Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
21 replies to this topic

#1 auk88

auk88

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 21 March 2010 - 10:07 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:54:53, on 21/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\System32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN (file missing)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Charm%20Tale%202%20-%20Mermaid%20Lagoon/Images/stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/...NPUplden-gb.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Charm%20Tale%202%20-%20Mermaid%20Lagoon/Images/armhelper.ocx
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s...el_4.1.66.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...NPUplden-gb.cab
O18 - Protocol: bw+0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {68E2EC7B-263E-40CD-B34A-BF97B07D65B7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 20431 bytes

Edited by Pandy, 21 March 2010 - 11:31 AM.
Moved from Windows Vista to a more appropiate form, as logs are included ~Pandy


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:13 PM

Posted 24 March 2010 - 01:09 PM

Hi auk88, and welcome to Bleeping Computer.

Could you provide paths to files detected as infected??..

Follow the Preparation Guide and post the logs requested...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 auk88

auk88
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 26 March 2010 - 09:41 AM

Hi, I'm just going to run the logs.
I have one problem I don't have enough space on the computor or an external memory device to store the backed up files. Do i need to back up the files?

#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:13 PM

Posted 26 March 2010 - 11:35 AM

Hi auk88!!.. smile.gif.

QUOTE(auk88 @ Mar 26 2010, 03:41 PM) View Post
I have one problem I don't have enough space on the computor or an external memory device to store the backed up files. Do i need to back up the files?

I can think of 2 reasons why it's a good idea to back-up all files right at the beginning of the fix... Firstly, some malware can do enough damage to the system to prevent it from booting up properly... Secondly, there is always a possibility something will not go right during our fix, hence your system may become unbootable...

This is certainly not a crucial step, but it's highly recommended... If you do not have an extra space for a back-up, proceed with the rest of the instructions... smile.gif..
Alternatively, you may want to use some kind of an online service for a storage of your files, like: SkyDrive - Windows Live
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 auk88

auk88
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 27 March 2010 - 09:15 AM

Hi snemelk,

So i have an account with skydrive but I don't know how to back up the files on there.....theres no option from the backup programe to save it onto a website, i think.....

will you be able to give me some instructions please?

#6 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:13 PM

Posted 27 March 2010 - 03:54 PM

Hi again auk88!!.. smile.gif.

QUOTE(auk88 @ Mar 27 2010, 03:15 PM) View Post
will you be able to give me some instructions please?

No problem!.. These sites should be of help:
Drag and Drop To Upload Files To Windows Sky Drive
SkyDrive: Drag and Drop
How To Add Your Windows Live SkyDrive To Explorer

thumbup2.gif
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#7 auk88

auk88
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 27 March 2010 - 04:53 PM

Hello snemelk,

I'm trying to back up the files using Gladinet onto the Skydrive, but I was wondering if I need to use it along with Comodo? It seems like I can back the files up using Gladinet alone, but I just wanted to be sure.

#8 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:13 PM

Posted 27 March 2010 - 06:31 PM

Hi!.. smile.gif.

QUOTE(auk88 @ Mar 27 2010, 10:53 PM) View Post
It seems like I can back the files up using Gladinet alone, but I just wanted to be sure.

Yes, that should be ok... ;)
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#9 auk88

auk88
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 01 April 2010 - 06:16 AM

Hi snemelk,

The backing up is taking its sweet time, it keeps pausing....I still need your help to diagnose the log, but i'll have to run the logs you require after the backup completes.

Will that be ok?



#10 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:13 PM

Posted 01 April 2010 - 07:20 AM

Hi again auk88!!.. smile.gif.

You can always run a DDS scan and post its logs (it's completely invasive, see here: Preparation Guide) and tell me what files are being constantly detected by your antivirus software... Then, I'll be able to make up my mind if we need to run more powerful tools (if yes, the backup routine has to be finished)... smile.gif..
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#11 auk88

auk88
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 01 April 2010 - 11:46 AM

Hey snemelk,

I'll run the DDS scan and post the logs asap...

#12 auk88

auk88
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 02 April 2010 - 05:04 AM

Hi snemelk,

Pasted below is the DDS log; I've attached the "Attach.txt" log and the "Ark.txt" log from the GMER scan to the message.

Along with previous scans picking up the same infected files, my internet keeps crashing and when trying to open the security options a box pops up saying "windows has failed to open security options dialog", I have got rid of this before but it seems to come back.

Hope this isn't too much trouble smile.gif


DDS (Ver_10-03-17.01) - NTFSx86
Run by Ana at 10:27:05.04 on 01/01/2005
Internet Explorer: 8.0.6001.18904
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.1027 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Comodo\BackUp\CmdBkSvc.exe
C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ana\Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local;127.0.0.1
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
{52e729d7-dffb-4011-97ee-d7e28212d901}
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\gladin~1.lnk - c:\windows\installer\{c630daae-f222-48ab-9055-835591011b8f}\_F53F342E66155566A1DC89.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Charm%20Tale%202%20-%20Mermaid%20Lagoon/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Charm%20Tale%202%20-%20Mermaid%20Lagoon/Images/armhelper.ocx
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab57176.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-2-5 162640]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-2-8 142592]
R1 uzqxmzux;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uzqxmzux.sys [2009-11-21 11264]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-5 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-2-5 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-8 40384]
R2 ComodoBackupService;ComodoBackupService;c:\program files\comodo\backup\CmdBkSvc.exe [2010-3-28 1023488]
R2 GladFileMonSvc;GladFileMonSvc;c:\program files\gladinet\gladinet cloud desktop\GladFileMonSvc.exe [2010-3-18 25320]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-8 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-8 40384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-30 21504]

