Windows BBS The Place for Microsoft Windows Support! Windows, Support, Help Site

Go Back   Windows BBS > Security > Malware and Virus Removal
Reload this Page

[Active] spyware help

Register FAQ Members List Mark Forums Read

Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.

Register your FREE account to unlock additional features at WindowsBBS.com
Register
Welcome to WindowsBBS.com
Microsoft Windows Support

Mission Statement

WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.

Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.

Discussion Forums
Operating Systems
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Windows 2000 Windows 2000
Windows 95/98/Me/NT Windows 95/98/Me/NT
Internet & Networking
Networking
Internet Explorer
Microsoft Mail
Firefox, Thunderbird
      & SeaMonkey
General Internet
Security
General Security
Malware and Virus
     Removal
Other
Other Software
Hardware
Test Posts
Community
Introductions
General Discussions
Comments
      & Suggestions
News @ WindowsBBS

Forum Sponsor
Image

Reply
Page 1 of 2 1 2 >
 
LinkBack Thread Tools
Old 11th October 2008   #1
Senior Member
Contributing Member
 
Profile:
Join Date: Oct 2002
Location: Florida
Posts: 117
Computer Experience:
intermediate
johngkerr Reputation Level
[Active] spyware help
this is a hijackthis log what should i do

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:18:21 PM, on 10/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SensorsView\sview.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\helper.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGuiSt.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: SensorsView.lnk = C:\Program Files\SensorsView\sview.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {072CB141-B793-11D1-89B6-0020182C1446} (IntraLaunch.MainControl) - file://D:\Utilities\IntraLaunch.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://creatives3.lakefield.net:85/SysCamInst.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://212.129.168.37:81/kxhcm10.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} (Sony SNC-RZ25 Control) - http://74.171.128.39:8080/program/SonySncRz25View.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14579 bytes
johngkerr is offline   Reply With Quote
Didn't find the information you thought to find?
Check out these Similar Threads
Old 11th October 2008   #2
Staff
 
PeteC's Avatar
 
Profile:
Join Date: May 2002
Location: Staffordshire, UK
Posts: 17,279
Computer Experience:
Usually not enough
PeteC Reputation LevelPeteC Reputation LevelPeteC Reputation LevelPeteC Reputation LevelPeteC Reputation LevelPeteC Reputation LevelPeteC Reputation LevelPeteC Reputation LevelPeteC Reputation LevelPeteC Reputation LevelPeteC Reputation Level

My System

johngkerr

I think you've been on the Board long enough to know that HJT logs are posted in the Malware & Virus Removal forum

Moved.
PeteC is offline   Reply With Quote
Old 12th October 2008   #3
Staff
Lifetime Subscription
 
Geri's Avatar
 
Profile:
Join Date: Mar 2003
Location: Washington State
Posts: 3,848
Computer Experience:
Somedays it's like Taz
Geri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation Level

My System

Hi johngkerr
Please do this.

Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select 'Perform Quick Scan', then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Post the entire report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Thanks
Geri
Geri is online now   Reply With Quote
Old 13th October 2008   #4
Senior Member
Contributing Member
 
Profile:
Join Date: Oct 2002
Location: Florida
Posts: 117
Computer Experience:
intermediate
johngkerr Reputation Level
sorry
my bad i forgot abour spyware.
johngkerr is offline   Reply With Quote
Old 14th October 2008   #5
Senior Member
Contributing Member
 
Profile:
Join Date: Oct 2002
Location: Florida
Posts: 117
Computer Experience:
intermediate
johngkerr Reputation Level
this the log
Malwarebytes' Anti-Malware 1.28
Database version: 1266
Windows 5.1.2600 Service Pack 3

10/13/2008 7:49:41 PM
mbam-log-2008-10-13 (19-49-41).txt

Scan type: Quick Scan
Objects scanned: 85104
Time elapsed: 12 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 22
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 28

