1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive [InActive] Unknown Malware

Discussion in 'Malware and Virus Removal Archive' started by newberrydc, 2008/10/09.

  1. 2008/10/09
    newberrydc

    newberrydc Inactive Thread Starter

    Joined:
    2008/10/09
    Messages:
    7
    Likes Received:
    0
    I tried to install what is now apparently a milicious burned copy of Zoo Tycoon 2 I got from a friend (he never tried to install it). The autorun ran the setup.exe but nothing happened. A minute later, I started getting multiple messages popping up from Windows defender concerning different trojans. I was able to halt the attacks, ran Ad aware, then reboot. After reboot, I consistently get a message stating that the system was logging off because plug and play services terminated unexpectedly. I have been able to stop the constant rebooting by going into safemode and typing "shutdown -a" and am now running another ad-aware scan. I realize this will not fix it. What is my best option for determining what is attacking the system and how best to remove it?

    I am running Vista Ultimate 32-bit. One other thing to point out is that it keeps creating a url link on my desktop labeled "Gay Fetish Sex ".

    I am presently posting from my laptop as I'm still trying to regain internet connectivity for my desktop. Any help would be appreciated!
     
    Last edited: 2008/10/09
    newberrydc,
    #1
  2. 2008/10/09
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    You'll have to follow the notes posted here to get help.
     
    Admin.,
    #2


  3. to hide this advert.

  4. 2008/10/09
    newberrydc

    newberrydc Inactive Thread Starter

    Joined:
    2008/10/09
    Messages:
    7
    Likes Received:
    0
    Update

    A quick update. I was able to get control of my main pc and can now access the internet. Performance is very sluggish and I keep getting a popup from Spyware Doctor saying that "sft_ver1.1454.0.exe" has been blocked. I also have continous attempts to access my cmd.exe and the directory "PCHealthCenter" being created in my Program Files directory. As requested, here are my logs:

    ***log.txt***

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Family at 2008-10-09 15:43:27
    Microsoft® Windows Vistaâ„¢ Ultimate Service Pack 1
    System drive C: has 1118 GB (78%) free of 1431 GB
    Total RAM: 3326 MB (69% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:43:41 PM, on 10/9/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\nvraidservice.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Users\Family\AppData\Roaming\Adobe\Player.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\IoctlSvc.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Users\Family\AppData\Local\Temp\sft_ver1.1454.0.exe
    \?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Users\Family\Desktop\RSIT.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\trend micro\Family.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: QXK Olive - {00AA97B1-A3C3-4DA5-89BC-BEE764C2E263} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: olnmraew - {C741C3AB-8689-4B5E-AE8A-B4A1C212C456} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe "
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe "
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe "
    O4 - HKCU\..\Run: [] C:\Users\Family\AppData\Roaming\Adobe\Player.exe
    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: acaptuser32.dll
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

    --
    End of file - 10265 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\User_Feed_Synchronization-{7371D8D1-5B8C-4059-8376-2C38655594C2}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00AA97B1-A3C3-4DA5-89BC-BEE764C2E263}]
    QXK Olive

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 1437696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
    Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
    Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
    SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
    {C741C3AB-8689-4B5E-AE8A-B4A1C212C456} - []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender "=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
    "NVRaidService "=C:\Windows\system32\nvraidservice.exe [2006-12-11 184616]
    "SoundMAXPnP "=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-09-17 868352]
    "GrooveMonitor "=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
    "NBKeyScan "=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
    "Adobe Acrobat Speed Launcher "=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
    " "= []
    "Acrobat Assistant 8.0 "=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
    "SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "HP Software Update "=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
    "ISTray "=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]
    "NvCplDaemon "=C:\Windows\system32\NvCpl.dll [2008-09-17 13580832]
    "NvMediaCenter "=C:\Windows\system32\NvMcTray.dll [2008-09-17 92704]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
    "BitTorrent DNA "=C:\Program Files\DNA\btdna.exe [2008-09-17 289088]
    "igndlm.exe "=C:\Program Files\Download Manager\DLM.exe [2008-08-01 1103216]
    "BitTorrent "=C:\Program Files\BitTorrent\bittorrent.exe [2008-09-26 634672]
    " "=C:\Users\Family\AppData\Roaming\Adobe\Player.exe [2008-10-06 14848]
    "RegistryMechanic "=C:\Program Files\Registry Mechanic\RMTray.exe [2008-07-03 812952]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS "= "acaptuser32.dll "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
    Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-07-19 233888]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
    "{2AABD0C3-1B64-4DE0-AE17-BBBE806197F2} "= []

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "EnableLUA "=0
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1
    "EnableUIADesktopToggle "=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\BitTorrent\bittorrent.exe "= "C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ======List of files/folders created in the last 3 months======

