSDK_Install_21"=C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\mpg4dmod.dll []
"OE_WMPWMFSDK_Install_22"=C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\mp43dmod.dll []
"OE_WMPWMFSDK_Install_23"=C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\mp4sdmod.dll []
"OE_WMPWMFSDK_Install_24"=C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmsdmod.dll []
"OE_WMPWMFSDK_Install_30"=C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\laprxy.dll []
"OE_WMPWMFSDK_Install_31"=C:\WINDOWS\system32\logagent.exe [2008-04-13 103936]
"OE_WMPWMFSDK_Install_32"=C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmvcore.dll []
"OE_WMPDRM_Install_1"=C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\drmstor.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-22 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autochk]
C:\DOCUME~1\TAMMYB~1.TRE\protect.dll,_IWMPEvents@16 []

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\tammyb.TREADOMAIN\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2004-03-12 83176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoWelcomeScreen"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\SYSTEM32\java.exe"="C:\WINDOWS\SYSTEM32\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe"="C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2"
"C:\Program Files\WS_FTP Pro\wsftppro.exe"="C:\Program Files\WS_FTP Pro\wsftppro.exe:*:Enabled:WS_FTP Pro Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c5f4c5c-4091-11de-b198-001143bcfe59}]
shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe


======List of files/folders created in the last 1 months======

2010-02-17 08:33:16 ----D---- C:\WINDOWS\LastGood
2010-02-17 08:30:30 ----D---- C:\WINDOWS\Prefetch
2010-02-17 08:26:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-02-17 07:46:17 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2010-02-17 07:46:09 ----D---- C:\WINDOWS\LastGood.Tmp
2010-02-17 07:28:09 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-02-16 12:25:40 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2010-02-16 12:25:25 ----D---- C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Office Genuine Advantage
2010-02-16 12:24:16 ----D---- C:\WINDOWS\system32\zh-TW
2010-02-16 12:24:16 ----D---- C:\WINDOWS\system32\zh-HK
2010-02-16 12:24:16 ----D---- C:\WINDOWS\system32\tr-TR
2010-02-16 12:24:16 ----D---- C:\WINDOWS\system32\sv-SE
2010-02-16 12:24:16 ----D---- C:\WINDOWS\system32\pt-BR
2010-02-16 12:24:15 ----D---- C:\WINDOWS\system32\nl-NL
2010-02-16 12:24:15 ----D---- C:\WINDOWS\system32\nb-NO
2010-02-16 12:24:15 ----D---- C:\WINDOWS\system32\ko-KR
2010-02-16 12:24:15 ----D---- C:\WINDOWS\system32\it-IT
2010-02-16 12:24:14 ----D---- C:\WINDOWS\system32\he-IL
2010-02-16 12:24:14 ----D---- C:\WINDOWS\system32\fr-FR
2010-02-16 12:24:14 ----D---- C:\WINDOWS\system32\fi-FI
2010-02-16 12:24:14 ----D---- C:\WINDOWS\system32\es-ES
2010-02-16 12:24:14 ----D---- C:\WINDOWS\system32\el-GR
2010-02-16 12:24:14 ----D---- C:\WINDOWS\system32\de-DE
2010-02-16 12:24:14 ----D---- C:\WINDOWS\system32\da-DK
2010-02-16 12:24:13 ----D---- C:\WINDOWS\system32\ar-SA
2010-02-12 14:00:23 ----D---- C:\rsit
2010-02-11 20:51:36 ----N---- C:\WINDOWS\system32\ieencode.dll
2010-02-11 20:51:25 ----A---- C:\WINDOWS\003442_.tmp
2010-02-11 14:20:26 ----D---- C:\Program Files\QuarkXPress 7.0
2010-02-11 11:25:37 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-02-11 11:25:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-02-11 03:33:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-02-11 03:33:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-02-11 03:32:38 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-02-11 03:32:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-02-11 03:31:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-11 03:31:16 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-11 03:30:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-02-11 03:30:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-02-11 03:21:37 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-11 03:21:09 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-11 03:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-02-11 03:20:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-02-11 03:19:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-11 03:19:26 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-11 03:19:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-11 03:18:29 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-02-11 03:18:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-02-11 03:17:40 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-11 03:17:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-11 03:16:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-02-11 03:16:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-11 03:15:45 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-02-11 03:14:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-11 03:13:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-11 03:13:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-11 03:13:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-02-11 03:12:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-02-11 03:12:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-11 03:12:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-11 03:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-11 03:11:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-11 03:10:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-02-11 03:10:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-02-11 03:09:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-02-11 03:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-02-11 03:09:11 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-02-11 03:08:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-02-11 03:08:23 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-11 03:08:00 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-11 03:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-02-11 03:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-02-11 03:06:40 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-02-11 03:05:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-11 03:05:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-02-11 03:05:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-02-11 03:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-11 03:04:23 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-11 03:03:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-02-11 03:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-02-11 03:03:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-02-11 03:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-02-11 03:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-02-11 03:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-02-11 03:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-11 03:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-11 03:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-10 16:10:22 ----HD---- C:\WINDOWS\msdownld.tmp
2010-02-10 15:56:51 ----D---- C:\a0a930825de4ec2c49
2010-02-10 14:18:12 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-02-10 13:40:04 ----A---- C:\WINDOWS\system32\igfxres.dll
2010-02-10 13:26:33 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-02-10 13:11:30 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-02-10 13:11:30 ----A---- C:\WINDOWS\system32\irclass.dll
2010-02-10 13:11:11 ----RA---- C:\WINDOWS\SET9E.tmp
2010-02-10 13:11:07 ----RA---- C:\WINDOWS\SET92.tmp
2010-02-10 13:11:05 ----RA---- C:\WINDOWS\SET8F.tmp
2010-02-02 11:42:56 ----D---- C:\Program Files\TrendMicro
2010-02-02 08:00:51 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-02-02 08:00:36 ----D---- C:\Program Files\SUPERAntiSpyware
2010-02-02 08:00:36 ----D---- C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\SUPERAntiSpyware.com
2010-02-02 07:59:45 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-28 13:55:05 ----D---- C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Malwarebytes
2010-01-28 13:54:44 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-01-28 13:54:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-28 07:27:25 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
2010-01-28 07:26:48 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-28 07:26:48 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-28 07:26:48 ----A---- C:\WINDOWS\system32\java.exe
2010-01-27 10:18:06 ----D---- C:\Program Files\a-squared Anti-Malware
2010-01-27 00:44:48 ----A---- C:\WINDOWS\system32\muweb.dll
2010-01-27 00:44:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-01-27 00:44:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-01-26 15:51:44 ----D---- C:\Program Files\Microsoft
2010-01-26 15:51:40 ----D---- C:\Program Files\MSN Toolbar
2010-01-26 15:46:32 ----D---- C:\Program Files\MSN Toolbar Installer
2010-01-21 21:33:01 ----D---- C:\WINDOWS\system32\IOSUBSYS