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{5742926E-6A89-8968-78A3-0B24A6950632} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{cd4e8f9f-3537-4947-b4bd-e6ec9afb096d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{74129309-7567-4bb6-8a77-7421f4df6954} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{36142bdd-7850-42fc-9681-1534a35285b9} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{a2aa1df5-6e92-4d92-90ea-c8739016e923} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e76bab5-f558-4345-a5fb-43e7028fa258} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b437ae7e-edc1-4a83-825e-e2cad11905e8} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iche ck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\getsn32.msiesn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smwin32.mdr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\core (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITO R (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad\sysdsc (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Secur ityProviders (Trojan.Agent) -> Data: msansspc.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Adam Kerr\Start Menu\Programs\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\fhuuifg\sysdsc.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\Program Files\Common\helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\getsn32.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msansspc.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\smwin32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpv523.cpx (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpv793.cpx (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uesiuqcr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Kerr\Local Settings\Temp\3nick568.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Kerr\Local Settings\Temp\mmmatt.exe (Spyware.Banker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Kerr\Local Settings\Temp\n2ewsys.exe (Rogue.Spymonitor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Kerr\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Kerr\Start Menu\Programs\Outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam Kerr\Start Menu\Programs\Outerinfo\Uninstall.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\iCheck.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\wr.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dat6E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dat6F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\john\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Quarantined and deleted successfully.
johngkerr is offline   Reply With Quote
Old 14th October 2008   #6
Staff
Lifetime Subscription
 
Geri's Avatar
 
Profile:
Join Date: Mar 2003
Location: Washington State
Posts: 3,848
Computer Experience:
Somedays it's like Taz
Geri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation Level

My System

Hi
OK please do this.
  • Download RSIT by random/random and save it to your desktop.
  • Double click RSIT.exe to start the tool.
  • At the disclaimer, please use the drop down box to select 3 months for the file/folder search, then click Continue.
  • If prompted by your firewall to allow RSIT to access the internet, please allow it. It will be updating yourr version of HijackThis.
  • When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
  • Please post the contents of log.txt here in your next reply.

Thanks
Geri
Geri is online now   Reply With Quote
Old 14th October 2008   #7
Senior Member
Contributing Member
 
Profile:
Join Date: Oct 2002
Location: Florida
Posts: 117
Computer Experience:
intermediate
johngkerr Reputation Level
log.txt
Logfile of random's system information tool 1.04 (written by random/random)
Run by john at 2008-10-13 21:49:42
Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (10%) free of 114 GB
Total RAM: 1023 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:44 PM, on 10/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\SensorsView\sview.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\john\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\john.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGuiSt.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: SensorsView.lnk = C:\Program Files\SensorsView\sview.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {072CB141-B793-11D1-89B6-0020182C1446} (IntraLaunch.MainControl) - file://D:\Utilities\IntraLaunch.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://creatives3.lakefield.net:85/SysCamInst.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://212.129.168.37:81/kxhcm10.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} (Sony SNC-RZ25 Control) - http://74.171.128.39:8080/program/SonySncRz25View.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: karna.dat
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12615 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-05-29 2549368]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-05-14 67072]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2004-03-04 172032]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2005-03-23 217088]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-06-22 180269]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-09-25 229952]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-12-16 282624]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"DVDTray"=C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe [2004-09-03 65536]
"MWLExe"=C:\Program Files\Mcafee\MWL\MWLGuiSt.exe [2007-07-28 206184]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2008-06-13 1176808]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-07-11 641208]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMCTray.dll [2007-12-05 81920]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-03-12 57393]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-03-12 40960]
"OneTouch Monitor"=C:\Program Files\Visioneer OneTouch\OneTouchMon.exe [2004-01-20 110592]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"= []
"PowerBar"= []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\john\Start Menu\Programs\Startup
SensorsView.lnk - C:\Program Files\SensorsView\sview.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-20 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
"{9C0ADB68-353A-61DD-ED09-1D8003A6D1CB}"= []
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscs vc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscs vc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfSer vice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explor er]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explo rer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Quake III Arena\quake3.exe"="C:\Program Files\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Program Files\Valve\Steam\Steam.exe"="C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\ORiNOCO\AP Manager\wman_ap.exe"="C:\Program Files\ORiNOCO\AP Manager\wman_ap.exe:*:Enabled:AP Manager"
"C:\Program Files\Valve\Steam\SteamApps\darkneox102\counter-strike source\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\darkneox102\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\CallWave\IAM.exe"="C:\Program Files\CallWave\IAM.exe:*:Enabled:CallWave"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*isabled:Warcraft III"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1152628832\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1152628832\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1152628832\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1152628832\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\McAfee\MWL\MwlSvc.exe"="C:\Program Files\McAfee\MWL\MwlSvc.exe:*:Enabled:McAfee Wireless Network Security"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Micros oft Management Console"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.2.0.7272-to-2.2.2.7318-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.2.0.7272-to-2.2.2.7318-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.2.2.7318-to-2.2.3.7359-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.2.2.7318-to-2.2.3.7359-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Warcraft III\War3.exe"="C:\Program Files\Warcraft III\War3.exe:*:Enabled:Warcraft III"
"C:\Program Files\VentSrv\ventrilo_srv.exe"="C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"C:\Program Files\World of Warcraft\WoW-2.3.0.7561-to-2.3.2.7741-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.3.0.7561-to-2.3.2.7741-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe"="C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:*:Enabled:World in Conflict - Online Only"
"C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe"="C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe"="C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe"="C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{6920d68e-584d-11dd-af43-000fea6a477b}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 3 months======