    2008-10-09 15:23:34 ----D---- C:\Program Files\trend micro
    2008-10-09 15:23:33 ----D---- C:\rsit
    2008-10-09 15:15:52 ----A---- C:\Windows\system32\D3DX9_39.dll
    2008-10-09 15:14:49 ----D---- C:\Windows\nvtmpinst
    2008-10-09 15:11:13 ----A---- C:\Windows\system32\gpprefcl.dll
    2008-10-09 14:43:52 ----D---- C:\ProgramData\PC Tools
    2008-10-09 14:33:38 ----D---- C:\Program Files\Common Files\PC Tools
    2008-10-09 14:32:10 ----D---- C:\Users\Family\AppData\Roaming\PC Tools
    2008-10-09 14:26:58 ----A---- C:\Windows\system32\STKIT432.DLL
    2008-10-09 14:26:58 ----A---- C:\Windows\system32\msxml.dll
    2008-10-09 14:26:48 ----A---- C:\Windows\system32\pmnmnkiI.dll
    2008-10-09 13:40:26 ----D---- C:\Program Files\Registry Mechanic
    2008-10-09 13:20:03 ----D---- C:\Program Files\Spyware Doctor
    2008-10-09 12:50:47 ----D---- C:\Program Files\Enigma Software Group
    2008-10-09 12:13:18 ----D---- C:\Program Files\AntiMalware Pro
    2008-10-09 11:15:57 ----D---- C:\temp
    2008-10-09 10:51:17 ----D---- C:\Program Files\Lavasoft
    2008-10-09 10:51:16 ----D---- C:\ProgramData\Lavasoft
    2008-10-09 10:37:19 ----AD---- C:\ProgramData\TEMP
    2008-10-09 10:30:28 ----D---- C:\Program Files\MicroAntivirus
    2008-10-09 10:27:56 ----D---- C:\Windows\system32\xlib254.dll
    2008-10-09 10:27:56 ----D---- C:\Windows\system32\append.dll
    2008-10-06 15:20:12 ----D---- C:\Program Files\Microsoft Silverlight
    2008-10-06 11:41:42 ----D---- C:\Users\Family\AppData\Roaming\Microsoft Games
    2008-10-06 08:41:24 ----D---- C:\Users\Family\AppData\Roaming\Games
    2008-10-05 18:16:41 ----D---- C:\ProgramData\InstallShield
    2008-10-05 18:16:29 ----D---- C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP
    2008-10-05 18:05:26 ----D---- C:\Program Files\The Adventure Company
    2008-10-05 13:58:22 ----D---- C:\Program Files\Curse
    2008-10-01 21:37:13 ----D---- C:\Program Files\Sega
    2008-10-01 21:37:10 ----A---- C:\Windows\system32\xactengine2_9.dll
    2008-10-01 21:37:06 ----A---- C:\Windows\system32\xactengine2_8.dll
    2008-10-01 21:37:06 ----A---- C:\Windows\system32\x3daudio1_2.dll
    2008-10-01 21:37:04 ----A---- C:\Windows\system32\xactengine2_7.dll
    2008-10-01 21:37:03 ----A---- C:\Windows\system32\xactengine2_6.dll
    2008-10-01 21:37:03 ----A---- C:\Windows\system32\d3dx9_33.dll
    2008-10-01 21:37:03 ----A---- C:\Windows\system32\d3dx10_33.dll
    2008-10-01 21:37:03 ----A---- C:\Windows\system32\D3DCompiler_33.dll
    2008-10-01 21:37:02 ----A---- C:\Windows\system32\xactengine2_5.dll
    2008-10-01 21:37:01 ----A---- C:\Windows\system32\xactengine2_4.dll
    2008-10-01 21:37:01 ----A---- C:\Windows\system32\x3daudio1_1.dll
    2008-10-01 21:37:01 ----A---- C:\Windows\system32\d3dx9_32.dll
    2008-10-01 21:37:01 ----A---- C:\Windows\system32\d3dx10.dll
    2008-10-01 21:37:00 ----A---- C:\Windows\system32\xinput1_2.dll
    2008-10-01 21:37:00 ----A---- C:\Windows\system32\xactengine2_3.dll
    2008-10-01 21:37:00 ----A---- C:\Windows\system32\d3dx9_31.dll
    2008-10-01 21:36:59 ----A---- C:\Windows\system32\xinput1_1.dll
    2008-10-01 21:36:59 ----A---- C:\Windows\system32\xactengine2_2.dll
    2008-10-01 21:36:58 ----A---- C:\Windows\system32\xactengine2_1.dll
    2008-10-01 21:36:51 ----A---- C:\Windows\system32\xactengine2_0.dll
    2008-10-01 21:36:51 ----A---- C:\Windows\system32\x3daudio1_0.dll
    2008-10-01 21:36:51 ----A---- C:\Windows\system32\d3dx9_29.dll
    2008-10-01 21:36:50 ----A---- C:\Windows\system32\d3dx9_26.dll
    2008-10-01 21:36:50 ----A---- C:\Windows\system32\d3dx9_25.dll
    2008-10-01 21:36:50 ----A---- C:\Windows\system32\d3dx9_24.dll
    2008-09-30 23:05:08 ----D---- C:\Program Files\EA GAMES
    2008-09-30 23:05:07 ----RA---- C:\Windows\system32\vp6vfw.dll
    2008-09-29 13:16:18 ----D---- C:\Users\Family\AppData\Roaming\Ventrilo
    2008-09-29 13:15:47 ----D---- C:\Program Files\Ventrilo
    2008-09-29 12:29:52 ----A---- C:\Windows\ntbtlog.txt
    2008-09-28 21:30:28 ----D---- C:\ProgramData\WEBREG
    2008-09-28 21:27:53 ----D---- C:\Users\Family\AppData\Roaming\HP
    2008-09-28 21:27:29 ----D---- C:\ProgramData\HPSSUPPLY
    2008-09-28 21:25:22 ----D---- C:\Program Files\Common Files\Hewlett-Packard
    2008-09-28 21:25:21 ----D---- C:\Program Files\Hewlett-Packard
    2008-09-28 21:25:05 ----D---- C:\Program Files\Common Files\HP
    2008-09-28 21:19:52 ----D---- C:\Program Files\HP
    2008-09-28 21:10:17 ----D---- C:\ProgramData\HP
    2008-09-28 21:10:12 ----A---- C:\Windows\system32\hpzids01.dll
    2008-09-28 21:10:12 ----A---- C:\Windows\system32\hpowiav1.dll
    2008-09-28 21:10:12 ----A---- C:\Windows\system32\hpovst01.dll
    2008-09-28 21:10:12 ----A---- C:\Windows\system32\hpotscl1.dll
    2008-09-28 10:42:57 ----D---- C:\Users\Family\AppData\Roaming\SPORE
    2008-09-25 19:09:08 ----D---- C:\Users\Family\AppData\Roaming\skypePM
    2008-09-25 19:08:07 ----D---- C:\Users\Family\AppData\Roaming\Skype
    2008-09-25 10:31:35 ----D---- C:\Program Files\Skype
    2008-09-25 10:31:35 ----D---- C:\Program Files\Common Files\Skype
    2008-09-25 10:31:32 ----D---- C:\ProgramData\Skype
    2008-09-21 11:45:29 ----D---- C:\Program Files\The Witcher Demo
    2008-09-18 16:55:25 ----D---- C:\ProgramData\FLEXnet
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvwssr.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvwss.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvwgf2um.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvvitvsr.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvvitvs.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvudisp.exe
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvsvsr.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvsvs.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvoglv32.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvmoblsr.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvmobls.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvmccssr.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvmccss.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvmccsrs.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvmccs.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvgamesr.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvgames.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvdispsr.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvdisps.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvcuda.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvcolor.exe
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvcodhins.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvcodh.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvcod134.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvcod.dll
    2008-09-17 19:26:05 ----D---- C:\Users\Family\AppData\Roaming\IGN_DLM
    2008-09-17 18:04:35 ----D---- C:\Windows\system32\Adobe
    2008-09-17 14:25:13 ----D---- C:\Users\Family\AppData\Roaming\DivX
    2008-09-17 14:24:59 ----D---- C:\Music
    2008-09-17 08:40:38 ----D---- C:\Users\Family\AppData\Roaming\Mount&Blade
    2008-09-17 08:34:48 ----D---- C:\Program Files\Mount&Blade
    2008-09-17 07:15:06 ----RHD---- C:\Users\Family\AppData\Roaming\SecuROM
    2008-09-17 07:15:06 ----A---- C:\Windows\system32\CmdLineExt.dll
    2008-09-17 07:12:43 ----D---- C:\Program Files\GameSpy
    2008-09-17 07:11:35 ----D---- C:\Windows\system32\URTTEMP
    2008-09-17 07:10:10 ----A---- C:\Windows\system32\PnkBstrB.exe
    2008-09-17 07:10:08 ----A---- C:\Windows\system32\PnkBstrA.exe
    2008-09-17 07:10:08 ----A---- C:\Windows\system32\pbsvc.exe
    2008-09-17 07:10:06 ----A---- C:\Windows\system32\xinput1_3.dll
    2008-09-17 07:10:06 ----A---- C:\Windows\system32\d3dx9_35.dll
    2008-09-17 07:10:06 ----A---- C:\Windows\system32\d3dx9_34.dll
    2008-09-17 07:10:06 ----A---- C:\Windows\system32\d3dx10_35.dll
    2008-09-17 07:10:06 ----A---- C:\Windows\system32\d3dx10_34.dll
    2008-09-17 07:10:06 ----A---- C:\Windows\system32\D3DCompiler_35.dll
    2008-09-17 07:10:06 ----A---- C:\Windows\system32\D3DCompiler_34.dll
    2008-09-17 07:09:22 ----D---- C:\ProgramData\Media Center Programs
    2008-09-17 07:00:41 ----D---- C:\Program Files\Electronic Arts
    2008-09-17 05:04:12 ----D---- C:\Users\Family\AppData\Roaming\Mozilla
    2008-09-17 05:04:04 ----D---- C:\Program Files\Mozilla Firefox
    2008-09-17 04:57:13 ----D---- C:\Program Files\Download Manager
    2008-09-17 04:38:03 ----A---- C:\Windows\system32\javaws.exe
    2008-09-17 04:38:03 ----A---- C:\Windows\system32\javaw.exe
    2008-09-17 04:38:03 ----A---- C:\Windows\system32\java.exe
    2008-09-17 04:36:22 ----D---- C:\Program Files\Legend - Hand of God
    2008-09-17 04:25:40 ----D---- C:\NVIDIA
    2008-09-17 04:24:16 ----D---- C:\Windows\Panther
    2008-09-17 04:24:02 ----RAS---- C:\BOOTSECT.BAK
    2008-09-17 04:24:01 ----SHD---- C:\Boot
    2008-09-17 03:58:21 ----A---- C:\Windows\system32\d3dx9_27.dll
    2008-09-17 03:52:18 ----D---- C:\Users\Family\AppData\Roaming\FrostWire
    2008-09-17 03:51:58 ----D---- C:\Program Files\Java
    2008-09-17 03:51:57 ----D---- C:\Program Files\Common Files\Java
    2008-09-17 03:50:27 ----D---- C:\Program Files\FrostWire
    2008-09-17 03:42:19 ----D---- C:\Users\Family\AppData\Roaming\BitTorrent
    2008-09-17 03:42:13 ----D---- C:\Users\Family\AppData\Roaming\DNA
    2008-09-17 03:42:13 ----D---- C:\Program Files\DNA
    2008-09-17 03:42:13 ----D---- C:\Program Files\BitTorrent
    2008-09-17 03:34:56 ----D---- C:\Windows\Minidump
    2008-09-17 03:30:24 ----D---- C:\Program Files\Disney
    2008-09-17 03:30:07 ----D---- C:\Windows\Debug
    2008-09-17 03:27:40 ----D---- C:\Windows\SoftwareDistribution
    2008-09-17 03:26:14 ----D---- C:\Windows\CSC
    2008-09-17 03:24:55 ----SHD---- C:\System Volume Information
    2008-09-17 03:07:06 ----D---- C:\Windows\system32\AGEIA
    2008-09-17 03:07:06 ----D---- C:\Program Files\AGEIA Technologies
    2008-09-17 03:07:02 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2008-09-17 03:04:55 ----D---- C:\Program Files\Common Files\Macrovision Shared
    2008-09-17 03:04:45 ----RA---- C:\Windows\system32\AdobePDFUI.dll
    2008-09-17 03:02:41 ----D---- C:\Program Files\Common Files\PX Storage Engine
    2008-09-17 03:02:36 ----D---- C:\Program Files\DivX
    2008-09-17 03:02:13 ----D---- C:\ProgramData\Adobe
    2008-09-17 03:02:13 ----D---- C:\Program Files\Common Files\Adobe
    2008-09-17 03:02:13 ----D---- C:\Program Files\Adobe
    2008-09-17 02:57:14 ----A---- C:\Windows\NeroDigital.ini
    2008-09-17 02:54:23 ----D---- C:\Program Files\MSXML 4.0
    2008-09-17 02:33:33 ----D---- C:\Program Files\NeroInstall.bak
    2008-09-17 02:32:52 ----D---- C:\Users\Family\AppData\Roaming\Nero
    2008-09-17 02:32:25 ----A---- C:\Windows\system32\MsiExec.exe.log
    2008-09-17 02:31:17 ----A---- C:\Windows\system32\msshooks.dll
    2008-09-17 02:31:17 ----A---- C:\Windows\system32\msscb.dll
    2008-09-17 02:31:16 ----A---- C:\Windows\system32\thawbrkr.dll
    2008-09-17 02:31:16 ----A---- C:\Windows\system32\srchadmin.dll
    2008-09-17 02:31:16 ----A---- C:\Windows\system32\SearchFilterHost.exe
    2008-09-17 02:31:16 ----A---- C:\Windows\system32\propsys.dll
    2008-09-17 02:31:16 ----A---- C:\Windows\system32\propdefs.dll
    2008-09-17 02:31:16 ----A---- C:\Windows\system32\msstrc.dll
    2008-09-17 02:31:16 ----A---- C:\Windows\system32\mssprxy.dll
    2008-09-17 02:31:16 ----A---- C:\Windows\system32\mssitlb.dll
    2008-09-17 02:31:16 ----A---- C:\Windows\system32\msshsq.dll
    2008-09-17 02:31:16 ----A---- C:\Windows\system32\korwbrkr.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\xmlfilter.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\wsepno.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\tquery.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\SearchProtocolHost.exe
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\SearchIndexer.exe
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\rtffilt.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\offfilt.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\nlhtml.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\mssvp.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\mssrch.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\mssphtb.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\mssph.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\msscntrs.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\mimefilt.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\chtbrkr.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\chsbrkr.dll
    2008-09-17 02:30:49 ----D---- C:\ProgramData\Nero
    2008-09-17 02:30:49 ----D---- C:\Program Files\Nero