======List of files/folders modified in the last 1 months======

2010-02-17 10:24:11 ----D---- C:\WINDOWS\temp
2010-02-17 10:04:57 ----SHD---- C:\WINDOWS\Installer
2010-02-17 10:04:57 ----SHD---- C:\Config.Msi
2010-02-17 10:03:47 ----D---- C:\WINDOWS\SYSTEM32
2010-02-17 08:33:58 ----SD---- C:\WINDOWS\Tasks
2010-02-17 08:33:25 ----HD---- C:\WINDOWS\INF
2010-02-17 08:33:25 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-17 08:33:16 ----D---- C:\WINDOWS
2010-02-17 08:32:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-17 08:31:57 ----D---- C:\WINDOWS\system32\IAS
2010-02-17 08:31:51 ----D---- C:\Program Files\Symantec AntiVirus
2010-02-17 08:30:51 ----A---- C:\WINDOWS\setuplog.txt
2010-02-17 08:29:23 ----D---- C:\WINDOWS\system32\Setup
2010-02-17 08:29:23 ----D---- C:\WINDOWS\AppPatch
2010-02-17 08:29:22 ----D---- C:\WINDOWS\IME
2010-02-17 08:29:20 ----D---- C:\WINDOWS\system32\WBEM
2010-02-17 08:29:17 ----RSD---- C:\WINDOWS\Fonts
2010-02-17 08:28:56 ----D---- C:\WINDOWS\system32\DRIVERS
2010-02-17 08:27:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-17 08:27:01 ----RSHDC---- C:\WINDOWS\system32\DLLCACHE
2010-02-17 08:27:00 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-17 08:26:35 ----D---- C:\Program Files\Messenger
2010-02-17 08:23:51 ----D---- C:\Program Files\Outlook Express
2010-02-17 07:46:25 ----A---- C:\WINDOWS\imsins.BAK
2010-02-17 07:45:56 ----D---- C:\WINDOWS\SECURITY
2010-02-17 07:42:33 ----D---- C:\Program Files\Windows Media Player
2010-02-17 07:42:12 ----D---- C:\WINDOWS\system32\INETSRV
2010-02-17 07:42:11 ----D---- C:\WINDOWS\Help
2010-02-17 07:42:00 ----D---- C:\WINDOWS\PeerNet
2010-02-17 07:42:00 ----D---- C:\Program Files\Internet Explorer
2010-02-17 07:41:59 ----D---- C:\Program Files\Movie Maker
2010-02-17 07:39:11 ----D---- C:\WINDOWS\system32\Restore
2010-02-17 07:39:11 ----D---- C:\WINDOWS\system32\NPP
2010-02-17 07:39:10 ----D---- C:\WINDOWS\MUI
2010-02-17 07:39:09 ----D---- C:\WINDOWS\SRCHASST
2010-02-17 07:39:09 ----D---- C:\WINDOWS\MSAGENT
2010-02-17 07:39:08 ----D---- C:\Program Files\NetMeeting
2010-02-17 07:39:07 ----D---- C:\WINDOWS\system32\Com
2010-02-17 07:39:04 ----D---- C:\Program Files\Windows NT
2010-02-17 07:39:01 ----D---- C:\Program Files\Common Files\System
2010-02-17 07:38:41 ----D---- C:\WINDOWS\system32\USMT
2010-02-17 07:38:41 ----D---- C:\WINDOWS\system32\OOBE
2010-02-17 07:38:40 ----D---- C:\WINDOWS\SYSTEM
2010-02-17 07:33:37 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-17 07:28:06 ----D---- C:\WINDOWS\EHOME
2010-02-16 15:07:45 ----D---- C:\Downloads
2010-02-16 12:24:13 ----D---- C:\WINDOWS\system32\en-US
2010-02-16 09:10:25 ----D---- C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Adobe
2010-02-16 09:10:25 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2010-02-16 07:21:19 ----D---- C:\WINDOWS\network diagnostic
2010-02-11 15:52:21 ----RD---- C:\Program Files
2010-02-11 15:52:21 ----D---- C:\Program Files\Quark
2010-02-11 14:21:45 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Quark
2010-02-11 11:03:51 ----D---- C:\Program Files\Google
2010-02-11 10:58:54 ----D---- C:\Program Files\Smart PDF Converter
2010-02-11 10:57:17 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-11 08:11:20 ----D---- C:\WINDOWS\ie8updates
2010-02-11 08:11:16 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-11 08:08:50 ----HDC---- C:\WINDOWS\ie8
2010-02-11 07:38:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJPLM
2010-02-11 07:36:04 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJ
2010-02-11 07:21:13 ----SHD---- C:\WINDOWS\CSC
2010-02-11 03:15:12 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2010-02-10 14:18:22 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-10 13:53:33 ----A---- C:\WINDOWS\hpbafd.ini
2010-02-10 13:52:36 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-02-10 13:45:14 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-10 13:39:36 ----D---- C:\WINDOWS\Registration
2010-02-10 13:38:00 ----D---- C:\System Volume Information
2010-02-10 13:35:53 ----D---- C:\WINDOWS\system32\CONFIG
2010-02-10 13:27:36 ----A---- C:\WINDOWS\OEWABLog.txt
2010-02-10 13:27:30 ----A---- C:\WINDOWS\ODBCINST.INI
2010-02-10 13:26:36 ----RD---- C:\WINDOWS\Web
2010-02-10 13:26:26 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-02-10 13:26:14 ----A---- C:\WINDOWS\win.ini
2010-02-10 13:22:47 ----SH---- C:\boot.ini
2010-02-10 13:11:37 ----A---- C:\WINDOWS\system.ini
2010-02-10 13:11:19 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
2010-02-10 06:06:34 ----D---- C:\WINDOWS\Media
2010-02-10 06:02:58 ----D---- C:\WINDOWS\TWAIN_32
2010-02-10 06:02:06 ----D---- C:\WINDOWS\system32\ICSXML
2010-02-10 06:01:27 ----D---- C:\WINDOWS\system32\1033
2010-02-10 06:00:25 ----D---- C:\WINDOWS\Driver Cache
2010-02-10 06:00:24 ----D---- C:\WINDOWS\WinSxS
2010-02-05 09:05:45 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2010-02-02 11:42:59 ----SD---- C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Microsoft
2010-02-02 07:59:45 ----D---- C:\Program Files\Common Files
2010-02-01 12:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-28 07:27:18 ----D---- C:\Program Files\Common Files\Java
2010-01-28 07:26:21 ----D---- C:\Program Files\Java
2010-01-27 14:11:44 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-26 15:52:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-26 15:50:50 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-26 10:44:55 ----D---- C:\Program Files\MSN
2010-01-25 15:02:31 ----D---- C:\WINDOWS\Temporary Internet Files
2010-01-25 11:07:46 ----D---- C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Apple Computer
2010-01-25 10:46:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2010-01-19 11:49:20 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-03-11 263616]
R2 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-05-29 186112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100216.005\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100216.005\navex15.sys []
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-03-11 16288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kungsfumfiqvun;kungsfumfiqvun; C:\WINDOWS\system32\drivers\kungsfcobfdwjc.sys []
S3 epstw2k;SCM Parallel Port SCSI Driver; C:\WINDOWS\system32\DRIVERS\epstw2k.sys [2004-08-04 114944]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 scsiscan;SCSI Scanner Driver; C:\WINDOWS\system32\DRIVERS\scsiscan.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Adobe Version Cue CS2;Adobe Version Cue CS2; C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe [2005-04-04 163840]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-02-29 255096]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-02-29 242808]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2004-03-12 29928]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-17 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-08-07 242048]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2004-03-12 1221864]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-08 135664]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-07-13 72704]
S3 AdobeVersionCue;AdobeVersionCue; C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe [2003-10-13 61440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-02-29 87160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-03-16 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-21 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2005-11-28 68096]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-03-11 193760]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 ATMsrvc;ATM Service; C:\WINDOWS\System32\ATMsrvc.exe [2000-05-24 15360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:35 AM

Posted 17 February 2010 - 01:09 PM

I don't think the Quark Xpress issue is malware related, so you should start a new topic in this forum once finished here.