=============== Created Last 30 ================

2010-03-31 11:45:37 0 d-----w- c:\program files\iPod
2010-03-31 11:45:27 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-03-31 11:34:46 0 d-----w- c:\program files\Bonjour
2010-03-28 13:54:46 0 d-----w- c:\program files\Windows Live SkyDrive
2010-03-27 15:58:23 0 d-----w- c:\users\ana\appdata\roaming\Comodo
2010-03-27 15:19:10 0 d-----w- c:\program files\Comodo
2010-03-27 15:14:34 0 d-----w- C:\Gladinet
2010-03-27 15:13:06 0 d-----w- c:\program files\Gladinet
2010-03-21 14:45:43 1879 ----a-w- C:\HijackThis.lnk
2010-03-21 14:38:37 0 d-sh--w- C:\$RECYCLE.BIN
2010-03-17 20:53:42 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-03-17 20:53:42 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-03-11 20:16:34 0 d-----w- c:\windows\system32\x64
2010-03-11 03:19:20 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 03:16:20 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 03:15:52 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 01:19:31 0 d-----w- c:\program files\SystemRequirementsLab
2010-03-06 19:05:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-06 19:05:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-06 17:30:07 0 d-----w- c:\programdata\WindowsSearch
2010-03-01 03:00:34 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-24 19:26:48 0 d-----w- c:\programdata\Trusteer
2010-02-24 14:14:00 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 14:13:05 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 14:13:03 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 14:12:49 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 14:12:46 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 14:12:45 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 14:12:45 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 14:12:45 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 14:12:45 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 14:12:45 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 14:12:41 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 14:12:40 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-24 14:12:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-21 03:30:06 0 d-----w- c:\program files\K-Lite Codec Pack
2010-02-21 03:19:24 178176 ----a-w- c:\windows\system32\unrar.dll
2010-02-16 16:53:55 719872 ----a-w- c:\windows\system32\devil.dll
2010-02-16 16:53:55 308224 ----a-w- c:\windows\system32\avisynth.dll
2010-02-16 02:12:49 0 d-----w- c:\program files\WMR14
2010-02-16 01:51:40 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-02-16 01:51:40 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-02-16 01:50:47 0 d-----w- c:\windows\Applian Director
2010-02-16 01:50:23 0 d-----w- c:\windows\Replay Media Catcher
2010-02-16 01:50:22 0 d-----w- c:\program files\Replay Media Catcher
2010-02-14 17:54:17 0 d-----w- c:\program files\Zone Labs
2010-02-14 17:53:21 0 d-----w- c:\programdata\CheckPoint
2010-02-14 17:53:20 0 d-----w- c:\windows\Internet Logs
2010-02-14 17:48:56 0 d-----w- c:\program files\CCleaner
2010-02-12 10:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-10 08:56:13 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 08:56:13 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 08:56:08 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 08:56:08 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 08:56:04 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 08:56:04 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 08:55:59 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 08:55:59 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 08:55:59 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 08:55:59 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 08:55:59 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 08:55:59 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 08:55:58 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 08:55:58 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 08:55:58 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 08:55:41 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 08:55:41 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-08 21:41:59 0 d-----w- c:\programdata\Alwil Software
2010-02-08 15:40:20 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-02-08 15:40:20 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-02-08 15:39:18 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-08 15:31:32 0 d-----w- c:\programdata\Apple
2010-01-13 07:37:09 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 07:37:09 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-05 02:11:14 0 d-----w- C:\PMAIL
2009-12-16 16:40:03 0 d-----w- c:\users\ana\appdata\roaming\KompoZer
2009-12-13 17:32:20 0 d-----w- c:\users\ana\appdata\roaming\Nvu
2009-12-09 10:16:20 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 10:15:37 243712 ----a-w- c:\windows\system32\rastls.dll
2009-11-24 19:26:08 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 19:26:07 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 19:26:05 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-11-21 22:39:13 77312 ----a-w- c:\windows\MBR.exe
2009-11-21 22:39:13 261632 ----a-w- c:\windows\PEV.exe
2009-11-21 22:39:13 161792 ----a-w- c:\windows\SWREG.exe
2009-11-21 22:39:12 98816 ----a-w- c:\windows\sed.exe
2009-11-21 22:21:10 11264 ----a-w- c:\windows\system32\drivers\uzqxmzux.sys
2009-11-10 23:30:28 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 23:27:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-06 10:37:52 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-06 10:37:17 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-06 10:36:51 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-06 10:36:50 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-01 04:36:35 0 d-----w- c:\program files\Windows Portable Devices
2009-11-01 04:36:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-01 04:35:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-01 03:09:41 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-01 03:09:38 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-01 03:09:38 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-01 03:07:59 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-11-01 03:07:59 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-11-01 03:07:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-11-01 03:07:59 5105 ----a-w- c:\windows\system32\wbem\portabledeviceapi.mof
2009-11-01 03:07:59 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-11-01 03:07:59 3490 ----a-w- c:\windows\system32\wbem\portabledevicetypes.mof
2009-11-01 03:07:59 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-11-01 03:07:59 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-11-01 03:07:59 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-11-01 03:07:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-11-01 03:07:58 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-11-01 03:07:58 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-11-01 03:07:58 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-11-01 03:05:29 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-01 03:05:28 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-01 03:05:28 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-28 13:13:47 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 13:13:44 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-16 01:25:37 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 01:24:34 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-16 01:24:31 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-16 01:24:26 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-05 20:39:38 0 d-----w- c:\users\ana\Office Genuine Advantage
2009-10-03 08:14:57 181632 ------w- c:\windows\system32\MpSigStub.exe
2009-09-29 09:21:38 49904 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS
2009-09-29 09:20:50 0 d-----w- C:\Netgear
2009-09-26 17:11:41 0 d-----w- c:\programdata\Office Genuine Advantage
2009-09-22 05:22:35 0 d-----w- c:\windows\system32\vi-VN