    2008-09-17 02:30:49 ----D---- C:\Program Files\Common Files\Nero
    2008-09-17 02:29:42 ----A---- C:\Windows\system32\d3dx9_30.dll
    2008-09-17 02:29:42 ----A---- C:\Windows\system32\d3dx9_28.dll
    2008-09-17 02:24:44 ----A---- C:\Windows\system32\msonpmon.dll
    2008-09-17 02:24:09 ----D---- C:\Users\Family\AppData\Roaming\WinRAR
    2008-09-17 02:24:01 ----D---- C:\Program Files\Microsoft Works
    2008-09-17 02:23:50 ----D---- C:\Program Files\Microsoft Visual Studio
    2008-09-17 02:23:50 ----D---- C:\Program Files\Common Files\DESIGNER
    2008-09-17 02:23:38 ----D---- C:\Windows\PCHEALTH
    2008-09-17 02:23:38 ----D---- C:\Program Files\Microsoft.NET
    2008-09-17 02:23:27 ----D---- C:\Program Files\WinRAR
    2008-09-17 02:22:18 ----D---- C:\Program Files\Microsoft Visual Studio 8
    2008-09-17 02:22:15 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
    2008-09-17 02:22:15 ----A---- C:\Windows\system32\Apphlpdm.dll
    2008-09-17 02:21:27 ----D---- C:\Program Files\Microsoft Office
    2008-09-17 02:21:26 ----D---- C:\ProgramData\Microsoft Help
    2008-09-17 02:21:21 ----SHD---- C:\Windows\Installer
    2008-09-17 02:21:13 ----RHD---- C:\MSOCache
    2008-09-17 02:11:28 ----D---- C:\Program Files\Analog Devices
    2008-09-17 02:10:39 ----D---- C:\Program Files\DAEMON Tools Lite
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionzht.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionzhc.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectiontr.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionth.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionsv.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionsl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionsk.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionru.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionptb.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionpt.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionpl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionno.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionnl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionko.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionja.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionit.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionhu.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionhe.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionfr.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionfi.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectiones.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionenu.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectioneng.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionel.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionde.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionda.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectioncs.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionar.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\nvsataconnection.exe
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardzht.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardzhc.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardtr.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardth.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardsv.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardsl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardsk.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardru.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardptb.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardpt.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardpl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardno.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardnl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardko.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardja.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardit.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardhu.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardhe.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardfr.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardfi.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardes.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardenu.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardeng.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardel.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardde.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardda.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardcs.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardar.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvzht.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvzhc.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvtr.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvth.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvsv.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvsl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvsk.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvru.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvptb.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvpt.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvpl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvno.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvnl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvko.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvja.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvit.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvhu.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvhe.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvfr.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvfi.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSves.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvenu.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSveng.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvel.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvde.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvda.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvcs.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvar.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\nvraidservice.exe
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerzht.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerzhc.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServertr.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerth.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServersv.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServersl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServersk.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerru.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerptb.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerpt.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerpl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerno.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServernl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerko.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerja.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerit.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerhu.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerhe.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerfr.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerfi.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServeres.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerenu.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServereng.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerel.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerde.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerda.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServercs.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerar.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServer.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\nvcplUIR.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\MSVCR71.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\MSVCP71.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\MFC71.dll
    2008-09-17 02:07:12 ----A---- C:\Windows\system32\NvRaidWizard.dll
    2008-09-17 02:01:09 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-09-17 02:01:09 ----D---- C:\Program Files\REALTEK RTL8187 Wireless LAN Driver
    2008-09-17 02:01:01 ----D---- C:\Users\Family\AppData\Roaming\InstallShield
    2008-09-17 01:59:34 ----D---- C:\Users\Family\AppData\Roaming\DAEMON Tools
    2008-09-17 01:57:25 ----D---- C:\ProgramData\NVIDIA
    2008-09-17 01:55:33 ----D---- C:\Program Files\BitLocker
    2008-09-17 01:49:45 ----A---- C:\Windows\system32\DreamScene.dll
    2008-09-17 01:49:28 ----A---- C:\Windows\system32\tzres.dll
    2008-09-17 01:48:39 ----A---- C:\Windows\system32\SecureKeyBackupCPL.dll
    2008-09-17 01:45:16 ----A---- C:\Windows\system32\wininet.dll
    2008-09-17 01:45:16 ----A---- C:\Windows\system32\mshtml.dll
    2008-09-17 01:45:16 ----A---- C:\Windows\system32\ieframe.dll
    2008-09-17 01:45:15 ----A---- C:\Windows\system32\urlmon.dll
    2008-09-17 01:45:15 ----A---- C:\Windows\system32\mstime.dll
    2008-09-17 01:45:15 ----A---- C:\Windows\system32\jsproxy.dll
    2008-09-17 01:45:03 ----A---- C:\Windows\system32\IPSECSVC.DLL
    2008-09-17 01:44:57 ----A---- C:\Windows\system32\inetcomm.dll
    2008-09-17 01:44:57 ----A---- C:\Windows\system32\es.dll
    2008-09-17 01:44:56 ----A---- C:\Windows\system32\wmpeffects.dll
    2008-09-17 01:44:56 ----A---- C:\Windows\system32\emdmgmt.dll
    2008-09-17 01:44:56 ----A---- C:\Windows\system32\dataclen.dll
    2008-09-17 01:44:56 ----A---- C:\Windows\system32\cdd.dll
    2008-09-17 01:42:12 ----A---- C:\Windows\system32\nvexpbar.dll
    2008-09-17 01:42:12 ----A---- C:\Windows\system32\nvcplui.exe
    2008-09-17 01:41:53 ----A---- C:\Windows\system32\NVUNINST.EXE
    2008-09-17 01:41:52 ----D---- C:\Program Files\Common Files\InstallShield
    2008-09-17 01:39:45 ----A---- C:\Windows\system32\wups2.dll
    2008-09-17 01:39:45 ----A---- C:\Windows\system32\wucltux.dll
    2008-09-17 01:39:45 ----A---- C:\Windows\system32\wuaueng.dll
    2008-09-17 01:39:45 ----A---- C:\Windows\system32\wuauclt.exe
    2008-09-17 01:39:40 ----A---- C:\Windows\system32\wups.dll
    2008-09-17 01:39:40 ----A---- C:\Windows\system32\wudriver.dll
    2008-09-17 01:39:40 ----A---- C:\Windows\system32\wuapi.dll
    2008-09-17 01:39:37 ----A---- C:\Windows\system32\wuwebv.dll
    2008-09-17 01:39:37 ----A---- C:\Windows\system32\wuapp.exe
    2008-09-17 01:38:54 ----D---- C:\Windows\system32\Macromed
    2008-09-17 01:38:54 ----D---- C:\Users\Family\AppData\Roaming\Macromedia
    2008-09-17 01:38:54 ----D---- C:\Users\Family\AppData\Roaming\Adobe
    2008-09-16 23:32:54 ----D---- C:\Users\Family\AppData\Roaming\Identities
    2008-09-16 23:32:47 ----SD---- C:\Users\Family\AppData\Roaming\Microsoft
    2008-09-16 23:32:47 ----D---- C:\Users\Family\AppData\Roaming\Media Center Programs
    2008-08-28 10:50:50 ----A---- C:\Windows\system32\soundschemes2.exe
    2008-08-15 23:22:00 ----A---- C:\Windows\system32\dpinst.exe
    2008-08-05 17:02:16 ----A---- C:\Windows\system32\DivXsm.exe
    2008-08-05 17:02:12 ----A---- C:\Windows\system32\qt-dx331.dll
    2008-08-05 17:00:00 ----A---- C:\Windows\system32\ssldivx.dll
    2008-08-05 17:00:00 ----A---- C:\Windows\system32\libdivx.dll
    2008-08-05 16:59:04 ----A---- C:\Windows\system32\dtu100.dll.manifest
    2008-08-05 16:59:04 ----A---- C:\Windows\system32\dtu100.dll
    2008-08-05 16:59:04 ----A---- C:\Windows\system32\dpl100.dll.manifest
    2008-08-05 16:59:04 ----A---- C:\Windows\system32\dpl100.dll
    2008-08-05 16:59:02 ----A---- C:\Windows\system32\dpuGUI10.dll
    2008-08-05 16:59:00 ----A---- C:\Windows\system32\dpv11.dll
    2008-08-05 16:59:00 ----A---- C:\Windows\system32\dpus11.dll
    2008-08-05 16:59:00 ----A---- C:\Windows\system32\dpuGUI11.dll
    2008-08-05 16:59:00 ----A---- C:\Windows\system32\dpu11.dll
    2008-08-05 16:59:00 ----A---- C:\Windows\system32\dpu10.dll
    2008-08-05 16:58:58 ----A---- C:\Windows\system32\divx_xx11.dll
    2008-08-05 16:58:58 ----A---- C:\Windows\system32\divx_xx0c.dll
    2008-08-05 16:58:58 ----A---- C:\Windows\system32\divx_xx0a.dll
    2008-08-05 16:58:58 ----A---- C:\Windows\system32\divx_xx07.dll
    2008-08-05 16:58:56 ----A---- C:\Windows\system32\DivX.dll
    2008-08-05 16:58:32 ----A---- C:\Windows\system32\DivXCodecVersionChecker.exe
    2008-08-05 16:58:14 ----A---- C:\Windows\system32\DivXWMPExtType.dll
    2008-08-01 11:05:34 ----A---- C:\Windows\system32\PhysXLoader.dll