You still have an older version of Java install which can be used to exploit your computer, you should go to add/remove programs and uninstall the following.

J2SE Runtime Environment 5.0 Update 9



Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.


We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the icon on your desktop.
  • Paste the following code under the area. Do not include the word "Code".
    CODE
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "Locked"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    ""=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "OE_WMPWMFSDK_Install_3"=-
    "OE_WMPWMFSDK_Install_4"=-
    "OE_WMPWMFSDK_Install_5"=-
    "OE_WMPWMFSDK_Install_6"=-
    "OE_WMPWMFSDK_Install_7"=-
    "OE_WMPWMFSDK_Install_8"=-
    "OE_WMPWMFSDK_Install_9"=-
    "OE_WMPWMFSDK_Install_21"=-
    "OE_WMPWMFSDK_Install_22"=-
    "OE_WMPWMFSDK_Install_23"=-
    "OE_WMPWMFSDK_Install_24"=-
    "OE_WMPWMFSDK_Install_30"=-
    "OE_WMPWMFSDK_Install_31"=-
    "OE_WMPWMFSDK_Install_32"=-
    "OE_WMPDRM_Install_1"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    ""=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autochk]
    :Commands
    [Purity]
    [EmptyTemp]
  • Push the large button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • OTM results
  • New Rsit log.txt

Thanks

unite.jpg


#9 KSPrincess

KSPrincess
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado
  • Local time:04:35 PM

Posted 17 February 2010 - 02:39 PM

Below is requested info. Other than computer running really slowly -- I'm not having the "high-jack problems" .

OTM Log:

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OE_WMPWMFSDK_Install_3 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OE_WMPWMFSDK_Install_4 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OE_WMPWMFSDK_Install_5 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OE_WMPWMFSDK_Install_6 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OE_WMPWMFSDK_Install_7 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OE_WMPWMFSDK_Install_8 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OE_WMPWMFSDK_Install_9 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OE_WMPWMFSDK_Install_21 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OE_WMPWMFSDK_Install_22 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OE_WMPWMFSDK_Install_23 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OE_WMPWMFSDK_Install_24 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OE_WMPWMFSDK_Install_30 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OE_WMPWMFSDK_Install_31 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OE_WMPWMFSDK_Install_32 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OE_WMPDRM_Install_1 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autochk\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: administrator.TREADOMAIN.000
->Temp folder emptied: 2602756 bytes
->Temporary Internet Files folder emptied: 37915449 bytes

User: ADMINI~1~TRE

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: iw
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1921941 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 327974 bytes

User: NetworkService
->Temp folder emptied: 6774 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 387832 bytes
->Temporary Internet Files folder emptied: 1038416 bytes

User: tammyb
->Temp folder emptied: 47599878 bytes
->Temporary Internet Files folder emptied: 40476695 bytes
->Java cache emptied: 33072383 bytes
->FireFox cache emptied: 5965344 bytes

User: tammyb.TREADOMAIN
->Temp folder emptied: 1980232050 bytes
->Temporary Internet Files folder emptied: 210495708 bytes
->Java cache emptied: 46579726 bytes

User: TAMMYB~1~TRE

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 10873211 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3584589 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23897448 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 489573469 bytes
RecycleBin emptied: 288748406 bytes

Total Files Cleaned = 3,076.00 mb


OTM by OldTimer - Version 3.1.8.0 log created on 02172010_120913

Files moved on Reboot...

Registry entries deleted on Reboot...