2009-09-22 05:22:35 0 d-----w- c:\windows\system32\eu-ES
2009-09-22 05:22:35 0 d-----w- c:\windows\system32\ca-ES
2009-09-22 04:44:41 0 d-----w- c:\windows\system32\EventProviders
2009-09-14 15:29:47 0 d-----w- c:\users\ana\appdata\roaming\TSO
2009-09-14 15:25:41 0 d-----w- c:\program files\DSA Theory Test
2009-09-11 10:01:59 378368 ----a-w- c:\windows\system32\imapi2.dll
2009-09-11 10:00:59 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-09-11 09:59:58 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-09-09 19:03:13 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 19:03:09 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 19:03:08 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 19:03:08 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 19:03:08 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 19:03:07 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 19:03:07 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 19:03:06 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 19:03:04 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-28 19:42:52 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 19:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 13:34:54 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-27 13:34:53 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-27 13:34:52 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-27 13:34:51 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-27 13:34:50 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-27 13:34:50 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-27 13:34:50 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-19 21:37:09 0 ----a-w- c:\windows\system32\config.nt
2009-08-17 23:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-12 22:26:07 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-12 22:26:05 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-12 22:26:03 53248 ----a-w- c:\windows\system32\tsgqec.dll
2009-08-12 22:26:03 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-12 22:26:03 136192 ----a-w- c:\windows\system32\aaclient.dll
2009-08-12 22:25:54 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-12 22:25:53 4096 ----a-w- c:\windows\system32\msdxm.ocx
2009-08-12 22:25:53 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-12 22:25:52 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-12 22:25:51 43520 ----a-w- c:\windows\system32\msdxm.tlb
2009-08-12 22:25:51 18432 ----a-w- c:\windows\system32\amcompat.tlb
2009-08-03 14:07:42 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07:42 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07:42 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-28 23:34:45 57667 ----a-w- c:\windows\system32\ieuinit.inf
2009-07-21 00:05:40 1348432 ----a-w- c:\windows\system32\msxml4.dll
2009-07-17 01:31:10 0 d-----w- c:\programdata\PC Drivers HeadQuarters
2009-07-15 12:27:43 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-07-15 12:27:43 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 12:27:43 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 12:27:43 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-09 13:06:57 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-26 18:34:09 0 d-----w- c:\program files\common files\DivX Shared
2009-06-10 09:14:02 623616 ----a-w- c:\windows\system32\localspl.dll
2009-06-10 09:14:00 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-13 15:01:16 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-05-13 14:59:35 66482 ----a-w- c:\windows\system32\lvcoinst.ini
2009-05-13 14:59:35 490008 ----a-w- c:\windows\system32\LVUI2.dll
2009-05-13 14:59:35 4658584 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2009-05-13 14:59:35 465432 ----a-w- c:\windows\system32\LVUI2RC.dll
2009-05-13 14:59:35 41752 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys
2009-05-13 14:59:35 416280 ----a-w- c:\windows\system32\lvcodec2.dll
2009-05-13 14:59:35 195096 ----a-w- c:\windows\system32\lvci11801048.dll
2009-05-13 14:59:01 627864 ----a-w- c:\windows\system32\drivers\lvrs.sys
2009-05-13 14:59:01 25974 ----a-w- c:\windows\system32\Repository.reg
2009-05-13 14:54:18 0 d-----w- c:\programdata\Logishrd
2009-05-13 14:53:37 0 d-----w- c:\programdata\Logitech
2009-05-07 19:58:34 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-05-07 19:54:31 0 d-----r- c:\program files\Skype
2009-05-07 19:54:23 0 d-----w- c:\programdata\Skype
2009-05-04 23:00:50 0 d-----w- c:\program files\WinClamAVShield
2009-04-22 17:52:30 0 d-----w- c:\users\ana\appdata\roaming\Research In Motion
2009-04-22 17:51:57 26368 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2009-04-22 17:50:59 0 d-----w- c:\users\ana\appdata\roaming\Blackberry Desktop
2009-04-22 17:50:31 0 d-----w- c:\program files\common files\Research In Motion
2009-04-22 17:50:08 0 d-----w- c:\program files\Research In Motion
2009-04-04 03:13:18 0 d-----w- c:\programdata\Cached Installations
2009-03-05 22:11:47 0 d-----w- c:\users\ana\appdata\roaming\LimeWire
2009-02-24 20:16:54 0 d-----w- c:\users\ana\appdata\roaming\Azureus
2009-02-24 20:16:16 0 d-----w- c:\program files\Vuze
2009-02-24 19:30:53 0 d-----w- c:\users\ana\appdata\roaming\WinPatrol
2009-02-24 19:30:41 0 d-----w- c:\program files\BillP Studios
2009-02-24 13:58:32 0 d-----w- C:\OnlineArmor
2009-02-24 13:45:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-02-23 21:17:47 65536 --sha-w- c:\users\ana\ntuser.dat{531bfd87-01ef-11de-bba5-001b383db16b}.TM.blf
2009-02-23 21:17:47 524288 --sha-w- c:\users\ana\ntuser.dat{531bfd87-01ef-11de-bba5-001b383db16b}.TMContainer00000000000000000002.regtrans-ms
2009-02-23 21:17:47 524288 --sha-w- c:\users\ana\ntuser.dat{531bfd87-01ef-11de-bba5-001b383db16b}.TMContainer00000000000000000001.regtrans-ms
2009-02-23 15:49:14 128 ----a-w- c:\windows\system32\BIN_STRSBW.SPT
2009-02-16 13:21:31 0 d-----w- c:\program files\Trend Micro
2009-02-14 16:28:04 0 d-----w- c:\windows\pss
2009-02-13 15:40:00 4842 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-02-10 18:53:54 0 d-----w- c:\programdata\Roxio
2009-02-08 19:07:43 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-02-08 19:07:43 0 d-----w- c:\users\ana\appdata\roaming\Spyware Terminator
2009-02-08 19:07:39 0 d-----w- c:\programdata\Spyware Terminator
2009-02-08 19:07:38 0 d-----w- c:\program files\Spyware Terminator
2009-02-05 21:04:40 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-01-29 19:11:32 0 d-----w- c:\program files\EasyDecrypter
2008-11-17 15:40:22 3668480 ----a-w- c:\windows\system32\drivers\NETw5v32.sys
2008-11-13 02:30:34 0 d-----w- c:\program files\MSXML 4.0
2008-11-06 18:40:16 0 d-----w- c:\users\ana\appdata\roaming\Malwarebytes
2008-11-06 18:40:10 0 d-----w- c:\programdata\Malwarebytes
2008-11-06 18:40:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2008-10-14 19:29:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-08-18 11:14:51 0 d-----w- c:\program files\Alawar
2008-08-18 10:30:10 0 d-----w- c:\program files\RealArcade
2008-08-17 22:46:27 0 d-----w- c:\users\ana\appdata\roaming\Zylom
2008-08-15 20:33:33 0 d-----w- c:\users\ana\appdata\roaming\SpinTop
2008-08-15 01:25:59 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2008-08-15 01:22:43 0 d-----w- c:\windows\system32\directx
2008-08-15 01:00:50 0 d-----w- c:\programdata\InstallShield
2008-08-14 12:04:11 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2008-08-14 12:04:07 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2008-08-14 08:53:14 0 d-----w- c:\users\ana\appdata\roaming\My Games
2008-08-14 08:43:41 0 d-----w- c:\programdata\Trymedia
2008-08-13 17:49:09 0 d-----w- c:\windows\Dream Chronicles 2
2008-08-13 13:12:44 0 d-----w- c:\windows\system32\Adobe
2008-08-12 22:16:42 0 d-----w- c:\programdata\PlayFirst
2008-08-05 13:22:35 0 d-----w- c:\program files\MSN Games
2008-07-29 20:56:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-07-29 20:29:46 0 d-----w- c:\programdata\Adobe
2008-07-29 12:15:56 0 d-----w- C:\PerfLogs
2008-07-28 19:13:44 10520 ----a-w- c:\windows\system32\avgrsstx.dll.install_backup
2008-07-26 07:25:02 25624 ----a-w- c:\windows\system32\drivers\LVPr2Mon.sys