    ======List of files/folders modified in the last 3 months======

    2008-10-09 17:23:28 ----D---- C:\Windows\system32\config
    2008-10-09 17:23:23 ----D---- C:\Windows\Tasks
    2008-10-09 17:23:23 ----D---- C:\Windows\system32\Tasks
    2008-10-09 17:23:23 ----D---- C:\Windows\system32\spool
    2008-10-09 17:23:23 ----D---- C:\Windows\system32\Msdtc
    2008-10-09 17:23:23 ----D---- C:\Windows\system32\CodeIntegrity
    2008-10-09 17:23:18 ----D---- C:\Windows\system32\wbem
    2008-10-09 15:43:29 ----D---- C:\Windows\System32
    2008-10-09 15:43:29 ----D---- C:\Windows\inf
    2008-10-09 15:43:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2008-10-09 15:43:26 ----D---- C:\Windows\Temp
    2008-10-09 15:43:10 ----RD---- C:\Program Files
    2008-10-09 15:37:40 ----D---- C:\Windows\system32\drivers
    2008-10-09 15:16:45 ----D---- C:\Windows\winsxs
    2008-10-09 15:15:50 ----D---- C:\Windows\Logs
    2008-10-09 15:15:44 ----D---- C:\Program Files\Microsoft Games
    2008-10-09 15:15:41 ----D---- C:\Windows\system32\catroot2
    2008-10-09 15:15:41 ----D---- C:\Windows\system32\catroot
    2008-10-09 15:15:08 ----D---- C:\Windows
    2008-10-09 15:11:42 ----D---- C:\Windows\system32\en-US
    2008-10-09 15:09:46 ----D---- C:\Windows\registration
    2008-10-09 15:09:01 ----D---- C:\Program Files\Internet Explorer
    2008-10-09 14:47:38 ----HD---- C:\ProgramData
    2008-10-09 14:33:38 ----D---- C:\Program Files\Common Files
    2008-10-09 10:26:38 ----D---- C:\Windows\Prefetch
    2008-10-05 18:05:26 ----SD---- C:\Windows\Downloaded Program Files
    2008-10-01 22:02:30 ----RSD---- C:\Windows\assembly
    2008-10-01 22:02:30 ----D---- C:\Windows\Microsoft.NET
    2008-09-28 21:27:47 ----A---- C:\Windows\win.ini
    2008-09-28 21:25:26 ----D---- C:\Windows\twain_32
    2008-09-28 14:39:07 ----D---- C:\Windows\system32\WDI
    2008-09-22 12:22:07 ----D---- C:\Windows\system32\NDF
    2008-09-21 11:48:54 ----SD---- C:\ProgramData\Microsoft
    2008-09-18 06:55:59 ----D---- C:\Windows\rescache
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvvsvc.exe
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvsvc.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvmctray.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvd3dum.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvcpl.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvapi.dll
    2008-09-17 07:10:08 ----D---- C:\Windows\system32\LogFiles
    2008-09-17 06:59:41 ----D---- C:\Program Files\Common Files\microsoft shared
    2008-09-17 03:03:14 ----RSD---- C:\Windows\Fonts
    2008-09-17 02:33:57 ----D---- C:\Windows\AppPatch
    2008-09-17 02:33:56 ----D---- C:\Windows\PolicyDefinitions
    2008-09-17 02:30:48 ----D---- C:\Windows\Cursors
    2008-09-17 02:30:34 ----D---- C:\Program Files\Windows Mail
    2008-09-17 02:23:56 ----D---- C:\Program Files\MSBuild
    2008-09-17 02:23:49 ----D---- C:\Windows\ShellNew
    2008-09-17 02:21:58 ----D---- C:\Program Files\Common Files\System
    2008-09-17 02:00:07 ----A---- C:\Windows\system32\SmaxCo.dll
    2008-09-17 02:00:06 ----A---- C:\Windows\system32\AEADIExt.dll
    2008-09-17 02:00:06 ----A---- C:\Windows\system32\AEADIAPO.dll
    2008-09-17 01:55:34 ----D---- C:\Windows\Web
    2008-09-17 01:55:33 ----D---- C:\Windows\system32\migration
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\zh-TW
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\zh-CN
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\uk-UA
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\tr-TR
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\th-TH
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\sv-SE
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\sr-Latn-CS
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\sl-SI
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\sk-SK
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\ru-RU
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\ro-RO
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\pt-PT
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\pt-BR
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\pl-PL
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\nl-NL
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\nb-NO
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\lv-LV
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\lt-LT
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\ko-KR
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\ja-JP
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\it-IT
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\hu-HU
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\hr-HR
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\he-IL
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\fr-FR
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\fi-FI
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\et-EE
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\es-ES
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\el-GR
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\de-DE
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\da-DK
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\cs-CZ
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\bg-BG
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\ar-SA
    2008-09-17 01:48:37 ----RSD---- C:\Windows\Media
    2008-09-17 01:42:12 ----D---- C:\Windows\Help
    2008-09-17 01:39:30 ----D---- C:\Windows\system32\restore
    2008-09-16 23:33:04 ----SHD---- C:\$Recycle.Bin
    2008-09-16 23:32:37 ----RD---- C:\Users
    2008-08-26 13:28:14 ----A---- C:\Windows\system32\mrt.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-20 350720]
    R1 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2008-08-25 66952]
    R1 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2008-08-25 81288]
    R1 pctfw2;pctfw2; \??\C:\Windows\System32\drivers\pctfw2.sys [2008-10-09 160792]
    R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2008-10-05 278984]
    R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2008-10-05 25416]
    R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2008-09-17 316928]
    R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-20 131584]
    R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-20 16384]
    R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-20 36864]
    R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
    R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-18 1040544]
    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-17 7379872]
    R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187.sys [2008-06-27 335872]
    R3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [2008-10-09 33088]
    R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
    R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
    S3 avitv8l3;avitv8l3; C:\Windows\system32\drivers\avitv8l3.sys []
    S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
    S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
    S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
    S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
    S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
    S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-20 21504]
    R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
    R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
    R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
    R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-17 196608]
    R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
    R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-09-17 66872]
    R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
    R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-09-22 1079176]
    R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
    R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
    R3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2008-10-09 66880]
    S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-20 21504]
    S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-20 33800]
    S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-20 523776]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-17 651720]
    S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-20 21504]
    S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-20 917504]

    -----------------EOF-----------------
     
    newberrydc,
    #3
  5. 2008/10/09
    newberrydc

    newberrydc Inactive Thread Starter

    Joined:
    2008/10/09
    Messages:
    7
    Likes Received:
    0
    info.txt