RSIT Log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by tammyb at 2010-02-17 12:27:00
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (17%) free of 76 GB
Total RAM: 1014 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:26 PM, on 2/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AdobeCS2\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\AdobeCS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\tammyb.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trea.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL (file missing)
R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll
R3 - URLSearchHook: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O2 - BHO: (no name) - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GoodShopToolbar - {0b4d6b1c-d1a6-4b21-9412-cc846ebfa818} - C:\Program Files\GoodSearch.com\GoodSearch Toolbar\adxloader.dll
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll
O2 - BHO: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: GoodSearchBar - {10834e9a-d475-4a24-ad01-f3f24f71b28e} - C:\Program Files\GoodSearch.com\GoodSearch Toolbar\adxloader.dll
O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll
O3 - Toolbar: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\AdobeCS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.ebay.com
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1242408713364
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = treadomain.org
O17 - HKLM\Software\..\Telephony: DomainName = treadomain.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = treadomain.org
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = treadomain.org
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 15083 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\OGALogon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0b4d6b1c-d1a6-4b21-9412-cc846ebfa818}]
GoodShopToolbar - C:\Program Files\GoodSearch.com\GoodSearch Toolbar\adxloader.dll [2008-08-04 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
MHTBPos00 Class - C:\Program Files\Family Toolbar\tbcore3.dll [2009-05-07 2642432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{601ED020-FB6C-11D3-87D8-0050DA59922B}]
WsftpBrowserHelper Class - C:\Program Files\WS_FTP Pro\wsbho2K0.dll [2003-12-16 118830]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
Wisdom-soft toolbar - C:\Program Files\Wisdom-soft\tbWisd.dll [2007-07-17 1379352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-08-07 138608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-01-11 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-03 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-08 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar BHO - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll [2009-11-18 506720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4}]
Pando Toolbar BHO - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2009-06-03 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-11 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - Pando Toolbar - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2009-06-03 266240]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{10834e9a-d475-4a24-ad01-f3f24f71b28e} - GoodSearchBar - C:\Program Files\GoodSearch.com\GoodSearch Toolbar\adxloader.dll [2008-08-04 315392]
{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - Family Toolbar - C:\Program Files\Family Toolbar\tbcore3.dll [2009-05-07 2642432]
{6dfc55bb-bfff-485a-9709-90c3fdf6db58} - Wisdom-soft toolbar - C:\Program Files\Wisdom-soft\tbWisd.dll [2007-07-17 1379352]
{8dcb7100-df86-4384-8842-8fa844297b3f} - MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll [2009-11-18 506720]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-03 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-02-29 66680]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2004-03-12 124128]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"AdobeVersionCue"=C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe [2003-10-13 1732608]
"Adobe Version Cue CS2"=C:\Program Files\AdobeCS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [2005-04-04 856064]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"MSN Toolbar"=C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe [2009-11-18 240480]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-07-17 288080]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-22 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\tammyb.TREADOMAIN\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2004-03-12 83176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoWelcomeScreen"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\SYSTEM32\java.exe"="C:\WINDOWS\SYSTEM32\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe"="C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2"
"C:\Program Files\WS_FTP Pro\wsftppro.exe"="C:\Program Files\WS_FTP Pro\wsftppro.exe:*:Enabled:WS_FTP Pro Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-02-17 12:09:13 ----D---- C:\_OTM
2010-02-17 12:04:10 ----D---- C:\WINDOWS\ERDNT
2010-02-17 12:03:30 ----D---- C:\Program Files\ERUNT
2010-02-17 08:30:30 ----D---- C:\WINDOWS\Prefetch
2010-02-17 08:26:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-02-17 07:46:17 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2010-02-17 07:28:09 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-02-16 12:25:40 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2010-02-16 12:25:25 ----D---- C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Office Genuine Advantage
2010-02-16 12:24:16 ----D---- C:\WINDOWS\system32\zh-TW
2010-02-16 12:24:16 ----D---- C:\WINDOWS\system32\zh-HK
2010-02-16 12:24:16 ----D---- C:\WINDOWS\system32\tr-TR
2010-02-16 12:24:16 ----D---- C:\WINDOWS\system32\sv-SE
2010-02-16 12:24:16 ----D---- C:\WINDOWS\system32\pt-BR
2010-02-16 12:24:15 ----D---- C:\WINDOWS\system32\nl-NL
2010-02-16 12:24:15 ----D---- C:\WINDOWS\system32\nb-NO
2010-02-16 12:24:15 ----D---- C:\WINDOWS\system32\ko-KR
2010-02-16 12:24:15 ----D---- C:\WINDOWS\system32\it-IT
2010-02-16 12:24:14 ----D---- C:\WINDOWS\system32\he-IL
2010-02-16 12:24:14 ----D---- C:\WINDOWS\system32\fr-FR
2010-02-16 12:24:14 ----D---- C:\WINDOWS\system32\fi-FI
2010-02-16 12:24:14 ----D---- C:\WINDOWS\system32\es-ES
2010-02-16 12:24:14 ----D---- C:\WINDOWS\system32\el-GR
2010-02-16 12:24:14 ----D---- C:\WINDOWS\system32\de-DE
2010-02-16 12:24:14 ----D---- C:\WINDOWS\system32\da-DK
2010-02-16 12:24:13 ----D---- C:\WINDOWS\system32\ar-SA
2010-02-12 14:00:23 ----D---- C:\rsit
2010-02-11 20:51:36 ----N---- C:\WINDOWS\system32\ieencode.dll
2010-02-11 14:20:26 ----D---- C:\Program Files\QuarkXPress 7.0
2010-02-11 11:25:37 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-02-11 11:25:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-02-11 03:33:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-02-11 03:33:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-02-11 03:32:38 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-02-11 03:32:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-02-11 03:31:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-11 03:31:16 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-11 03:30:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-02-11 03:30:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-02-11 03:21:37 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-11 03:21:09 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-11 03:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-02-11 03:20:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-02-11 03:19:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-11 03:19:26 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-11 03:19:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-11 03:18:29 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-02-11 03:18:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-02-11 03:17:40 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-11 03:17:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-11 03:16:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-02-11 03:16:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-11 03:15:45 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-02-11 03:14:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-11 03:13:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-11 03:13:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-11 03:13:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-02-11 03:12:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-02-11 03:12:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-11 03:12:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-11 03:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-11 03:11:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-11 03:10:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-02-11 03:10:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-02-11 03:09:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-02-11 03:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-02-11 03:09:11 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-02-11 03:08:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-02-11 03:08:23 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-11 03:08:00 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-11 03:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-02-11 03:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-02-11 03:06:40 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-02-11 03:05:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-11 03:05:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-02-11 03:05:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-02-11 03:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-11 03:04:23 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-11 03:03:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-02-11 03:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-02-11 03:03:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-02-11 03:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-02-11 03:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-02-11 03:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-02-11 03:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-11 03:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-11 03:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-10 15:56:51 ----D---- C:\a0a930825de4ec2c49
2010-02-10 14:18:12 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-02-10 13:40:04 ----A---- C:\WINDOWS\system32\igfxres.dll
2010-02-10 13:26:33 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-02-10 13:11:30 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-02-10 13:11:30 ----A---- C:\WINDOWS\system32\irclass.dll
2010-02-02 11:42:56 ----D---- C:\Program Files\TrendMicro
2010-02-02 08:00:51 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-02-02 08:00:36 ----D---- C:\Program Files\SUPERAntiSpyware
2010-02-02 08:00:36 ----D---- C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\SUPERAntiSpyware.com
2010-02-02 07:59:45 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-28 13:55:05 ----D---- C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Malwarebytes
2010-01-28 13:54:44 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-01-28 13:54:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-28 07:27:25 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
2010-01-28 07:26:48 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-28 07:26:48 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-28 07:26:48 ----A---- C:\WINDOWS\system32\java.exe
2010-01-27 10:18:06 ----D---- C:\Program Files\a-squared Anti-Malware
2010-01-27 00:44:48 ----A---- C:\WINDOWS\system32\muweb.dll
2010-01-27 00:44:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-01-27 00:44:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-01-26 15:51:44 ----D---- C:\Program Files\Microsoft
2010-01-26 15:51:40 ----D---- C:\Program Files\MSN Toolbar
2010-01-26 15:46:32 ----D---- C:\Program Files\MSN Toolbar Installer
2010-01-21 21:33:01 ----D---- C:\WINDOWS\system32\IOSUBSYS