2008-10-13 21:48:58 ----D---- C:\rsit
2008-10-13 20:31:53 ----D---- C:\WINDOWS\LastGood
2008-10-13 19:26:42 ----D---- C:\Documents and Settings\john\Application Data\Malwarebytes
2008-10-13 19:26:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 19:26:38 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-12 23:02:16 ----A---- C:\WINDOWS\system32\wini10451631.exe
2008-10-12 22:33:11 ----D---- C:\Program Files\fhuuifg
2008-10-12 22:33:08 ----D---- C:\Documents and Settings\All Users\Application Data\badczido
2008-10-06 03:25:17 ----D---- C:\Program Files\Common
2008-09-30 20:35:13 ----A---- C:\WINDOWS\system32\msziptools.dll
2008-09-15 10:43:52 ----A---- C:\WINDOWS\wp.ini
2008-09-15 10:43:51 ----A---- C:\WINDOWS\wp3.ini
2008-09-15 10:41:26 ----D---- C:\peanut
2008-09-13 02:00:37 ----D---- C:\Program Files\Magelo
2008-09-12 14:51:01 ----D---- C:\Program Files\Sun
2008-09-12 14:50:35 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-12 14:50:34 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-12 14:50:34 ----A---- C:\WINDOWS\system32\java.exe
2008-09-10 00:09:30 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-07 22:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-07 12:08:38 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-07 12:06:06 ----D---- C:\WINDOWS\Prefetch
2008-09-07 12:03:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-07 12:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-07 12:02:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-07 12:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-07 12:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-07 12:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-07 12:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-07 12:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-07 12:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-07 12:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-07 11:56:09 ----A---- C:\WINDOWS\setuplog.txt
2008-09-07 11:53:27 ----D---- C:\WINDOWS\system32\scripting
2008-09-07 11:53:26 ----D---- C:\WINDOWS\l2schemas
2008-09-07 11:53:24 ----D---- C:\WINDOWS\system32\en
2008-09-07 11:53:23 ----D---- C:\WINDOWS\system32\bits
2008-09-07 11:48:33 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-07 11:33:06 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-03 18:41:56 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-03 18:41:52 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-03 18:41:49 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-03 18:41:49 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-03 18:41:34 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-03 18:41:34 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-03 18:41:18 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-03 18:41:17 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-03 18:41:12 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-03 18:41:12 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-03 18:41:12 ----N---- C:\WINDOWS\slrundll.exe
2008-09-03 18:41:11 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-03 18:41:11 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-03 18:41:11 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-03 18:41:05 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-03 18:41:01 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-03 18:40:58 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-03 18:40:56 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-03 18:40:55 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-03 18:40:52 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-03 18:40:52 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-03 18:40:52 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-03 18:40:49 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-03 18:40:44 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-03 18:40:28 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-03 18:40:27 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-03 18:40:27 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-03 18:40:26 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-03 18:40:21 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-03 18:40:21 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-03 18:39:47 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-03 18:39:47 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-03 18:39:46 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-03 18:39:46 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-03 18:39:26 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-03 18:39:25 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-03 18:39:24 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-03 18:39:24 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-03 18:39:24 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-03 18:39:24 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-03 18:39:09 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-09-03 18:39:09 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-09-03 18:39:04 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-03 18:38:52 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-03 18:38:52 ----A---- C:\WINDOWS\003027_.tmp
2008-09-03 18:38:50 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-03 18:38:50 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-03 18:38:50 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-03 18:38:50 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-03 18:38:50 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-03 18:38:50 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-03 18:38:50 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-03 18:38:50 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-03 18:38:48 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-03 18:38:48 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-03 18:38:48 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-03 18:38:48 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-03 18:38:48 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-03 18:38:48 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-03 18:38:47 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-03 18:38:46 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-03 18:38:46 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-03 18:38:45 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-03 18:38:43 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-03 18:38:37 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-03 18:38:37 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-03 18:38:35 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-03 18:38:34 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-03 18:38:28 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-16 22:06:39 ----D---- C:\Documents and Settings\john\Application Data\AVS4YOU
2008-08-16 22:06:32 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-08-16 22:05:32 ----D---- C:\Program Files\Common Files\AVSMedia
2008-08-16 22:05:14 ----D---- C:\Program Files\AVS4YOU
2008-08-16 22:05:14 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2008-08-14 23:17:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-14 23:17:26 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-14 23:17:16 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 23:16:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-14 23:11:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 23:11:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-14 23:10:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-07 10:33:46 ----A---- C:\WINDOWS\Anw_IP.ini
2008-08-06 13:24:49 ----D---- C:\Documents and Settings\john\Application Data\ScanSoft
2008-08-06 13:15:34 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2008-08-06 13:14:39 ----A---- C:\WINDOWS\logfile.txt
2008-08-06 13:14:37 ----A---- C:\WINDOWS\system32\vizMicro.dll
2008-08-06 13:14:35 ----A---- C:\WINDOWS\system32\Ltwvc13n.dll
2008-08-06 13:14:31 ----D---- C:\Program Files\Visioneer OneTouch
2008-08-06 13:13:19 ----A---- C:\WINDOWS\maxlink.ini
2008-08-06 13:13:00 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2008-08-06 13:12:50 ----D---- C:\Program Files\ScanSoft
2008-08-06 13:12:50 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-07-22 19:22:27 ----D---- C:\Documents and Settings\john\Application Data\U3