    ***info.txt***

    info.txt logfile of random's system information tool 1.04 2008-10-09 15:43:45

    ======Uninstall list======

    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
    -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
    -->C:\Windows\UNNeroShowTime.exe /UNINSTALL
    -->C:\Windows\UNNeroVision.exe /UNINSTALL
    -->C:\Windows\UNRecode.exe /UNINSTALL
    -->MsiExec /X{AFD5ED58-271A-4907-96C2-2745C83BB035}
    32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
    Adobe Acrobat 9 Pro Extended - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
    Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
    Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
    Disney Pirates of the Caribbean Online-->C:\Program Files\Disney\Disney Online\PiratesOnline\uninst.exe
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Download Manager 2.3.7-->C:\Program Files\Download Manager\uninst.exe
    Dracula Origin-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35A0C956-ACF1-41AB-89DE-1772C8A27ACB}\setup.exe" -l0x9 -removeonly
    FrostWire 4.17.0-->C:\Program Files\FrostWire\Uninstall.exe
    GPGNet-->MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
    HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
    HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
    HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
    HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
    HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
    HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B-->C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
    HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
    HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
    HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Legend - Hand of God--> "C:\Program Files\InstallShield Installation Information\{FAB5D969-FAC4-4AD2-9565-617A4A2F7159}\Setup.exe" -runfromtemp -l0x0009 -removeonly
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
    Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007--> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
    Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
    Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual J# 2.0 Redistributable Package-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
    Mount&Blade-->C:\Program Files\Mount&Blade\uninstall.exe
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    Nero 8-->MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891033}
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
    NVIDIA PhysX v8.08.18-->MsiExec.exe /X{AFD5ED58-271A-4907-96C2-2745C83BB035}
    PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
    REALTEK RTL8187 Wireless LAN Driver-->C:\Program Files\InstallShield Installation Information\{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}\SETUP.EXE -v "ISSCRIPTCMDLINE=\ "-d -zREMOVE\" " -l0x0009 -removeonly
    Registry Mechanic 8.0--> "C:\Program Files\Registry Mechanic\unins000.exe" /Log
    Skypeâ„¢ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    SoundMAX-->C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly
    Space Siege-->C:\Program Files\InstallShield Installation Information\{BE98A2FE-F4DE-4083-BCB1-7E9E63A11E6E}\setup.exe -runfromtemp -l0x0009 -removeonly
    SPOREâ„¢--> "C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0009 -removeonly
    Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
    The Sims 2 Family Fun Stuff-->C:\Program Files\EA GAMES\The Sims 2 Family Fun Stuff\EAUninstall.exe
    The Sims 2 Glamour Life Stuff-->C:\Program Files\EA GAMES\The Sims 2 Glamour Life Stuff\EAUninstall.exe
    The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
    The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
    The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
    The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
    The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
    The Simsâ„¢ 2 Apartment Life-->C:\Program Files\EA GAMES\The Sims 2 Apartment Life\EAUninstall.exe
    The Simsâ„¢ 2 Bon Voyage-->C:\Program Files\EA GAMES\The Sims 2 Bon Voyage\EAUninstall.exe
    The Simsâ„¢ 2 Celebration! Stuff-->C:\Program Files\EA GAMES\The Sims 2 Celebration! Stuff\EAUninstall.exe
    The Simsâ„¢ 2 FreeTime-->C:\Program Files\EA GAMES\The Sims 2 FreeTime\EAUninstall.exe
    The Simsâ„¢ 2 H&M® Fashion Stuff-->C:\Program Files\EA GAMES\The Sims 2 H&M® Fashion Stuff\EAUninstall.exe
    The Simsâ„¢ 2 IKEA® Home Stuff-->C:\Program Files\EA GAMES\The Sims 2 IKEA® Home Stuff\EAUninstall.exe
    The Simsâ„¢ 2 Kitchen & Bath Interior Design Stuff-->C:\Program Files\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\EAUninstall.exe
    The Simsâ„¢ 2 Seasons-->C:\Program Files\EA GAMES\The Sims 2 Seasons\EAUninstall.exe
    The Simsâ„¢ 2 Teen Style Stuff-->C:\Program Files\EA GAMES\The Sims 2 Teen Style Stuff\EAUninstall.exe
    Ultimate Extras sounds from Microsoft® Tinkerâ„¢-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound2.inf,Uninstall
    VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
    Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
    Warhammer Online - Age of Reckoning -->C:\Program Files\Electronic Arts\Warhammer Online - Age of Reckoning\uninst2.exe
    Windows Sound Schemes-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

    ======Security center information======

    AS: Windows Defender

    ======Environment variables======

    "ComSpec "=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK "=NO
    "OS "=Windows_NT
    "Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
    "PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE "=x86
    "TEMP "=%SystemRoot%\TEMP
    "TMP "=%SystemRoot%\TEMP
    "USERNAME "=SYSTEM
    "windir "=%SystemRoot%
    "PROCESSOR_LEVEL "=15
    "PROCESSOR_IDENTIFIER "=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
    "PROCESSOR_REVISION "=4303
    "NUMBER_OF_PROCESSORS "=2
    "TRACE_FORMAT_SEARCH_PATH "=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
    "DFSTRACINGON "=FALSE

    -----------------EOF-----------------
     
    newberrydc,
    #4
  6. 2008/10/10
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    Welcome to WindowsBBS.

    I see you have P2P software ( Limewire, BitTorrent uTorrent etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here,
    here and here.

    I would strongly recommend that you uninstall them,

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at Windowsbbs Malware and Virus removal.


    I don't see an Anti Virus program running on your system, Do you have one?

    Geri
     
    Geri,
    #5
  7. 2008/10/11
    newberrydc

    newberrydc Inactive Thread Starter

    Joined:
    2008/10/09
    Messages:
    7
    Likes Received:
    0
    Thanks you for the links concerning P2P and file-sharing Geri. I am aware of the risks involved with downloading unverified programs. I use BitTorrent to get episodes of shows that I miss while at work or out and about. Do you believe the program poses a torrent even when it's now downloading and/or the program is not running? I'm not familiar with all of the exploits of Windows Vista.

    I have Spyware Doctor 6.0 with Antivirus. It's different than I've seen in the past, however, as it states that it has an Antivirus engine in the program when I go into the System Status area. I purchased the program AFTER the attack on the system. Another quick question for you...I continously have a pop-up from Spyware Doctor stating that it has blocked an attempt by svchost.exe to access cmd.exe. In my processes lists, I have two instances of svchost.exe running...one using only a few thousand k of memory and other using almost 200 MB of memory. I know that svchost.exe is common, but am not sure if it's supposed to be accessing my command executable. Any ideas? After cleaning it thoroughly with the Spyware, Antivirus, and Registry Mechanic programs, it seems to be alright besides that instance being blocked. I am afraid to unblock it in case it's the actual malware hiding out someplace attempting to resurface. Any feedback would be greatly appreciated...for the sake of knowledge if nothing else. If it continues to be too much of a problem, I will wipe the system and ensure I've got all protective measures in place (I neglected it and look what happened).
     
    newberrydc,
    #6
  8. 2008/10/11
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    BitTorrent in it self is not the problem, it's who you are sharing files with that is the problem. There is just no way to know if the file you are getting is or is not coming from someones infected system.

    Not sure right off hand, I would have to do some research.

    You are showing things that should not be on your system so please do this.

    Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

    Double click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select 'Perform Quick Scan', then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Post the entire report in your next reply.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Please post the MBAM log and a new RSIT log.txt.

    Thanks
    Geri
     
    Geri,
    #7
  9. 2008/10/11
    newberrydc

    newberrydc Inactive Thread Starter

    Joined:
    2008/10/09
    Messages:
    7
    Likes Received:
    0
    Great program Geri. I ran it as requested and it came up with a few Trojans. On the PCTools Spyware Doctor, these trojans were previously deleted but apparently keep coming back. Hopefully MBAM was able to permanently remove them. Here are the resulting logs:

    ***MBAM***
    Malwarebytes' Anti-Malware 1.28
    Database version: 1255
    Windows 6.0.6001 Service Pack 1

    10/11/2008 9:39:08 AM
    mbam-log-2008-10-11 (09-39-08).txt

    Scan type: Quick Scan
    Objects scanned: 49420
    Time elapsed: 2 minute(s), 37 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 3
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 3
    Files Infected: 9

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{2aabd0c3-1b64-4de0-ae17-bbbe806197f2} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\olnmraew.bres (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\olnmraew.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Windows\System32\append.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\xlib254.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\MicroAntivirus (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Windows\System32\pmnmnkiI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Family\AppData\Local\Temp\smchk.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\MicroAntivirus\microAV.ooo (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\MicroAntivirus\microAV0.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\MicroAntivirus\microAV1.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
    C:\Users\Family\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\Family\AppData\Local\Temp\windfr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\Family\AppData\Local\Temp\pwrmgr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\Family\AppData\Local\Temp\myconfig.php (Trojan.FakeAlert) -> Quarantined and deleted successfully.
     
    newberrydc,
    #8
  10. 2008/10/11
    newberrydc

    newberrydc Inactive Thread Starter

    Joined:
    2008/10/09
    Messages:
    7
    Likes Received:
    0
    ***RSIT log.txt***
    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Family at 2008-10-11 09:44:07
    Microsoft® Windows Vistaâ„¢ Ultimate Service Pack 1
    System drive C: has 1083 GB (76%) free of 1431 GB
    Total RAM: 3326 MB (67% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:44:18 AM, on 10/11/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\nvraidservice.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\IoctlSvc.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Registry Mechanic\regmech.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\System32\notepad.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe
    C:\Windows\system32\msfeedssync.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\Family\Desktop\RSIT.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\trend micro\Family.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: QXK Olive - {00AA97B1-A3C3-4DA5-89BC-BEE764C2E263} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: olnmraew - {C741C3AB-8689-4B5E-AE8A-B4A1C212C456} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe "
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe "
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe "
    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: acaptuser32.dll
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