======List of files/folders modified in the last 1 months======

2010-02-17 12:27:08 ----D---- C:\WINDOWS\temp
2010-02-17 12:19:06 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-17 12:19:00 ----SD---- C:\WINDOWS\Tasks
2010-02-17 12:17:09 ----D---- C:\WINDOWS
2010-02-17 12:17:01 ----D---- C:\WINDOWS\system32\IAS
2010-02-17 12:16:55 ----D---- C:\Program Files\Symantec AntiVirus
2010-02-17 12:14:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-17 12:08:31 ----SHD---- C:\Config.Msi
2010-02-17 12:08:21 ----D---- C:\Program Files\Java
2010-02-17 12:07:50 ----D---- C:\WINDOWS\SYSTEM32
2010-02-17 12:07:39 ----SHD---- C:\WINDOWS\Installer
2010-02-17 12:04:47 ----D---- C:\Downloads
2010-02-17 12:03:30 ----RD---- C:\Program Files
2010-02-17 11:32:21 ----HD---- C:\WINDOWS\INF
2010-02-17 11:32:20 ----RSHDC---- C:\WINDOWS\system32\DLLCACHE
2010-02-17 11:32:12 ----D---- C:\WINDOWS\system32\DRIVERS
2010-02-17 11:32:08 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-17 10:51:18 ----D---- C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Adobe
2010-02-17 10:51:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2010-02-17 10:32:54 ----A---- C:\WINDOWS\hpbafd.ini
2010-02-17 08:32:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-17 08:30:51 ----A---- C:\WINDOWS\setuplog.txt
2010-02-17 08:29:23 ----D---- C:\WINDOWS\system32\Setup
2010-02-17 08:29:23 ----D---- C:\WINDOWS\AppPatch
2010-02-17 08:29:22 ----D---- C:\WINDOWS\IME
2010-02-17 08:29:20 ----D---- C:\WINDOWS\system32\WBEM
2010-02-17 08:29:17 ----RSD---- C:\WINDOWS\Fonts
2010-02-17 08:26:35 ----D---- C:\Program Files\Messenger
2010-02-17 08:23:51 ----D---- C:\Program Files\Outlook Express
2010-02-17 07:46:25 ----A---- C:\WINDOWS\imsins.BAK
2010-02-17 07:45:56 ----D---- C:\WINDOWS\SECURITY
2010-02-17 07:42:33 ----D---- C:\Program Files\Windows Media Player
2010-02-17 07:42:12 ----D---- C:\WINDOWS\system32\INETSRV
2010-02-17 07:42:11 ----D---- C:\WINDOWS\Help
2010-02-17 07:42:00 ----D---- C:\WINDOWS\PeerNet
2010-02-17 07:42:00 ----D---- C:\Program Files\Internet Explorer
2010-02-17 07:41:59 ----D---- C:\Program Files\Movie Maker
2010-02-17 07:39:11 ----D---- C:\WINDOWS\system32\Restore
2010-02-17 07:39:11 ----D---- C:\WINDOWS\system32\NPP
2010-02-17 07:39:10 ----D---- C:\WINDOWS\MUI
2010-02-17 07:39:09 ----D---- C:\WINDOWS\SRCHASST
2010-02-17 07:39:09 ----D---- C:\WINDOWS\MSAGENT
2010-02-17 07:39:08 ----D---- C:\Program Files\NetMeeting
2010-02-17 07:39:07 ----D---- C:\WINDOWS\system32\Com
2010-02-17 07:39:04 ----D---- C:\Program Files\Windows NT
2010-02-17 07:39:01 ----D---- C:\Program Files\Common Files\System
2010-02-17 07:38:41 ----D---- C:\WINDOWS\system32\USMT
2010-02-17 07:38:41 ----D---- C:\WINDOWS\system32\OOBE
2010-02-17 07:38:40 ----D---- C:\WINDOWS\SYSTEM
2010-02-17 07:33:38 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-17 07:28:06 ----D---- C:\WINDOWS\EHOME
2010-02-16 12:24:13 ----D---- C:\WINDOWS\system32\en-US
2010-02-16 07:21:19 ----D---- C:\WINDOWS\network diagnostic
2010-02-11 15:52:21 ----D---- C:\Program Files\Quark
2010-02-11 14:21:45 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Quark
2010-02-11 11:03:51 ----D---- C:\Program Files\Google
2010-02-11 10:58:54 ----D---- C:\Program Files\Smart PDF Converter
2010-02-11 10:57:17 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-11 08:11:20 ----D---- C:\WINDOWS\ie8updates
2010-02-11 08:11:16 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-11 08:08:50 ----HDC---- C:\WINDOWS\ie8
2010-02-11 07:38:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJPLM
2010-02-11 07:36:04 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJ
2010-02-11 07:21:13 ----SHD---- C:\WINDOWS\CSC
2010-02-11 03:15:12 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2010-02-10 14:18:22 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-10 13:52:36 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-02-10 13:45:14 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-10 13:39:36 ----D---- C:\WINDOWS\Registration
2010-02-10 13:38:00 ----D---- C:\System Volume Information
2010-02-10 13:35:53 ----D---- C:\WINDOWS\system32\CONFIG
2010-02-10 13:27:36 ----A---- C:\WINDOWS\OEWABLog.txt
2010-02-10 13:27:30 ----A---- C:\WINDOWS\ODBCINST.INI
2010-02-10 13:26:36 ----RD---- C:\WINDOWS\Web
2010-02-10 13:26:26 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-02-10 13:26:14 ----A---- C:\WINDOWS\win.ini
2010-02-10 13:22:47 ----SH---- C:\boot.ini
2010-02-10 13:11:37 ----A---- C:\WINDOWS\system.ini
2010-02-10 13:11:19 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
2010-02-10 06:06:34 ----D---- C:\WINDOWS\Media
2010-02-10 06:02:58 ----D---- C:\WINDOWS\TWAIN_32
2010-02-10 06:02:06 ----D---- C:\WINDOWS\system32\ICSXML
2010-02-10 06:01:27 ----D---- C:\WINDOWS\system32\1033
2010-02-10 06:00:25 ----D---- C:\WINDOWS\Driver Cache
2010-02-10 06:00:24 ----D---- C:\WINDOWS\WinSxS
2010-02-05 09:05:45 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2010-02-02 11:42:59 ----SD---- C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Microsoft
2010-02-02 07:59:45 ----D---- C:\Program Files\Common Files
2010-02-01 12:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-28 07:27:18 ----D---- C:\Program Files\Common Files\Java
2010-01-27 14:11:44 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-26 15:52:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-26 15:50:50 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-26 10:44:55 ----D---- C:\Program Files\MSN
2010-01-25 15:02:31 ----D---- C:\WINDOWS\Temporary Internet Files
2010-01-25 11:07:46 ----D---- C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Apple Computer
2010-01-25 10:46:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2010-01-19 11:49:20 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-03-11 263616]
R2 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-05-29 186112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100216.005\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100216.005\navex15.sys []
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-03-11 16288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kungsfumfiqvun;kungsfumfiqvun; C:\WINDOWS\system32\drivers\kungsfcobfdwjc.sys []
S3 epstw2k;SCM Parallel Port SCSI Driver; C:\WINDOWS\system32\DRIVERS\epstw2k.sys [2004-08-04 114944]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 scsiscan;SCSI Scanner Driver; C:\WINDOWS\system32\DRIVERS\scsiscan.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Adobe Version Cue CS2;Adobe Version Cue CS2; C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe [2005-04-04 163840]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-02-29 255096]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-02-29 242808]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2004-03-12 29928]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-17 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-08-07 242048]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2004-03-12 1221864]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-08 135664]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-07-13 72704]
S3 AdobeVersionCue;AdobeVersionCue; C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe [2003-10-13 61440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-02-29 87160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-03-16 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-21 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2005-11-28 68096]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-03-11 193760]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 ATMsrvc;ATM Service; C:\WINDOWS\System32\ATMsrvc.exe [2000-05-24 15360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


#10 KSPrincess

KSPrincess
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado
  • Local time:04:35 PM

Posted 17 February 2010 - 02:43 PM

P.S. -- whatever we just did fixed the Quark issue!