======List of files/folders modified in the last 3 months======

2008-10-13 21:49:43 ----D---- C:\WINDOWS\Temp
2008-10-13 20:32:34 ----HD---- C:\WINDOWS\inf
2008-10-13 20:32:33 ----D---- C:\WINDOWS\system32
2008-10-13 20:32:32 ----D---- C:\WINDOWS
2008-10-13 20:31:51 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-13 19:53:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-13 19:53:33 ----D---- C:\WINDOWS\system32\drivers
2008-10-13 19:52:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-13 19:49:41 ----AD---- C:\Program Files
2008-10-12 23:07:11 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-11 15:17:49 ----SHD---- C:\WINDOWS\Installer
2008-10-11 15:17:49 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-11 15:17:44 ----D---- C:\Program Files\Lavasoft
2008-10-05 08:43:30 ----D---- C:\Program Files\McAfee
2008-10-04 08:39:29 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-03 19:57:10 ----A---- C:\WINDOWS\NeroDigital.ini
2008-09-29 03:08:54 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-24 22:10:01 ----D---- C:\Program Files\World of Warcraft
2008-09-12 14:50:32 ----D---- C:\Program Files\Java
2008-09-10 00:14:12 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-10 00:09:47 ----D---- C:\WINDOWS\WinSxS
2008-09-09 14:07:01 ----D---- C:\Program Files\MSN Messenger
2008-09-07 22:11:07 ----A---- C:\WINDOWS\imsins.BAK
2008-09-07 19:54:36 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-07 12:08:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-07 12:07:26 ----D---- C:\WINDOWS\Debug
2008-09-07 12:05:26 ----D---- C:\WINDOWS\system32\Setup
2008-09-07 12:05:26 ----D---- C:\Program Files\Messenger
2008-09-07 12:05:25 ----D---- C:\WINDOWS\system32\wbem
2008-09-07 12:05:25 ----D---- C:\WINDOWS\AppPatch
2008-09-07 12:05:24 ----RSD---- C:\WINDOWS\Fonts
2008-09-07 12:03:13 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-07 12:01:14 ----D---- C:\WINDOWS\security
2008-09-07 11:53:59 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-07 11:53:58 ----D---- C:\WINDOWS\network diagnostic
2008-09-07 11:53:58 ----D---- C:\WINDOWS\ime
2008-09-07 11:53:58 ----D---- C:\WINDOWS\Help
2008-09-07 11:53:30 ----D---- C:\WINDOWS\system32\usmt
2008-09-07 11:53:30 ----D---- C:\WINDOWS\system32\en-US
2008-09-07 11:53:23 ----D---- C:\WINDOWS\PeerNet
2008-09-07 11:53:22 ----D---- C:\Program Files\Movie Maker
2008-09-07 11:48:12 ----D---- C:\WINDOWS\system32\Restore
2008-09-07 11:48:11 ----D---- C:\WINDOWS\system32\npp
2008-09-07 11:48:11 ----D---- C:\WINDOWS\mui
2008-09-07 11:48:07 ----D---- C:\WINDOWS\msagent
2008-09-07 11:48:05 ----D---- C:\WINDOWS\srchasst
2008-09-07 11:48:02 ----D---- C:\Program Files\NetMeeting
2008-09-07 11:47:59 ----D---- C:\WINDOWS\system32\Com
2008-09-07 11:47:53 ----D---- C:\Program Files\Windows Media Player
2008-09-07 11:47:45 ----D---- C:\Program Files\Wi