2008-07-26 06:44:30 85302 ----a-w- c:\windows\system32\drivers\LVFeL002.cfg
2008-07-26 06:44:30 69592 ----a-w- c:\windows\system32\drivers\LVFaL000.cfg
2008-07-26 06:44:30 227172 ----a-w- c:\windows\system32\drivers\LVFeL000.cfg
2008-07-26 06:44:30 146680 ----a-w- c:\windows\system32\drivers\LVFeL001.cfg
2008-07-11 08:02:46 0 d-----w- c:\program files\common files\PX Storage Engine
2008-07-02 20:18:11 483328 ----a-w- c:\windows\system32\actskn45.ocx
2008-07-02 20:18:08 0 d-----w- c:\program files\Shareaza Applications
2008-06-30 22:19:59 17976 ----a-w- c:\windows\system32\drivers\intelide.sys
2008-06-30 22:18:59 74240 ----a-w- c:\windows\system32\nci.dll
2008-06-30 22:17:59 86528 ----a-w- c:\windows\system32\dskquota.dll
2008-06-30 22:16:31 102400 ----a-w- c:\windows\system32\wbem\mofinstall.dll
2008-06-30 22:16:30 357888 ----a-w- c:\windows\system32\wbemcomn.dll
2008-06-30 22:16:22 139264 ----a-w- c:\windows\system32\SmiInstaller.dll
2008-06-30 22:15:53 35328 ----a-w- c:\windows\system32\mspatcha.dll
2008-06-30 22:15:53 305152 ----a-w- c:\windows\system32\msdelta.dll
2008-06-30 22:15:53 258560 ----a-w- c:\windows\system32\dpx.dll
2008-06-20 17:33:34 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2008-06-20 17:32:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2008-06-18 17:52:28 161096 ----a-w- c:\windows\system32\DivXCodecVersionChecker.exe
2008-06-15 09:30:36 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2008-06-11 00:04:26 200704 ----a-w- c:\windows\system32\ssldivx.dll
2008-06-11 00:04:26 1044480 ----a-w- c:\windows\system32\libdivx.dll
2008-04-25 15:01:12 16 ----a-w- c:\windows\system32\coh.cache
2008-04-16 14:51:56 22784 ----a-w- c:\windows\system32\drivers\RimUsb.sys
2008-04-10 16:03:33 6656 ----a-w- c:\windows\system32\kbd106n.dll
2008-04-08 00:31:53 0 d-----w- c:\programdata\Lavasoft
2008-04-06 01:51:28 95 ----a-w- c:\windows\winamp.ini
2008-02-11 21:06:46 32848 ----a-w- c:\windows\system32\iglhxs32.vp
2008-02-11 20:13:14 170520 ----a-w- c:\windows\system32\igfxzoom.exe
2008-02-11 20:13:12 141848 ----a-w- c:\windows\system32\igfxtray.exe
2008-02-11 20:13:10 256536 ----a-w- c:\windows\system32\igfxsrvc.exe
2008-02-11 20:13:08 133656 ----a-w- c:\windows\system32\igfxpers.exe
2008-02-11 20:13:06 170520 ----a-w- c:\windows\system32\igfxext.exe
2008-02-11 20:13:04 539160 ----a-w- c:\windows\system32\igfxcfg.exe
2008-02-11 20:13:02 166424 ----a-w- c:\windows\system32\hkcmd.exe
2008-02-11 19:55:18 147456 ----a-w- c:\windows\system32\igfxCoIn_v1437.dll
2008-02-11 19:36:10 2302976 ----a-w- c:\windows\system32\drivers\igdkmd32.sys
2008-02-11 19:01:44 2174976 ----a-w- c:\windows\system32\ig4dev32.dll
2008-02-11 19:01:30 2420736 ----a-w- c:\windows\system32\ig4icd32.dll
2008-02-11 18:47:38 69632 ----a-w- c:\windows\system32\oemdspif.dll
2008-02-11 18:47:34 204800 ----a-w- c:\windows\system32\igfxpph.dll
2008-02-11 18:47:26 24576 ----a-w- c:\windows\system32\igfxexps.dll
2008-02-11 18:47:24 122880 ----a-w- c:\windows\system32\igfxcpl.cpl
2008-02-11 18:47:14 48640 ----a-w- c:\windows\system32\igfxsrvc.dll
2008-02-11 18:46:58 135168 ----a-w- c:\windows\system32\igfxdo.dll
2008-02-11 18:46:50 106496 ----a-w- c:\windows\system32\hccutils.dll
2008-02-11 18:46:32 3293184 ----a-w- c:\windows\system32\igfxress.dll
2008-02-11 18:46:32 172032 ----a-w- c:\windows\system32\igfxrenu.lrc
2008-02-11 18:35:36 2096 ----a-w- c:\windows\system32\iglhxo32.vp
2008-02-04 15:20:39 0 d-----w- c:\programdata\Azureus
2008-01-02 17:38:51 0 d-----w- c:\windows\Downloaded Installations
2007-12-19 12:26:20 0 d-----w- c:\program files\iTunes
2007-11-15 03:02:18 12880 ----a-w- c:\windows\system32\wbem\wlan.mof
2007-11-15 03:01:08 8704 ----a-w- c:\windows\system32\hccoin.dll
2007-11-15 03:01:08 15872 ----a-w- c:\windows\system32\hcrstco.dll
2007-11-09 05:00:52 23640 ----a-w- c:\windows\system32\drivers\TVALZ_O.SYS
2007-09-26 13:12:22 2251776 ----a-w- c:\windows\system32\drivers\NETw4v32.sys
2007-09-09 11:25:16 1820 ----a-w- c:\windows\system32\rasctrnm.h
2007-09-08 16:36:24 0 d-----w- c:\program files\common files\Real
2007-09-08 16:35:13 3424 ----a-w- c:\windows\mozver.dat
2007-09-08 16:16:36 0 d-----w- c:\program files\DivX
2007-09-08 15:43:35 0 d-----w- c:\programdata\Google
2007-09-06 16:17:04 0 d-----w- c:\program files\Media Innovations Group
2007-09-05 11:20:59 0 d-----w- c:\programdata\Apple Computer
2007-09-05 11:11:50 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2007-09-05 11:07:37 32656 ----a-w- c:\windows\system32\msonpmon.dll
2007-09-05 11:05:28 0 d-----w- c:\windows\PCHEALTH
2007-09-05 11:02:41 0 d-----w- c:\programdata\Microsoft Help
2007-09-04 21:17:58 0 d-----w- c:\program files\MUSICMATCH
2007-09-04 21:17:18 118784 ------r- c:\windows\bwUnin-7.2.0.137-8876480SL.exe
2007-09-04 21:16:16 499712 ----a-w- c:\windows\system32\msvcp71.dll
2007-09-04 21:16:15 89088 ----a-w- c:\windows\system32\atl71.dll
2007-09-04 21:16:15 0 d-----w- c:\program files\common files\Logitech
2007-09-04 20:42:25 0 d-----w- c:\programdata\ToshibaEurope
2007-09-04 20:42:17 16062 ----a-w- c:\windows\system32\results.xml
2007-09-04 20:32:09 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01001.Wdf
2007-09-04 20:31:54 0 d-----w- c:\program files\Apoint2K
2007-09-04 20:29:47 920088 ----a-w- c:\windows\system32\igxpun.exe
2007-09-04 20:29:47 319456 ----a-w- c:\windows\system32\difxapi.dll
2007-09-04 20:29:47 121232 ----a-w- c:\windows\system32\IScrNBR.bmp
2007-09-04 20:29:47 121232 ----a-w- c:\windows\system32\IScrNB.bmp
2007-09-04 20:29:47 0 d-----w- c:\windows\system32\Lang
2007-09-04 20:29:46 0 d-----w- C:\Intel
2007-09-04 20:27:59 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2007-09-04 20:27:40 0 --sha-r- c:\windows\system32\drivers\TOSHIBA_Satellite A200_05006-EN_PSAE0E-05101.MRK
2007-08-27 18:12:58 2777088 ----a-w- c:\windows\system32\NETw4r32.dll
2007-08-27 18:12:00 745472 ----a-w- c:\windows\system32\NETw4c32.dll
2007-05-01 16:48:40 120056 ----a-w- c:\windows\system32\pxcpyi64.exe
2007-05-01 16:48:38 118520 ----a-w- c:\windows\system32\pxinsi64.exe
2007-05-01 03:00:00 43528 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
2007-04-03 13:57:54 12424 ----a-w- c:\windows\system32\drivers\s116whnt.sys
2007-04-03 13:57:54 12424 ----a-w- c:\windows\system32\drivers\s116wh.sys
2007-04-03 13:57:52 98696 ----a-w- c:\windows\system32\drivers\s116obex.sys
2007-04-03 13:57:48 15112 ----a-w- c:\windows\system32\drivers\s116mdfl.sys
2007-04-03 13:57:48 108680 ----a-w- c:\windows\system32\drivers\s116mdm.sys
2007-04-03 13:57:44 12424 ----a-w- c:\windows\system32\drivers\s116cmnt.sys
2007-04-03 13:57:44 12424 ----a-w- c:\windows\system32\drivers\s116cm.sys
2007-04-03 13:57:42 83336 ----a-w- c:\windows\system32\drivers\s116bus.sys
2007-04-03 12:57:54 99080 ----a-w- c:\windows\system32\drivers\s116unic.sys
2007-04-03 12:57:52 23176 ----a-w- c:\windows\system32\drivers\s116nd5.sys
2007-04-03 12:57:50 100488 ----a-w- c:\windows\system32\drivers\s116mgmt.sys
2007-04-03 12:57:46 11016 ----a-w- c:\windows\system32\drivers\s116cr.sys
2007-03-12 16:04:00 102400 ----a-w- c:\windows\system32\fileparameterscpp.dll
2007-03-08 06:15:14 0 d-----w- c:\programdata\NVIDIA
2007-03-08 06:07:56 114688 ----a-w- c:\windows\system32\TODDSrv.exe
2007-03-07 17:33:36 0 d-----w- c:\program files\IDM
2007-03-07 17:30:35 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_TpChoice_01005.Wdf
2007-03-07 17:23:39 0 d-----w- c:\programdata\Symantec
2007-03-07 17:23:24 0 d-----w- c:\program files\common files\Symantec Shared
2007-03-07 17:17:49 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2007-03-07 17:17:49 20480 ----a-w- c:\windows\system32\IVIresize.dll
2007-03-07 17:17:49 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2007-03-07 17:17:49 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2007-03-07 17:17:49 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2007-03-07 17:17:49 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2007-03-07 17:17:48 0 d-----w- c:\program files\InterVideo
2007-03-07 17:17:31 0 d-----w- c:\windows\RegisteredPackages
2007-03-07 17:17:30 0 d--h--w- c:\windows\msdownld.tmp
2007-03-07 17:17:27 0 d-----w- c:\program files\Windows Media Components