    --
    End of file - 10230 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\User_Feed_Synchronization-{7371D8D1-5B8C-4059-8376-2C38655594C2}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00AA97B1-A3C3-4DA5-89BC-BEE764C2E263}]
    QXK Olive

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 1437696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
    Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
    Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
    SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
    {C741C3AB-8689-4B5E-AE8A-B4A1C212C456} - []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender "=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
    "NVRaidService "=C:\Windows\system32\nvraidservice.exe [2006-12-11 184616]
    "SoundMAXPnP "=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-09-17 868352]
    "GrooveMonitor "=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
    "NBKeyScan "=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
    "Adobe Acrobat Speed Launcher "=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
    " "= []
    "Acrobat Assistant 8.0 "=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
    "SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "HP Software Update "=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
    "ISTray "=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]
    "NvCplDaemon "=C:\Windows\system32\NvCpl.dll [2008-09-17 13580832]
    "NvMediaCenter "=C:\Windows\system32\NvMcTray.dll [2008-09-17 92704]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
    "BitTorrent DNA "=C:\Program Files\DNA\btdna.exe [2008-09-17 289088]
    "igndlm.exe "=C:\Program Files\Download Manager\DLM.exe [2008-08-01 1103216]
    "BitTorrent "=C:\Program Files\BitTorrent\bittorrent.exe [2008-09-26 634672]
    "RegistryMechanic "=C:\Program Files\Registry Mechanic\RMTray.exe [2008-07-03 812952]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS "= "acaptuser32.dll "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
    Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-07-19 233888]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
    "{2AABD0C3-1B64-4DE0-AE17-BBBE806197F2} "= []

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "EnableLUA "=0
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1
    "EnableUIADesktopToggle "=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\BitTorrent\bittorrent.exe "= "C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{918d7137-8487-11dd-a6d8-001d606f5402}]
    shell\AutoRun\command - F:\autorun.exe