#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:35 AM

Posted 17 February 2010 - 04:24 PM

We didn't do much just removed some orphaned registry entries and emptied out your temp files, although their was over 3GB of temp files.

You have a few programs running at startup you could try using StartUpLite to trim them down, this may speed things up a little.


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy the content of the following codebox into the main textfield :
    CODE
    :filefind
    proquota.exe
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan, Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt



We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the icon on your desktop.
  • Paste the following code under the area. Do not include the word "Code".
    CODE
    :Services
    kungsfumfiqvun
    :Reg
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
    "{06663B56-0D73-4f9f-BCC5-4AA941470AFD}"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
    "{06663B56-0D73-4f9f-BCC5-4AA941470AFD}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{06663B56-0D73-4f9f-BCC5-4AA941470AFD}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\WINDOWS\system32\winver.exe"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"=-
    :Commands
    [Reboot]
  • Push the large button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Then please post back here with the following logs:
  • SystemLook.txt
  • OTM results
  • New Rsit log

Thanks

unite.jpg


#12 KSPrincess

KSPrincess
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado
  • Local time:04:35 PM

Posted 18 February 2010 - 02:14 PM

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 09:10 on 18/02/2010 by tammyb (Administrator - Elevation successful)

========== filefind ==========

Searching for "proquota.exe"
C:\I386\PROQUOTA.EXE --a--c 50176 bytes [18:29 29/03/2005] [11:00 04/08/2004] 4D9D45A4370E0C2AD00C362B7118E2A4
C:\WINDOWS\$NtServicePackUninstall$\proquota.exe -----c 50176 bytes [14:29 17/02/2010] [12:00 04/08/2004] 4D9D45A4370E0C2AD00C362B7118E2A4
C:\WINDOWS\ServicePackFiles\i386\proquota.exe ------ 50176 bytes [03:52 12/02/2010] [00:12 14/04/2008] F6465A2EEF75468988A4FCF124148FA8
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\proquota.exe --a--- 50176 bytes [03:52 12/02/2010] [00:12 14/04/2008] F6465A2EEF75468988A4FCF124148FA8
C:\WINDOWS\SYSTEM32\proquota.exe --a--- 50176 bytes [12:00 04/08/2004] [00:12 14/04/2008] F6465A2EEF75468988A4FCF124148FA8

-=End Of File=-

========== SERVICES/DRIVERS ==========
Error: No service named kungsfumfiqvun was found to stop!
Unable to stop service kungsfumfiqvun!
========== REGISTRY ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyServer"|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{06663B56-0D73-4f9f-BCC5-4AA941470AFD} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06663B56-0D73-4f9f-BCC5-4AA941470AFD}\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{06663B56-0D73-4f9f-BCC5-4AA941470AFD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06663B56-0D73-4f9f-BCC5-4AA941470AFD}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{06663B56-0D73-4f9f-BCC5-4AA941470AFD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06663B56-0D73-4f9f-BCC5-4AA941470AFD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}\ not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\winver.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched not found.
========== COMMANDS ==========

OTM by OldTimer - Version 3.1.8.0 log created on 02182010_113043

Logfile of random's system information tool 1.06 (written by random/random)
Run by tammyb at 2010-02-18 12:16:19
Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (16%) free of 76 GB
Total RAM: 1014 MB (3% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:35 PM, on 2/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\AdobeCS2\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\AdobeCS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\tammyb.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trea.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll
R3 - URLSearchHook: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O2 - BHO: (no name) - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GoodShopToolbar - {0b4d6b1c-d1a6-4b21-9412-cc846ebfa818} - C:\Program Files\GoodSearch.com\GoodSearch Toolbar\adxloader.dll
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll
O2 - BHO: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: GoodSearchBar - {10834e9a-d475-4a24-ad01-f3f24f71b28e} - C:\Program Files\GoodSearch.com\GoodSearch Toolbar\adxloader.dll
O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll
O3 - Toolbar: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\AdobeCS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.ebay.com
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1242408713364
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = treadomain.org
O17 - HKLM\Software\..\Telephony: DomainName = treadomain.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = treadomain.org
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = treadomain.org
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 14435 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0b4d6b1c-d1a6-4b21-9412-cc846ebfa818}]
GoodShopToolbar - C:\Program Files\GoodSearch.com\GoodSearch Toolbar\adxloader.dll [2008-08-04 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
MHTBPos00 Class - C:\Program Files\Family Toolbar\tbcore3.dll [2009-05-07 2642432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{601ED020-FB6C-11D3-87D8-0050DA59922B}]
WsftpBrowserHelper Class - C:\Program Files\WS_FTP Pro\wsbho2K0.dll [2003-12-16 118830]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
Wisdom-soft toolbar - C:\Program Files\Wisdom-soft\tbWisd.dll [2007-07-17 1379352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-08-07 138608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-01-11 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-03 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-08 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar BHO - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll [2009-11-18 506720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4}]
Pando Toolbar BHO - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2009-06-03 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-11 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - Pando Toolbar - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2009-06-03 266240]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\AdobeCS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{10834e9a-d475-4a24-ad01-f3f24f71b28e} - GoodSearchBar - C:\Program Files\GoodSearch.com\GoodSearch Toolbar\adxloader.dll [2008-08-04 315392]
{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - Family Toolbar - C:\Program Files\Family Toolbar\tbcore3.dll [2009-05-07 2642432]
{6dfc55bb-bfff-485a-9709-90c3fdf6db58} - Wisdom-soft toolbar - C:\Program Files\Wisdom-soft\tbWisd.dll [2007-07-17 1379352]
{8dcb7100-df86-4384-8842-8fa844297b3f} - MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll [2009-11-18 506720]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-03 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-02-29 66680]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2004-03-12 124128]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"AdobeVersionCue"=C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe [2003-10-13 1732608]
"Adobe Version Cue CS2"=C:\Program Files\AdobeCS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [2005-04-04 856064]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"MSN Toolbar"=C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe [2009-11-18 240480]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-07-17 288080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\tammyb.TREADOMAIN\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2004-03-12 83176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoWelcomeScreen"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\SYSTEM32\java.exe"="C:\WINDOWS\SYSTEM32\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe"="C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2"
"C:\Program Files\WS_FTP Pro\wsftppro.exe"="C:\Program Files\WS_FTP Pro\wsftppro.exe:*:Enabled:WS_FTP Pro Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c5f4c5c-4091-11de-b198-001143bcfe59}]
shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe


======List of files/folders created in the last 1 months======

2010-02-18 03:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-02-18 03:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-02-17 12:09:13 ----D---- C:\_OTM
2010-02-17 12:04:10 ----D---- C:\WINDOWS\ERDNT
2010-02-17 12:03:30 ----D---- C:\Program Files\ERUNT
2010-02-17 08:30:30 ----D---- C:\WINDOWS\Prefetch
2010-02-17 08:26:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-02-17 07:46:17 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2010-02-17 07:28:09 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-02-16 12:25:40 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2010-02-16 12:25:25 ----D---- C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Office Genuine Advantage
2010-02-16 12:24:16 ----D---- C:\WINDOWS\system32\zh-TW
2010-02-16 12:24:16 ----D---- C:\WINDOWS\system32\zh-HK
2010-02-16 12:24:16 ----D---- C:\WINDOWS\system32\tr-TR
2010-02-16 12:24:16 ----D---- C:\WINDOWS\system32\sv-SE
2010-02-16 12:24:16 ----D---- C:\WINDOWS\system32\pt-BR
2010-02-16 12:24:15 ----D---- C:\WINDOWS\system32\nl-NL
2010-02-16 12:24:15 ----D---- C:\WINDOWS\system32\nb-NO
2010-02-16 12:24:15 ----D---- C:\WINDOWS\system32\ko-KR
2010-02-16 12:24:15 ----D---- C:\WINDOWS\system32\it-IT
2010-02-16 12:24:14 ----D---- C:\WINDOWS\system32\he-IL
2010-02-16 12:24:14 ----D---- C:\WINDOWS\system32\fr-FR
2010-02-16 12:24:14 ----D---- C:\WINDOWS\system32\fi-FI
2010-02-16 12:24:14 ----D---- C:\WINDOWS\system32\es-ES
2010-02-16 12:24:14 ----D---- C:\WINDOWS\system32\el-GR
2010-02-16 12:24:14 ----D---- C:\WINDOWS\system32\de-DE
2010-02-16 12:24:14 ----D---- C:\WINDOWS\system32\da-DK
2010-02-16 12:24:13 ----D---- C:\WINDOWS\system32\ar-SA
2010-02-12 14:00:23 ----D---- C:\rsit
2010-02-11 20:51:36 ----N---- C:\WINDOWS\system32\ieencode.dll
2010-02-11 14:20:26 ----D---- C:\Program Files\QuarkXPress 7.0
2010-02-11 11:25:37 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-02-11 11:25:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-02-11 03:33:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-02-11 03:33:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-02-11 03:32:38 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-02-11 03:32:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-02-11 03:31:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-11 03:31:16 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-11 03:30:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-02-11 03:30:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-02-11 03:21:37 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-11 03:21:09 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-11 03:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-02-11 03:20:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-02-11 03:19:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-11 03:19:26 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-11 03:19:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-11 03:18:29 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-02-11 03:18:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-02-11 03:17:40 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-11 03:17:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-11 03:16:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-02-11 03:16:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-11 03:15:45 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-02-11 03:14:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-11 03:13:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-11 03:13:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-11 03:13:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-02-11 03:12:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-02-11 03:12:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-11 03:12:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-11 03:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-11 03:11:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-11 03:10:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-02-11 03:10:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-02-11 03:09:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-02-11 03:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-02-11 03:09:11 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-02-11 03:08:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-02-11 03:08:23 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-11 03:08:00 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-11 03:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-02-11 03:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-02-11 03:06:40 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-02-11 03:05:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-11 03:05:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-02-11 03:05:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-02-11 03:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-11 03:04:23 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-11 03:03:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-02-11 03:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-02-11 03:03:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-02-11 03:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-02-11 03:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-02-11 03:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-02-11 03:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-11 03:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-11 03:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-10 15:56:51 ----D---- C:\a0a930825de4ec2c49
2010-02-10 14:18:12 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-02-10 13:40:04 ----A---- C:\WINDOWS\system32\igfxres.dll
2010-02-10 13:26:33 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-02-10 13:11:30 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-02-10 13:11:30 ----A---- C:\WINDOWS\system32\irclass.dll
2010-02-02 11:42:56 ----D---- C:\Program Files\TrendMicro
2010-02-02 08:00:51 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-02-02 08:00:36 ----D---- C:\Program Files\SUPERAntiSpyware
2010-02-02 08:00:36 ----D---- C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\SUPERAntiSpyware.com
2010-02-02 07:59:45 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-28 13:55:05 ----D---- C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Malwarebytes
2010-01-28 13:54:44 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-01-28 13:54:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-28 07:27:25 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
2010-01-28 07:26:48 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-28 07:26:48 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-28 07:26:48 ----A---- C:\WINDOWS\system32\java.exe
2010-01-27 10:18:06 ----D---- C:\Program Files\a-squared Anti-Malware
2010-01-27 00:44:48 ----A---- C:\WINDOWS\system32\muweb.dll
2010-01-27 00:44:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-01-27 00:44:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-01-26 15:51:44 ----D---- C:\Program Files\Microsoft
2010-01-26 15:51:40 ----D---- C:\Program Files\MSN Toolbar
2010-01-26 15:46:32 ----D---- C:\Program Files\MSN Toolbar Installer
2010-01-21 21:33:01 ----D---- C:\WINDOWS\system32\IOSUBSYS