2007-03-07 17:14:26 0 d-----w- c:\programdata\Ulead Systems
2007-03-07 17:14:26 0 d-----w- c:\program files\Ulead Systems
2007-03-07 17:14:26 0 d-----w- c:\program files\common files\Ulead Systems
2007-03-07 17:13:13 430080 ----a-w- c:\windows\system32\TOSCDSPD.cpl
2007-03-07 17:07:11 0 ----a-w- c:\windows\NDSTray.INI
2007-03-07 17:06:28 0 d-----w- c:\programdata\Toshiba
2007-03-07 17:04:47 0 d-----w- c:\windows\system32\SDA
2007-03-07 17:01:59 0 d-----w- c:\programdata\XP
2007-03-07 17:01:59 0 d-----w- c:\programdata\Vista64
2007-03-07 16:56:49 0 d-----w- c:\program files\My Company Name
2007-03-07 16:47:22 1786880 ----a-w- c:\windows\system32\drivers\NETw3v32.sys
2007-03-07 16:47:02 77824 ----a-w- c:\windows\system32\tosmreg.exe
2007-03-07 16:47:02 7671 ----a-w- c:\windows\system32\cseltbl.ini
2007-03-07 16:47:02 45056 ----a-w- c:\windows\system32\csellang.dll
2007-03-07 16:47:02 128113 ----a-w- c:\windows\system32\csellang.ini
2007-03-07 16:47:02 10150 ----a-w- c:\windows\system32\tosmreg.ini
2007-03-07 16:47:01 487424 ----a-w- c:\windows\system32\cselect.exe
2007-03-07 16:47:01 0 d-----w- c:\program files\ltmoh
2007-03-07 16:46:40 0 d-----w- c:\windows\Options
2007-03-07 16:45:56 0 d-----w- c:\windows\tiinst
2007-03-07 16:45:18 1418720 ----a-w- c:\windows\system32\WdfCoinstaller01001.dll
2007-03-07 16:45:18 100030 ----a-w- c:\windows\system32\Vxdif.dll
2007-03-07 16:45:17 140800 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2007-03-07 16:44:04 59392 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2007-03-07 16:40:37 176 ----a-w- c:\windows\system32\drivers\RTHDAEQ1.dat
2007-03-07 16:40:37 176 ----a-w- c:\windows\system32\drivers\RTHDAEQ0.dat
2007-03-07 16:40:24 0 d-----w- c:\windows\system32\RTCOM
2007-03-07 16:39:37 319456 ----a-w- c:\windows\DIFxAPI.dll
2007-03-07 16:39:34 532480 ----a-w- c:\windows\system32\RTSndMgr.cpl
2007-03-07 16:39:34 339968 ----a-w- c:\windows\system32\SRSTSXT.dll
2007-03-07 16:39:34 135168 ----a-w- c:\windows\system32\SRSWOW.dll
2007-03-07 16:39:33 1191936 ----a-w- c:\windows\RtlUpd.exe
2007-03-07 16:39:32 495616 ----a-w- c:\windows\system32\RtkPgExt.dll
2007-03-07 16:39:32 17408 ----a-w- c:\windows\system32\RtkCoInst.dll
2007-03-07 16:39:32 1729632 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2007-03-07 16:39:31 1838592 ----a-w- c:\windows\system32\RtkAPO.dll
2007-03-07 16:39:29 4349952 ----a-w- c:\windows\RtHDVCpl.exe
2007-03-07 16:39:28 0 d-----w- c:\program files\Realtek
2007-03-07 16:38:45 520192 ----a-w- c:\windows\RtlExUpd.dll
2007-03-07 16:38:45 315392 ----a-w- c:\windows\HideWin.exe
2007-03-07 16:33:53 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2007-03-07 16:33:30 245760 ----a-w- c:\windows\system32\igfxTMM.dll
2007-03-07 16:33:30 204800 ----a-w- c:\windows\system32\igfxCoIn_v1132.dll
2007-03-07 16:33:29 3301376 ----a-w- c:\windows\system32\igdumd32.dll
2007-03-07 16:33:29 204800 ----a-w- c:\windows\system32\igfxdev.dll
2007-03-07 16:33:28 319456 ----a-w- c:\windows\system32\difx32.dll
2007-03-07 16:32:54 0 d-sh--w- c:\windows\Installer
2007-03-07 15:59:11 0 d-----w- c:\windows\Panther
2007-03-07 15:58:59 8192 --s-a-r- C:\BOOTSECT.BAK
2007-03-07 15:58:57 333257 --sha-r- C:\bootmgr
2007-03-07 15:58:57 0 d-----w- C:\Boot
2007-03-07 15:58:30 219392 ----a-w- c:\windows\system32\drivers\KR10I.sys
2007-03-07 15:58:30 211072 ----a-w- c:\windows\system32\drivers\KR10N.sys
2007-03-07 15:58:00 59024 ----a-w- c:\windows\system32\ToshOOBE.ocx
2007-03-07 15:58:00 43254 ----a-w- c:\windows\oemlogo.bmp
2007-03-07 15:58:00 0 d-----w- c:\windows\OEMDrv
2007-03-07 15:58:00 0 d-----w- c:\program files\TOSHIBA
2007-03-07 15:50:20 0 d-----w- C:\Toshiba
2007-01-23 12:07:02 1880064 ----a-w- c:\windows\system32\TosBtExt.dll
2007-01-22 15:17:30 569344 ----a-w- c:\windows\system32\tosBtShell.dll
2007-01-18 17:08:04 487424 ----a-w- c:\windows\system32\TosSndPlug.dll
2007-01-18 11:37:26 131072 ----a-w- c:\windows\system32\TosAvdtAPI.dll
2007-01-17 09:53:40 61440 ----a-w- c:\windows\system32\TosSndAPI.dll
2006-12-21 23:34:00 90112 ----a-w- c:\windows\system32\LocalCOM.cpl
2006-12-12 11:13:20 32768 ----a-w- c:\windows\system32\EBLib.DLL
2006-12-08 11:05:04 167936 ----a-w- c:\windows\system32\TBTMon.dll
2006-12-05 13:05:06 114688 ----a-w- c:\windows\system32\TosBtAcc.dll
2006-12-05 10:49:42 270336 ----a-w- c:\windows\system32\LCWizard.dll
2006-12-04 15:58:40 94208 ----a-w- c:\windows\system32\tbtmon98Language.dll
2006-12-01 19:47:14 94208 ----a-w- c:\windows\system32\TosBtHcrpAPI.dll
2006-11-25 08:33:44 167936 ----a-w- c:\windows\system32\TosBtAPI.dll
2006-11-24 07:48:44 36864 ----a-w- c:\windows\system32\HWS_Ctrl.dll
2006-11-21 19:37:16 110592 ----a-w- c:\windows\system32\TosBtSDDB.dll
2006-11-02 13:05:54 0 d-----w- c:\windows\system32\wbem\Performance
2006-11-02 13:02:03 0 d-sh--we c:\programdata\Documents
2006-11-02 13:02:03 0 d-sh--we C:\Documents and Settings
2006-11-02 12:57:28 41176 ----a-w- c:\windows\system32\license.rtf
2006-11-02 12:56:07 82 --sha-w- c:\windows\system32\desktop.ini
2006-11-02 12:56:07 1741 ----a-w- c:\windows\system32\migwiz.lnk
2006-11-02 12:52:16 0 d-----w- c:\windows\system32\wbem\MOF
2006-11-02 12:50:50 749 ---ha-r- c:\windows\WindowsShell.Manifest
2006-11-02 12:47:56 0 d-----w- c:\windows\Setup
2006-11-02 12:47:54 3568 ---ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2006-11-02 12:47:54 3568 ---ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2006-11-02 12:47:52 0 d-----w- c:\windows\ServiceProfiles
2006-11-02 12:47:46 0 d-s---w- c:\windows\system32\Microsoft
2006-11-02 12:47:41 49152 ----a-w- c:\windows\system32\umstartup.etl
2006-11-02 12:47:41 27648 ----a-w- c:\windows\system32\umstartup000.etl
2006-11-02 12:42:32 0 d-----w- c:\windows\WindowsMobile
2006-11-02 12:42:32 0 d-----w- c:\windows\system32\winrm
2006-11-02 12:42:32 0 d-----w- c:\windows\system32\slmgr
2006-11-02 12:42:32 0 d-----w- c:\windows\system32\en
2006-11-02 12:42:32 0 d-----w- c:\windows\system32\drivers\en-US
2006-11-02 12:42:32 0 d-----w- c:\windows\system32\Branding
2006-11-02 12:42:32 0 d-----w- c:\windows\system32\0409
2006-11-02 12:42:32 0 d-----w- c:\windows\en-US
2006-11-02 12:42:31 0 d-----w- c:\windows\system32\WCN
2006-11-02 12:42:31 0 d-----w- c:\windows\system32\wbem\en-US
2006-11-02 12:42:31 0 d-----w- c:\windows\system32\Printing_Admin_Scripts
2006-11-02 12:37:35 896 ----a-w- c:\windows\system32\wbem\ServiceModel.mof.uninstall
2006-11-02 12:37:35 83479 ----a-w- c:\windows\system32\wbem\ServiceModel.mof
2006-11-02 12:37:35 0 d-----w- c:\windows\twain_32
2006-11-02 12:37:35 0 d-----w- c:\windows\system32\XPSViewer
2006-11-02 12:37:35 0 d-----w- c:\windows\system32\restore
2006-11-02 12:37:35 0 d-----w- c:\windows\ShellNew
2006-11-02 12:37:35 0 d-----w- c:\windows\Performance
2006-11-02 12:37:35 0 d-----w- c:\windows\ehome
2006-11-02 12:37:35 0 d-----w- c:\windows\DigitalLocker
2006-11-02 12:37:34 0 d-----w- c:\program files\Windows Journal
2006-11-02 12:37:34 0 d-----w- c:\program files\Windows Collaboration
2006-11-02 12:37:34 0 d-----w- c:\program files\Microsoft Games
2006-11-02 12:36:25 2048 ----a-w- c:\windows\system32\dfsrres.dll
2006-11-02 12:36:17 3834 ----a-w- c:\windows\system32\wbem\sr.mof
2006-11-02 12:36:04 89600 ----a-w- c:\windows\system32\NetProj.exe
2006-11-02 12:36:04 51712 ----a-w- c:\windows\system32\CRPPresentation.dll
2006-11-02 12:36:04 4628 ----a-w- c:\windows\system32\wbem\wmpnetwk.mof
2006-11-02 12:36:04 3049 ----a-w- c:\windows\system32\wbem\auxiliarydisplaydriverlib.mof
2006-11-02 12:36:04 3039 ----a-w- c:\windows\system32\wbem\auxiliarydisplayservices.mof
2006-11-02 12:36:04 2995 ----a-w- c:\windows\system32\wbem\auxiliarydisplaycpl.mof
2006-11-02 12:36:04 1187 ----a-w- c:\windows\system32\wbem\p2p-crp.mof
2006-11-02 12:36:03 3018 ----a-w- c:\windows\system32\wbem\mblctr.mof
2006-11-02 12:34:50 93702 ----a-w- c:\windows\system32\SubRange.uce
2006-11-02 12:33:33 8328 ----a-w- c:\windows\HomePremium.xml
2006-11-02 11:18:33 0 d-s---w- c:\programdata\Microsoft
2006-11-02 11:18:33 0 d-----w- c:\program files\Windows NT
2006-11-02 11:18:33 0 d-----w- c:\program files\common files\SpeechEngines