    ======List of files/folders created in the last 3 months======

    2008-10-11 09:30:17 ----D---- C:\Users\Family\AppData\Roaming\Malwarebytes
    2008-10-11 09:30:12 ----D---- C:\ProgramData\Malwarebytes
    2008-10-11 09:30:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-10 15:59:00 ----D---- C:\Program Files\Sony
    2008-10-10 15:59:00 ----D---- C:\Program Files\Flying Lab Software
    2008-10-09 23:38:17 ----D---- C:\Program Files\Global Star
    2008-10-09 15:23:34 ----D---- C:\Program Files\trend micro
    2008-10-09 15:23:33 ----D---- C:\rsit
    2008-10-09 15:15:52 ----A---- C:\Windows\system32\D3DX9_39.dll
    2008-10-09 15:14:49 ----D---- C:\Windows\nvtmpinst
    2008-10-09 15:11:13 ----A---- C:\Windows\system32\gpprefcl.dll
    2008-10-09 14:43:52 ----D---- C:\ProgramData\PC Tools
    2008-10-09 14:33:38 ----D---- C:\Program Files\Common Files\PC Tools
    2008-10-09 14:32:10 ----D---- C:\Users\Family\AppData\Roaming\PC Tools
    2008-10-09 14:26:58 ----A---- C:\Windows\system32\STKIT432.DLL
    2008-10-09 14:26:58 ----A---- C:\Windows\system32\msxml.dll
    2008-10-09 13:40:26 ----D---- C:\Program Files\Registry Mechanic
    2008-10-09 13:20:03 ----D---- C:\Program Files\Spyware Doctor
    2008-10-09 12:50:47 ----D---- C:\Program Files\Enigma Software Group
    2008-10-09 12:13:18 ----D---- C:\Program Files\AntiMalware Pro
    2008-10-09 11:15:57 ----D---- C:\temp
    2008-10-09 10:51:17 ----D---- C:\Program Files\Lavasoft
    2008-10-09 10:51:16 ----D---- C:\ProgramData\Lavasoft
    2008-10-09 10:37:19 ----AD---- C:\ProgramData\TEMP
    2008-10-06 15:20:12 ----D---- C:\Program Files\Microsoft Silverlight
    2008-10-06 11:41:42 ----D---- C:\Users\Family\AppData\Roaming\Microsoft Games
    2008-10-06 08:41:24 ----D---- C:\Users\Family\AppData\Roaming\Games
    2008-10-05 18:16:41 ----D---- C:\ProgramData\InstallShield
    2008-10-05 18:16:29 ----D---- C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP
    2008-10-05 18:05:26 ----D---- C:\Program Files\The Adventure Company
    2008-10-05 13:58:22 ----D---- C:\Program Files\Curse
    2008-10-01 21:37:13 ----D---- C:\Program Files\Sega
    2008-10-01 21:37:10 ----A---- C:\Windows\system32\xactengine2_9.dll
    2008-10-01 21:37:06 ----A---- C:\Windows\system32\xactengine2_8.dll
    2008-10-01 21:37:06 ----A---- C:\Windows\system32\x3daudio1_2.dll
    2008-10-01 21:37:04 ----A---- C:\Windows\system32\xactengine2_7.dll
    2008-10-01 21:37:03 ----A---- C:\Windows\system32\xactengine2_6.dll
    2008-10-01 21:37:03 ----A---- C:\Windows\system32\d3dx9_33.dll
    2008-10-01 21:37:03 ----A---- C:\Windows\system32\d3dx10_33.dll
    2008-10-01 21:37:03 ----A---- C:\Windows\system32\D3DCompiler_33.dll
    2008-10-01 21:37:02 ----A---- C:\Windows\system32\xactengine2_5.dll
    2008-10-01 21:37:01 ----A---- C:\Windows\system32\xactengine2_4.dll
    2008-10-01 21:37:01 ----A---- C:\Windows\system32\x3daudio1_1.dll
    2008-10-01 21:37:01 ----A---- C:\Windows\system32\d3dx9_32.dll
    2008-10-01 21:37:01 ----A---- C:\Windows\system32\d3dx10.dll
    2008-10-01 21:37:00 ----A---- C:\Windows\system32\xinput1_2.dll
    2008-10-01 21:37:00 ----A---- C:\Windows\system32\xactengine2_3.dll
    2008-10-01 21:37:00 ----A---- C:\Windows\system32\d3dx9_31.dll
    2008-10-01 21:36:59 ----A---- C:\Windows\system32\xinput1_1.dll
    2008-10-01 21:36:59 ----A---- C:\Windows\system32\xactengine2_2.dll
    2008-10-01 21:36:58 ----A---- C:\Windows\system32\xactengine2_1.dll
    2008-10-01 21:36:51 ----A---- C:\Windows\system32\xactengine2_0.dll
    2008-10-01 21:36:51 ----A---- C:\Windows\system32\x3daudio1_0.dll
    2008-10-01 21:36:51 ----A---- C:\Windows\system32\d3dx9_29.dll
    2008-10-01 21:36:50 ----A---- C:\Windows\system32\d3dx9_26.dll
    2008-10-01 21:36:50 ----A---- C:\Windows\system32\d3dx9_25.dll
    2008-10-01 21:36:50 ----A---- C:\Windows\system32\d3dx9_24.dll
    2008-09-30 23:05:08 ----D---- C:\Program Files\EA GAMES
    2008-09-30 23:05:07 ----RA---- C:\Windows\system32\vp6vfw.dll
    2008-09-29 13:16:18 ----D---- C:\Users\Family\AppData\Roaming\Ventrilo
    2008-09-29 13:15:47 ----D---- C:\Program Files\Ventrilo
    2008-09-29 12:29:52 ----A---- C:\Windows\ntbtlog.txt
    2008-09-28 21:30:28 ----D---- C:\ProgramData\WEBREG
    2008-09-28 21:27:53 ----D---- C:\Users\Family\AppData\Roaming\HP
    2008-09-28 21:27:29 ----D---- C:\ProgramData\HPSSUPPLY
    2008-09-28 21:25:22 ----D---- C:\Program Files\Common Files\Hewlett-Packard
    2008-09-28 21:25:21 ----D---- C:\Program Files\Hewlett-Packard
    2008-09-28 21:25:05 ----D---- C:\Program Files\Common Files\HP
    2008-09-28 21:19:52 ----D---- C:\Program Files\HP
    2008-09-28 21:10:17 ----D---- C:\ProgramData\HP
    2008-09-28 21:10:12 ----A---- C:\Windows\system32\hpzids01.dll
    2008-09-28 21:10:12 ----A---- C:\Windows\system32\hpowiav1.dll
    2008-09-28 21:10:12 ----A---- C:\Windows\system32\hpovst01.dll
    2008-09-28 21:10:12 ----A---- C:\Windows\system32\hpotscl1.dll
    2008-09-28 10:42:57 ----D---- C:\Users\Family\AppData\Roaming\SPORE
    2008-09-25 19:09:08 ----D---- C:\Users\Family\AppData\Roaming\skypePM
    2008-09-25 19:08:07 ----D---- C:\Users\Family\AppData\Roaming\Skype
    2008-09-25 10:31:35 ----D---- C:\Program Files\Skype
    2008-09-25 10:31:35 ----D---- C:\Program Files\Common Files\Skype
    2008-09-25 10:31:32 ----D---- C:\ProgramData\Skype
    2008-09-21 11:45:29 ----D---- C:\Program Files\The Witcher Demo
    2008-09-18 16:55:25 ----D---- C:\ProgramData\FLEXnet
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvwssr.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvwss.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvwgf2um.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvvitvsr.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvvitvs.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvudisp.exe
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvsvsr.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvsvs.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvoglv32.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvmoblsr.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvmobls.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvmccssr.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvmccss.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvmccsrs.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvmccs.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvgamesr.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvgames.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvdispsr.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvdisps.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvcuda.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvcolor.exe
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvcodhins.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvcodh.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvcod134.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvcod.dll
    2008-09-17 19:26:05 ----D---- C:\Users\Family\AppData\Roaming\IGN_DLM
    2008-09-17 18:04:35 ----D---- C:\Windows\system32\Adobe
    2008-09-17 14:25:13 ----D---- C:\Users\Family\AppData\Roaming\DivX
    2008-09-17 14:24:59 ----D---- C:\Music
    2008-09-17 08:40:38 ----D---- C:\Users\Family\AppData\Roaming\Mount&Blade
    2008-09-17 08:34:48 ----D---- C:\Program Files\Mount&Blade
    2008-09-17 07:15:06 ----RHD---- C:\Users\Family\AppData\Roaming\SecuROM
    2008-09-17 07:15:06 ----A---- C:\Windows\system32\CmdLineExt.dll
    2008-09-17 07:12:43 ----D---- C:\Program Files\GameSpy
    2008-09-17 07:11:35 ----D---- C:\Windows\system32\URTTEMP
    2008-09-17 07:10:10 ----A---- C:\Windows\system32\PnkBstrB.exe
    2008-09-17 07:10:08 ----A---- C:\Windows\system32\PnkBstrA.exe
    2008-09-17 07:10:08 ----A---- C:\Windows\system32\pbsvc.exe
    2008-09-17 07:10:06 ----A---- C:\Windows\system32\xinput1_3.dll
    2008-09-17 07:10:06 ----A---- C:\Windows\system32\d3dx9_35.dll
    2008-09-17 07:10:06 ----A---- C:\Windows\system32\d3dx9_34.dll
    2008-09-17 07:10:06 ----A---- C:\Windows\system32\d3dx10_35.dll
    2008-09-17 07:10:06 ----A---- C:\Windows\system32\d3dx10_34.dll
    2008-09-17 07:10:06 ----A---- C:\Windows\system32\D3DCompiler_35.dll
    2008-09-17 07:10:06 ----A---- C:\Windows\system32\D3DCompiler_34.dll
    2008-09-17 07:09:22 ----D---- C:\ProgramData\Media Center Programs
    2008-09-17 07:00:41 ----D---- C:\Program Files\Electronic Arts
    2008-09-17 05:04:12 ----D---- C:\Users\Family\AppData\Roaming\Mozilla
    2008-09-17 05:04:04 ----D---- C:\Program Files\Mozilla Firefox
    2008-09-17 04:57:13 ----D---- C:\Program Files\Download Manager
    2008-09-17 04:38:03 ----A---- C:\Windows\system32\javaws.exe
    2008-09-17 04:38:03 ----A---- C:\Windows\system32\javaw.exe
    2008-09-17 04:38:03 ----A---- C:\Windows\system32\java.exe
    2008-09-17 04:36:22 ----D---- C:\Program Files\Legend - Hand of God
    2008-09-17 04:25:40 ----D---- C:\NVIDIA
    2008-09-17 04:24:16 ----D---- C:\Windows\Panther
    2008-09-17 04:24:02 ----RAS---- C:\BOOTSECT.BAK
    2008-09-17 04:24:01 ----SHD---- C:\Boot
    2008-09-17 03:58:21 ----A---- C:\Windows\system32\d3dx9_27.dll
    2008-09-17 03:52:18 ----D---- C:\Users\Family\AppData\Roaming\FrostWire
    2008-09-17 03:51:58 ----D---- C:\Program Files\Java
    2008-09-17 03:51:57 ----D---- C:\Program Files\Common Files\Java
    2008-09-17 03:50:27 ----D---- C:\Program Files\FrostWire
    2008-09-17 03:42:19 ----D---- C:\Users\Family\AppData\Roaming\BitTorrent
    2008-09-17 03:42:13 ----D---- C:\Users\Family\AppData\Roaming\DNA
    2008-09-17 03:42:13 ----D---- C:\Program Files\DNA
    2008-09-17 03:42:13 ----D---- C:\Program Files\BitTorrent
    2008-09-17 03:34:56 ----D---- C:\Windows\Minidump
    2008-09-17 03:30:24 ----D---- C:\Program Files\Disney
    2008-09-17 03:30:07 ----D---- C:\Windows\Debug
    2008-09-17 03:27:40 ----D---- C:\Windows\SoftwareDistribution
    2008-09-17 03:26:14 ----D---- C:\Windows\CSC
    2008-09-17 03:24:55 ----SHD---- C:\System Volume Information
    2008-09-17 03:07:06 ----D---- C:\Windows\system32\AGEIA
    2008-09-17 03:07:06 ----D---- C:\Program Files\AGEIA Technologies
    2008-09-17 03:07:02 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2008-09-17 03:04:55 ----D---- C:\Program Files\Common Files\Macrovision Shared
    2008-09-17 03:04:45 ----RA---- C:\Windows\system32\AdobePDFUI.dll
    2008-09-17 03:02:41 ----D---- C:\Program Files\Common Files\PX Storage Engine
    2008-09-17 03:02:36 ----D---- C:\Program Files\DivX
    2008-09-17 03:02:13 ----D---- C:\ProgramData\Adobe
    2008-09-17 03:02:13 ----D---- C:\Program Files\Common Files\Adobe
    2008-09-17 03:02:13 ----D---- C:\Program Files\Adobe
    2008-09-17 02:57:14 ----A---- C:\Windows\NeroDigital.ini
    2008-09-17 02:54:23 ----D---- C:\Program Files\MSXML 4.0
    2008-09-17 02:33:33 ----D---- C:\Program Files\NeroInstall.bak
    2008-09-17 02:32:52 ----D---- C:\Users\Family\AppData\Roaming\Nero
    2008-09-17 02:32:25 ----A---- C:\Windows\system32\MsiExec.exe.log
    2008-09-17 02:31:17 ----A---- C:\Windows\system32\msshooks.dll
    2008-09-17 02:31:17 ----A---- C:\Windows\system32\msscb.dll
    2008-09-17 02:31:16 ----A---- C:\Windows\system32\thawbrkr.dll
    2008-09-17 02:31:16 ----A---- C:\Windows\system32\srchadmin.dll
    2008-09-17 02:31:16 ----A---- C:\Windows\system32\SearchFilterHost.exe
    2008-09-17 02:31:16 ----A---- C:\Windows\system32\propsys.dll
    2008-09-17 02:31:16 ----A---- C:\Windows\system32\propdefs.dll
    2008-09-17 02:31:16 ----A---- C:\Windows\system32\msstrc.dll
    2008-09-17 02:31:16 ----A---- C:\Windows\system32\mssprxy.dll
    2008-09-17 02:31:16 ----A---- C:\Windows\system32\mssitlb.dll
    2008-09-17 02:31:16 ----A---- C:\Windows\system32\msshsq.dll
    2008-09-17 02:31:16 ----A---- C:\Windows\system32\korwbrkr.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\xmlfilter.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\wsepno.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\tquery.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\SearchProtocolHost.exe
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\SearchIndexer.exe
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\rtffilt.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\offfilt.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\nlhtml.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\mssvp.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\mssrch.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\mssphtb.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\mssph.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\msscntrs.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\mimefilt.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\chtbrkr.dll
    2008-09-17 02:31:15 ----A---- C:\Windows\system32\chsbrkr.dll
    2008-09-17 02:30:49 ----D---- C:\ProgramData\Nero
    2008-09-17 02:30:49 ----D---- C:\Program Files\Nero
    2008-09-17 02:30:49 ----D---- C:\Program Files\Common Files\Nero
    2008-09-17 02:29:42 ----A---- C:\Windows\system32\d3dx9_30.dll
    2008-09-17 02:29:42 ----A---- C:\Windows\system32\d3dx9_28.dll