======List of files/folders modified in the last 1 months======

2010-02-18 12:16:12 ----D---- C:\WINDOWS\temp
2010-02-18 12:06:14 ----SD---- C:\WINDOWS\Tasks
2010-02-18 12:06:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-18 12:05:47 ----D---- C:\WINDOWS
2010-02-18 11:33:51 ----D---- C:\WINDOWS\system32\IAS
2010-02-18 11:33:46 ----D---- C:\Program Files\Symantec AntiVirus
2010-02-18 11:32:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-18 09:17:42 ----D---- C:\WINDOWS\SECURITY
2010-02-18 09:15:16 ----D---- C:\Downloads
2010-02-18 03:02:25 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-18 03:01:51 ----HD---- C:\WINDOWS\INF
2010-02-18 03:01:47 ----RSHDC---- C:\WINDOWS\system32\DLLCACHE
2010-02-18 03:01:47 ----D---- C:\WINDOWS\SYSTEM32
2010-02-18 03:01:23 ----A---- C:\WINDOWS\imsins.BAK
2010-02-17 12:08:31 ----SHD---- C:\WINDOWS\Installer
2010-02-17 12:08:31 ----SHD---- C:\Config.Msi
2010-02-17 12:08:21 ----D---- C:\Program Files\Java
2010-02-17 12:03:30 ----RD---- C:\Program Files
2010-02-17 11:32:12 ----D---- C:\WINDOWS\system32\DRIVERS
2010-02-17 10:51:18 ----D---- C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Adobe
2010-02-17 10:51:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2010-02-17 10:32:54 ----A---- C:\WINDOWS\hpbafd.ini
2010-02-17 08:32:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-17 08:30:51 ----A---- C:\WINDOWS\setuplog.txt
2010-02-17 08:29:23 ----D---- C:\WINDOWS\system32\Setup
2010-02-17 08:29:23 ----D---- C:\WINDOWS\AppPatch
2010-02-17 08:29:22 ----D---- C:\WINDOWS\IME
2010-02-17 08:29:20 ----D---- C:\WINDOWS\system32\WBEM
2010-02-17 08:29:17 ----RSD---- C:\WINDOWS\Fonts
2010-02-17 08:26:35 ----D---- C:\Program Files\Messenger
2010-02-17 08:23:51 ----D---- C:\Program Files\Outlook Express
2010-02-17 07:42:33 ----D---- C:\Program Files\Windows Media Player
2010-02-17 07:42:12 ----D---- C:\WINDOWS\system32\INETSRV
2010-02-17 07:42:11 ----D---- C:\WINDOWS\Help
2010-02-17 07:42:00 ----D---- C:\WINDOWS\PeerNet
2010-02-17 07:42:00 ----D---- C:\Program Files\Internet Explorer
2010-02-17 07:41:59 ----D---- C:\Program Files\Movie Maker
2010-02-17 07:39:11 ----D---- C:\WINDOWS\system32\Restore
2010-02-17 07:39:11 ----D---- C:\WINDOWS\system32\NPP
2010-02-17 07:39:10 ----D---- C:\WINDOWS\MUI
2010-02-17 07:39:09 ----D---- C:\WINDOWS\SRCHASST
2010-02-17 07:39:09 ----D---- C:\WINDOWS\MSAGENT
2010-02-17 07:39:08 ----D---- C:\Program Files\NetMeeting
2010-02-17 07:39:07 ----D---- C:\WINDOWS\system32\Com
2010-02-17 07:39:04 ----D---- C:\Program Files\Windows NT
2010-02-17 07:39:01 ----D---- C:\Program Files\Common Files\System
2010-02-17 07:38:41 ----D---- C:\WINDOWS\system32\USMT
2010-02-17 07:38:41 ----D---- C:\WINDOWS\system32\OOBE
2010-02-17 07:38:40 ----D---- C:\WINDOWS\SYSTEM
2010-02-17 07:33:38 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-17 07:28:06 ----D---- C:\WINDOWS\EHOME
2010-02-16 12:24:13 ----D---- C:\WINDOWS\system32\en-US
2010-02-16 07:21:19 ----D---- C:\WINDOWS\network diagnostic
2010-02-11 15:52:21 ----D---- C:\Program Files\Quark
2010-02-11 14:21:45 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Quark
2010-02-11 11:03:51 ----D---- C:\Program Files\Google
2010-02-11 10:58:54 ----D---- C:\Program Files\Smart PDF Converter
2010-02-11 10:57:17 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-11 08:11:20 ----D---- C:\WINDOWS\ie8updates
2010-02-11 08:11:16 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-11 08:08:50 ----HDC---- C:\WINDOWS\ie8
2010-02-11 07:38:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJPLM
2010-02-11 07:36:04 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJ
2010-02-11 07:21:13 ----SHD---- C:\WINDOWS\CSC
2010-02-11 03:15:12 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2010-02-10 14:18:22 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-10 13:52:36 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-02-10 13:45:14 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-10 13:39:36 ----D---- C:\WINDOWS\Registration
2010-02-10 13:38:00 ----D---- C:\System Volume Information
2010-02-10 13:35:53 ----D---- C:\WINDOWS\system32\CONFIG
2010-02-10 13:27:36 ----A---- C:\WINDOWS\OEWABLog.txt
2010-02-10 13:27:30 ----A---- C:\WINDOWS\ODBCINST.INI
2010-02-10 13:26:36 ----RD---- C:\WINDOWS\Web
2010-02-10 13:26:26 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-02-10 13:26:14 ----A---- C:\WINDOWS\win.ini
2010-02-10 13:22:47 ----SH---- C:\boot.ini
2010-02-10 13:11:37 ----A---- C:\WINDOWS\system.ini
2010-02-10 13:11:19 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
2010-02-10 06:06:34 ----D---- C:\WINDOWS\Media
2010-02-10 06:02:58 ----D---- C:\WINDOWS\TWAIN_32
2010-02-10 06:02:06 ----D---- C:\WINDOWS\system32\ICSXML
2010-02-10 06:01:27 ----D---- C:\WINDOWS\system32\1033
2010-02-10 06:00:25 ----D---- C:\WINDOWS\Driver Cache
2010-02-10 06:00:24 ----D---- C:\WINDOWS\WinSxS
2010-02-05 09:05:45 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2010-02-02 11:42:59 ----SD---- C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Microsoft
2010-02-02 07:59:45 ----D---- C:\Program Files\Common Files
2010-02-01 12:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-28 07:27:18 ----D---- C:\Program Files\Common Files\Java
2010-01-27 14:11:44 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-26 15:52:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-26 15:50:50 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-26 10:44:55 ----D---- C:\Program Files\MSN
2010-01-25 15:02:31 ----D---- C:\WINDOWS\Temporary Internet Files
2010-01-25 11:07:46 ----D---- C:\Documents and Settings\tammyb.TREADOMAIN\Application Data\Apple Computer
2010-01-25 10:46:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2010-01-19 11:49:20 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-03-11 263616]
R2 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-05-29 186112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100216.005\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100216.005\navex15.sys []
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-03-11 16288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kungsfumfiqvun;kungsfumfiqvun; C:\WINDOWS\system32\drivers\kungsfcobfdwjc.sys []
S3 epstw2k;SCM Parallel Port SCSI Driver; C:\WINDOWS\system32\DRIVERS\epstw2k.sys [2004-08-04 114944]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 scsiscan;SCSI Scanner Driver; C:\WINDOWS\system32\DRIVERS\scsiscan.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Adobe Version Cue CS2;Adobe Version Cue CS2; C:\Program Files\AdobeCS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe [2005-04-04 163840]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-02-29 255096]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-02-29 242808]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2004-03-12 29928]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-17 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-08-07 242048]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2004-03-12 1221864]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-08 135664]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-07-13 72704]
S3 AdobeVersionCue;AdobeVersionCue; C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe [2003-10-13 61440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-02-29 87160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-03-16 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-21 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2005-11-28 68096]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-03-11 193760]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 ATMsrvc;ATM Service; C:\WINDOWS\System32\ATMsrvc.exe [2000-05-24 15360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:35 AM

Posted 18 February 2010 - 02:27 PM

It seems Teatimer is stopping some cleaning so please disable temporarily.

To disable Teatimer, open Spybot and click on the Mode tab and select Advanced mode.
It will ask you if your sure you want to go into advanced mode, select yes.
Now go to tools and click on the resident tab.
Uncheck the box that says "Resident "TeaTimer" (Protection of over-all system settings) active".
Then close Spybot and reboot your computer.

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the icon on your desktop.
  • Paste the following code under the area. Do not include the word "Code".
    CODE
    :Services
    kungsfumfiqvun
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}]
    :Commands
    [Reboot]
  • Push the large button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

unite.jpg


#14 KSPrincess

KSPrincess
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado
  • Local time:04:35 PM

Posted 18 February 2010 - 06:35 PM



========== SERVICES/DRIVERS ==========
Error: No service named kungsfumfiqvun was found to stop!
Unable to stop service kungsfumfiqvun!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}\ not found.
========== COMMANDS ==========

OTM by OldTimer - Version 3.1.8.0 log created on 02182010_162617


#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:35 AM

Posted 18 February 2010 - 07:27 PM

  • Go to Start >> Run
  • Copy and paste the following command line into the Run box, then click OK.
CMD /C REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kungsfumfiqvun >log.txt&Start log.txt
  • The command prompt should pop up for a second, then a log will open, please post the contents.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users