==================== Find3M ====================

2010-03-31 11:36:20 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-31 11:36:20 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-31 11:36:20 143360 ----a-w- c:\windows\inf\infstor.dat
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-02 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-01 04:36:26 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-27 08:06:49 17159388 ----a-w- c:\windows\fonts\meiryob.ttc
2009-10-27 08:06:48 16710176 ----a-w- c:\windows\fonts\meiryo.ttc
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:25 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-22 04:51:06 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-07-14 00:15:52 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-07-14 00:15:48 685056 ----a-w- c:\windows\system32\divx.dll
2009-07-11 19:01:42 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01:42 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01:42 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01:41 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03:41 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-06-10 11:41:46 2868224 ----a-w- c:\windows\system32\mf.dll
2009-05-29 21:37:40 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-29 21:31:52 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-04-11 06:33:19 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33:19 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33:03 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33:02 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-11 06:28:28 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-11 06:27:59 627200 ----a-w- c:\windows\system32\sethc.exe
2009-04-11 06:22:22 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 05:42:55 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03:42 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 05:03:40 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:54:59 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-11 04:51:27 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47:03 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 04:46:40 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46:32 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46:30 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46:08 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46:07 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:45:56 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45:51 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45:37 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45:24 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45:22 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-11 04:43:28 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43:16 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-11 04:43:04 62208 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2009-04-11 04:42:57 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-11 04:42:56 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-11 04:42:56 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-11 04:42:54 73216 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-04-11 04:42:52 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-11 04:42:50 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-11 04:42:48 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys
2009-04-11 04:42:48 12800 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-04-11 04:42:47 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-11 04:42:42 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-11 04:39:57 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-11 04:39:17 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-11 04:39:13 11776 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2009-04-11 04:39:11 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-11 04:38:49 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-11 04:27:17 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-11 04:23:23 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-11 04:22:46 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-11 04:19:14 89088 ----a-w- c:\windows\system32\drivers\sdbus.sys
2009-04-11 04:14:40 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys

============= FINISH: 10:28:54.91 ===============

Attached Files



#13 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:13 PM

Posted 02 April 2010 - 09:17 AM

Hi again auk88!.. smile.gif.

QUOTE(auk88 @ Apr 2 2010, 12:04 PM) View Post
Along with previous scans picking up the same infected files...

I need to know the exact names and paths of that files, and what infection (its name) is detected!... smile.gif..

I see you ran ComboFix earlier (November, last year)... Were you getting help somewhere or ran this tool on your own??..
Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


Ok, please do the following:
Firstly,
  • Please launch Malwarebytes' Anti-Malware, click the Update tab, and then Check for Updates.
  • Then choose the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Secondly,
If still exists, please delete your current copy of ComboFix (just delete a file)... Then,
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Post the log from ComboFix when you've accomplished that.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#14 auk88

auk88
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 02 April 2010 - 09:31 AM

Hi snemelk,

I did have help when running combofix and did not attempt to use it on my own.

The names of the infected files thats being detected are:

c:\windows\system32\Connect.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

I'll run malwarebytes and get back to you.

Thanks

#15 auk88

auk88
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 02 April 2010 - 11:24 AM

Hi snemelk,

I ran a quick scan on malwarebytes but it didn't pick up anything. So I went on with the combofix instructions, below is the log.

I also noticed that the computor clock does not keep up time and it will not syncronise with the internet time, this prevents some updates from installing. I don't know if this is a result of the infected files on the computer, but I thought I'd let you know smile.gif

ComboFix 10-04-01.02 - Ana 02/01/2005 16:14:04.9.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.1118 [GMT 0:00]
Running from: c:\users\Ana\Documents\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\gatherWiredInfo.vbs
c:\windows\system32\gatherWirelessInfo.vbs
c:\windows\system32\StructuredQuerySchemaTrivial.bin
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2004-12-02 to 2005-01-02 )))))))))))))))))))))))))))))))
.

2010-03-31 11:45 . 2010-03-31 11:45 -------- d-----w- c:\program files\iPod
2010-03-31 11:39 . 2010-03-31 11:41 -------- d-----w- c:\program files\QuickTime
2010-03-31 11:34 . 2010-03-31 11:34 -------- d-----w- c:\program files\Bonjour
2010-03-28 13:54 . 2010-03-28 13:54 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-03-27 15:58 . 2010-03-27 15:58 -------- d-----w- c:\users\Ana\AppData\Roaming\Comodo
2010-03-27 15:19 . 2010-03-27 15:19 -------- d-----w- c:\program files\Comodo
2010-03-27 15:14 . 2004-12-31 23:02 -------- d-----w- c:\users\Ana\AppData\Local\Gladinet
2010-03-27 15:14 . 2010-03-27 15:14 -------- d-----w- C:\Gladinet
2010-03-27 15:13 . 2010-03-27 15:13 -------- d-----w- c:\program files\Gladinet
2010-03-11 20:16 . 2010-03-11 20:16 -------- d-----w- c:\windows\system32\x64
2010-03-11 03:19 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 03:16 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 03:15 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 01:19 . 2010-03-11 01:19 -------- d-----w- c:\program files\SystemRequirementsLab
2010-03-06 19:05 . 2010-03-30 00:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-06 19:05 . 2010-03-30 00:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-01 03:00 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-24 14:14 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 14:13 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 14:13 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 14:12 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 14:12 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 14:12 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 14:12 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 14:12 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 14:12 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 14:12 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 14:12 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 14:12 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 14:12 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-21 03:30 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-21 03:30 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-02-21 03:30 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-02-21 03:30 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2010-02-21 03:30 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2010-02-21 03:30 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-02-21 03:30 . 2010-02-02 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-02-21 03:30 . 2010-02-21 03:30 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-21 03:19 . 2009-12-12 14:15 178176 ----a-w- c:\windows\system32\unrar.dll
2010-02-16 16:53 . 2007-03-04 11:55 719872 ----a-w- c:\windows\system32\devil.dll
2010-02-16 16:53 . 2007-03-04 11:55 308224 ----a-w- c:\windows\system32\avisynth.dll
2010-02-16 02:12 . 2010-03-11 01:46 -------- d-----w- c:\program files\WMR14
2010-02-16 01:51 . 2010-02-16 02:39 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-02-16 01:51 . 2010-02-16 02:39 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-02-16 01:50 . 2010-02-16 01:50 -------- d-----w- c:\users\Ana\AppData\Local\mdnslib
2010-02-16 01:50 . 2010-02-16 01:50 -------- d-----w- c:\windows\Applian Director
2010-02-16 01:50 . 2010-02-16 02:35 -------- d-----w- c:\users\Ana\AppData\Local\FLVService
2010-02-16 01:50 . 2010-02-16 01:50 -------- d-----w- c:\windows\Replay Media Catcher
2010-02-16 01:50 . 2010-02-16 15:18 -------- d-----w- c:\program files\Replay Media Catcher
2010-02-14 17:54 . 2010-02-14 17:54 -------- d-----w- c:\program files\Zone Labs
2010-02-14 17:53 . 2010-02-14 18:36 -------- d-----w- c:\windows\Internet Logs
2010-02-14 17:48 . 2010-03-05 23:21 -------- d-----w- c:\program files\CCleaner
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-10 08:56 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 08:56 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 08:56 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 08:56 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 08:56 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 08:56 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 08:55 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 08:55 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 08:55 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 08:55 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 08:55 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 08:55 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 08:55 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 08:55 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 08:55 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 08:55 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 08:55 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-08 15:40 . 2010-02-08 15:40 -------- dc----w- c:\windows\system32\DRVSTORE
2010-02-08 15:40 . 2009-05-18 14:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-02-08 15:40 . 2008-04-17 13:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-02-08 15:34 . 2010-02-08 15:34 -------- d-----w- c:\program files\Apple Software Update
2010-02-08 15:31 . 2010-03-31 11:45 -------- d-----w- c:\program files\Common Files\Apple
2010-01-13 07:37 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 07:37 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-05 02:11 . 2010-01-05 02:11 -------- d-----w- C:\PMAIL
2009-12-16 16:40 . 2009-12-16 16:40 -------- d-----w- c:\users\Ana\AppData\Roaming\KompoZer
2009-12-13 17:32 . 2009-12-13 17:32 -------- d-----w- c:\users\Ana\AppData\Roaming\Nvu
2009-12-09 10:16 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 10:15 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-11-24 19:26 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 19:26 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 03:32 . 2005-01-01 11:45 -------- d-----r- c:\users\Public\Recorded TV
2009-11-21 22:21 . 2009-11-21 22:21 11264 ----a-w- c:\windows\system32\drivers\uzqxmzux.sys
2009-11-10 23:30 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 23:27 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-06 10:37 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-06 10:37 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-06 10:37 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-06 10:37 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-06 10:37 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-06 10:37 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-06 10:37 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-06 10:36 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-06 10:36 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-01 04:36 . 2009-11-01 04:36 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-01 03:09 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-01 03:09 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-01 03:09 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-01 03:07 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-11-01 03:07 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-11-01 03:07 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-11-01 03:07 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-11-01 03:07 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-11-01 03:07 . 2009-10-01 01:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-11-01 03:07 . 2009-10-01 01:01 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-11-01 03:07 . 2009-10-01 01:01 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-11-01 03:07 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-11-01 03:07 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-11-01 03:07 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-11-01 03:05 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-01 03:05 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-01 03:05 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-28 13:13 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 13:13 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-16 01:25 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 01:24 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-16 01:24 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-16 01:24 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-14 16:56 . 2009-10-14 17:31 -------- d-----w- c:\users\Ana\AppData\Local\ReaJPEG
2009-10-05 20:39 . 2009-10-05 20:39 -------- d-----w- c:\users\Ana\Office Genuine Advantage
2009-10-03 08:14 . 2010-02-24 10:16 181632 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 07:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-23 06:39 . 2010-03-30 19:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-30 19:49 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-30 19:49 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-30 19:49 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-06 15:38 . 2010-02-24 14:12 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 14:12 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 14:12 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 14:12 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2009-12-19 01:33 . 2009-02-26 22:08 173 ----a-w- c:\users\Ana\AppData\Roaming\Azureus\restart.bat
2009-11-14 14:51 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-11-01 04:36 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-01 04:36 . 2009-11-01 04:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-01 04:35 . 2009-11-01 04:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-01 01:02 . 2009-11-01 03:08 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-01 03:08 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-01 03:08 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-01 03:08 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-01 03:08 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-11-01 03:08 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-01 03:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-01 03:08 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-01 03:08 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-01 03:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-01 03:08 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-01 03:08 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-01 03:08 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-01 03:08 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-01 03:08 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-01 03:08 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-01 03:08 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-01 03:08 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-01 03:08 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-01 03:08 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-01 03:08 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-01 03:08 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-01 03:08 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-01 03:08 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-01 03:08 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-01 03:08 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-01 03:08 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-01 03:08 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-01 03:08 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-01 03:08 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-01 03:08 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-01 03:08 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-23 13:38 . 2009-04-10 01:08 10686001 ----a-w- c:\users\Ana\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
2009-09-22 05:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-22 05:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-22 05:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-22 05:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-22 05:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-22 05:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-08-28 18:23 . 2009-05-13 15:01 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-04-11 06:33 . 2009-09-11 10:01 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-09-11 10:01 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-09-11 10:01 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-09-11 10:01 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-11 06:28 . 2009-09-11 10:01 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-11 06:27 . 2009-09-11 10:02 441344 ----a-w- c:\windows\system32\SearchIndexer.exe
2009-04-11 06:22 . 2009-09-11 10:00 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 05:42 . 2009-09-11 10:00 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03 . 2009-09-11 10:02 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 05:03 . 2009-09-11 10:02 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:51 . 2009-09-11 10:00 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47 . 2009-09-11 10:00 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 04:46 . 2009-09-11 10:00 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46 . 2009-09-11 10:00 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46 . 2009-09-11 10:00 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46 . 2009-09-11 10:00 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46 . 2009-09-11 10:00 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:45 . 2009-09-11 10:00 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45 . 2009-09-11 10:00 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45 . 2009-09-11 10:01 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45 . 2009-09-11 10:00 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45 . 2009-09-11 10:00 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-11 04:43 . 2009-09-11 10:00 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43 . 2009-09-11 10:01 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-11 04:43 . 2009-09-11 10:00 62208 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2009-04-11 04:42 . 2009-09-11 10:01 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-11 04:42 . 2009-09-11 10:00 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-11 04:42 . 2009-09-11 10:00 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-11 04:42 . 2009-09-11 10:00 73216 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-04-11 04:42 . 2009-09-11 10:00 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-11 04:42 . 2009-09-11 10:00 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-11 04:42 . 2009-09-11 10:00 12800 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-04-11 04:42 . 2009-09-11 10:00 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys
2009-04-11 04:42 . 2009-09-11 10:00 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-11 04:42 . 2009-09-11 10:02 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-11 04:39 . 2009-09-11 10:00 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-11 04:39 . 2009-09-11 10:00 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-11 04:39 . 2009-09-11 10:00 11776 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2009-04-11 04:39 . 2009-09-11 10:00 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-11 04:38 . 2009-09-11 10:00 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-11 04:27 . 2009-09-11 10:00 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-11 04:23 . 2009-09-11 10:00 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-11 04:22 . 2009-09-11 10:00 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-11 04:19 . 2009-09-11 10:00 89088 ----a-w- c:\windows\system32\drivers\sdbus.sys
2009-04-11 04:14 . 2009-09-11 10:01 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-11 04:14 . 2009-09-11 10:01 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2010-03-18 02:02 192232 ----a-w- c:\program files\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2010-03-18 02:03 192232 ----a-w- c:\program files\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-02-08 2267136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Gladinet Cloud Desktop.lnk - c:\windows\Installer\{C630DAAE-F222-48AB-9055-835591011B8F}\_F53F342E66155566A1DC89.exe [2010-3-27 188478]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2007-01-17 13:46 534648 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 15:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 01:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2006-09-11 14:21 180224 ----a-w- c:\program files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]
2007-01-19 13:25 1507328 ----a-w- c:\program files\IDM\Desktop SMS\DesktopSMS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-05-04 05:13 68592 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-11 20:13 166424 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2006-12-07 16:49 55416 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
2006-11-01 08:06 413696 ----a-w- c:\program files\TOSHIBA\Utilities\HWSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-11 20:13 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 00:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2006-11-06 17:14 34352 ----a-w- c:\program files\TOSHIBA\Utilities\KeNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2007-09-04 21:17 32768 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-14 16:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 16:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-05-03 08:10 135168 ----a-w- c:\progra~1\MUSICM~1\MUSICM~2\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-01-13 08:40 7766016 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-01-13 08:40 81920 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-01-13 08:40 90191 ----a-w- c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-11 20:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-01-18 13:46 4349952 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetPoint]
2005-05-25 01:40 450560 ----a-w- c:\program files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-01-29 11:43 509496 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2009-02-08 19:07 2267136 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 04:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
2006-11-01 11:08 438272 ----a-w- c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-27 21:53 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2007-02-19 14:00 571024 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2006-12-19 23:16 411768 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:52,f0,08,bb,45,3b,ca,01

R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-08-16 717296]
S1 aswSP;aswSP; [x]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-02-08 142592]
S1 uzqxmzux;AVZ-RK Kernel Driver;c:\windows\system32\Drivers\uzqxmzux.sys [2009-11-21 11264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-03-09 51792]
S2 ComodoBackupService;ComodoBackupService;c:\program files\Comodo\BackUp\CmdBkSvc.exe [2010-03-28 1023488]
S2 GladFileMonSvc;GladFileMonSvc;c:\program files\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe [2010-03-18 25320]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-03-31 c:\windows\Tasks\User_Feed_Synchronization-{565BBD3F-72E0-4AD6-88AF-3DDB95B9E56C}.job
- c:\windows\system32\msfeedssync.exe [2010-03-30 04:54]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local;127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2005-01-02 16:25
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1393231076-1973768080-3878990166-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D2B67E20-AB12-BA28-08F3-F1FB7464A3C4}*]
@Allowed: (Read) (RestrictedCode)
"iabgkfbohgcjmloiie"=hex:6b,61,6b,6e,67,66,68,6f,6c,6a,63,70,6e,64,68,64,6d,67,
6c,68,64,67,00,00
"halgadkfhpnkmcec"=hex:6b,61,6b,6e,67,66,68,6f,6c,6a,63,70,6e,64,68,64,6d,67,
6c,68,64,67,00,00

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(9008)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon.dll
c:\program files\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU.dll
c:\program files\Gladinet\Gladinet Cloud Desktop\GlCopyHandler.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2005-01-02 16:33:40 - machine was rebooted
ComboFix-quarantined-files.txt 2005-01-02 16:33
ComboFix2.txt 2010-03-21 14:39
ComboFix3.txt 2010-03-09 15:10
ComboFix4.txt 2010-03-07 16:33
ComboFix5.txt 2005-01-02 16:04

Pre-Run: 13,234,552,832 bytes free
Post-Run: 13,085,679,616 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - EEB82E9CEFD8077415BBCC85F260BD24





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users