    2008-09-17 02:24:44 ----A---- C:\Windows\system32\msonpmon.dll
    2008-09-17 02:24:09 ----D---- C:\Users\Family\AppData\Roaming\WinRAR
    2008-09-17 02:24:01 ----D---- C:\Program Files\Microsoft Works
    2008-09-17 02:23:50 ----D---- C:\Program Files\Microsoft Visual Studio
    2008-09-17 02:23:50 ----D---- C:\Program Files\Common Files\DESIGNER
    2008-09-17 02:23:38 ----D---- C:\Windows\PCHEALTH
    2008-09-17 02:23:38 ----D---- C:\Program Files\Microsoft.NET
    2008-09-17 02:23:27 ----D---- C:\Program Files\WinRAR
    2008-09-17 02:22:18 ----D---- C:\Program Files\Microsoft Visual Studio 8
    2008-09-17 02:22:15 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
    2008-09-17 02:22:15 ----A---- C:\Windows\system32\Apphlpdm.dll
    2008-09-17 02:21:27 ----D---- C:\Program Files\Microsoft Office
    2008-09-17 02:21:26 ----D---- C:\ProgramData\Microsoft Help
    2008-09-17 02:21:21 ----SHD---- C:\Windows\Installer
    2008-09-17 02:21:13 ----RHD---- C:\MSOCache
    2008-09-17 02:11:28 ----D---- C:\Program Files\Analog Devices
    2008-09-17 02:10:39 ----D---- C:\Program Files\DAEMON Tools Lite
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionzht.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionzhc.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectiontr.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionth.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionsv.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionsl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionsk.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionru.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionptb.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionpt.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionpl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionno.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionnl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionko.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionja.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionit.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionhu.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionhe.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionfr.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionfi.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectiones.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionenu.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectioneng.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionel.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionde.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionda.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectioncs.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvSataConnectionar.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\nvsataconnection.exe
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardzht.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardzhc.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardtr.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardth.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardsv.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardsl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardsk.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardru.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardptb.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardpt.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardpl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardno.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardnl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardko.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardja.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardit.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardhu.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardhe.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardfr.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardfi.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardes.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardenu.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardeng.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardel.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardde.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardda.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardcs.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidWizardar.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvzht.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvzhc.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvtr.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvth.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvsv.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvsl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvsk.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvru.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvptb.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvpt.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvpl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvno.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvnl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvko.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvja.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvit.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvhu.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvhe.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvfr.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvfi.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSves.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvenu.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSveng.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvel.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvde.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvda.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvcs.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidSvar.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\nvraidservice.exe
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerzht.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerzhc.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServertr.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerth.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServersv.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServersl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServersk.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerru.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerptb.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerpt.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerpl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerno.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServernl.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerko.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerja.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerit.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerhu.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerhe.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerfr.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerfi.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServeres.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerenu.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServereng.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerel.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerde.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerda.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServercs.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServerar.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\NvRaidServer.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\nvcplUIR.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\MSVCR71.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\MSVCP71.dll
    2008-09-17 02:07:13 ----A---- C:\Windows\system32\MFC71.dll
    2008-09-17 02:07:12 ----A---- C:\Windows\system32\NvRaidWizard.dll
    2008-09-17 02:01:09 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-09-17 02:01:09 ----D---- C:\Program Files\REALTEK RTL8187 Wireless LAN Driver
    2008-09-17 02:01:01 ----D---- C:\Users\Family\AppData\Roaming\InstallShield
    2008-09-17 01:59:34 ----D---- C:\Users\Family\AppData\Roaming\DAEMON Tools
    2008-09-17 01:57:25 ----D---- C:\ProgramData\NVIDIA
    2008-09-17 01:55:33 ----D---- C:\Program Files\BitLocker
    2008-09-17 01:49:45 ----A---- C:\Windows\system32\DreamScene.dll
    2008-09-17 01:49:28 ----A---- C:\Windows\system32\tzres.dll
    2008-09-17 01:48:39 ----A---- C:\Windows\system32\SecureKeyBackupCPL.dll
    2008-09-17 01:45:16 ----A---- C:\Windows\system32\wininet.dll
    2008-09-17 01:45:16 ----A---- C:\Windows\system32\mshtml.dll
    2008-09-17 01:45:16 ----A---- C:\Windows\system32\ieframe.dll
    2008-09-17 01:45:15 ----A---- C:\Windows\system32\urlmon.dll
    2008-09-17 01:45:15 ----A---- C:\Windows\system32\mstime.dll
    2008-09-17 01:45:15 ----A---- C:\Windows\system32\jsproxy.dll
    2008-09-17 01:45:03 ----A---- C:\Windows\system32\IPSECSVC.DLL
    2008-09-17 01:44:57 ----A---- C:\Windows\system32\inetcomm.dll
    2008-09-17 01:44:57 ----A---- C:\Windows\system32\es.dll
    2008-09-17 01:44:56 ----A---- C:\Windows\system32\wmpeffects.dll
    2008-09-17 01:44:56 ----A---- C:\Windows\system32\emdmgmt.dll
    2008-09-17 01:44:56 ----A---- C:\Windows\system32\dataclen.dll
    2008-09-17 01:44:56 ----A---- C:\Windows\system32\cdd.dll
    2008-09-17 01:42:12 ----A---- C:\Windows\system32\nvexpbar.dll
    2008-09-17 01:42:12 ----A---- C:\Windows\system32\nvcplui.exe
    2008-09-17 01:41:53 ----A---- C:\Windows\system32\NVUNINST.EXE
    2008-09-17 01:41:52 ----D---- C:\Program Files\Common Files\InstallShield
    2008-09-17 01:39:45 ----A---- C:\Windows\system32\wups2.dll
    2008-09-17 01:39:45 ----A---- C:\Windows\system32\wucltux.dll
    2008-09-17 01:39:45 ----A---- C:\Windows\system32\wuaueng.dll
    2008-09-17 01:39:45 ----A---- C:\Windows\system32\wuauclt.exe
    2008-09-17 01:39:40 ----A---- C:\Windows\system32\wups.dll
    2008-09-17 01:39:40 ----A---- C:\Windows\system32\wudriver.dll
    2008-09-17 01:39:40 ----A---- C:\Windows\system32\wuapi.dll
    2008-09-17 01:39:37 ----A---- C:\Windows\system32\wuwebv.dll
    2008-09-17 01:39:37 ----A---- C:\Windows\system32\wuapp.exe
    2008-09-17 01:38:54 ----D---- C:\Windows\system32\Macromed
    2008-09-17 01:38:54 ----D---- C:\Users\Family\AppData\Roaming\Macromedia
    2008-09-17 01:38:54 ----D---- C:\Users\Family\AppData\Roaming\Adobe
    2008-09-16 23:32:54 ----D---- C:\Users\Family\AppData\Roaming\Identities
    2008-09-16 23:32:47 ----SD---- C:\Users\Family\AppData\Roaming\Microsoft
    2008-09-16 23:32:47 ----D---- C:\Users\Family\AppData\Roaming\Media Center Programs
    2008-08-28 10:50:50 ----A---- C:\Windows\system32\soundschemes2.exe
    2008-08-15 23:22:00 ----A---- C:\Windows\system32\dpinst.exe
    2008-08-05 17:02:16 ----A---- C:\Windows\system32\DivXsm.exe
    2008-08-05 17:02:12 ----A---- C:\Windows\system32\qt-dx331.dll
    2008-08-05 17:00:00 ----A---- C:\Windows\system32\ssldivx.dll
    2008-08-05 17:00:00 ----A---- C:\Windows\system32\libdivx.dll
    2008-08-05 16:59:04 ----A---- C:\Windows\system32\dtu100.dll.manifest
    2008-08-05 16:59:04 ----A---- C:\Windows\system32\dtu100.dll
    2008-08-05 16:59:04 ----A---- C:\Windows\system32\dpl100.dll.manifest
    2008-08-05 16:59:04 ----A---- C:\Windows\system32\dpl100.dll
    2008-08-05 16:59:02 ----A---- C:\Windows\system32\dpuGUI10.dll
    2008-08-05 16:59:00 ----A---- C:\Windows\system32\dpv11.dll
    2008-08-05 16:59:00 ----A---- C:\Windows\system32\dpus11.dll
    2008-08-05 16:59:00 ----A---- C:\Windows\system32\dpuGUI11.dll
    2008-08-05 16:59:00 ----A---- C:\Windows\system32\dpu11.dll
    2008-08-05 16:59:00 ----A---- C:\Windows\system32\dpu10.dll
    2008-08-05 16:58:58 ----A---- C:\Windows\system32\divx_xx11.dll
    2008-08-05 16:58:58 ----A---- C:\Windows\system32\divx_xx0c.dll
    2008-08-05 16:58:58 ----A---- C:\Windows\system32\divx_xx0a.dll
    2008-08-05 16:58:58 ----A---- C:\Windows\system32\divx_xx07.dll
    2008-08-05 16:58:56 ----A---- C:\Windows\system32\DivX.dll
    2008-08-05 16:58:32 ----A---- C:\Windows\system32\DivXCodecVersionChecker.exe
    2008-08-05 16:58:14 ----A---- C:\Windows\system32\DivXWMPExtType.dll
    2008-08-01 11:05:34 ----A---- C:\Windows\system32\PhysXLoader.dll

    ======List of files/folders modified in the last 3 months======

    2008-10-11 09:44:18 ----D---- C:\Windows\Prefetch
    2008-10-11 09:39:47 ----D---- C:\Windows\Temp
    2008-10-11 09:39:08 ----RD---- C:\Program Files
    2008-10-11 09:39:08 ----D---- C:\Windows\System32
    2008-10-11 09:34:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2008-10-11 09:34:06 ----D---- C:\Windows\inf
    2008-10-11 09:30:49 ----D---- C:\Windows\system32\drivers
    2008-10-11 09:30:12 ----HD---- C:\ProgramData
    2008-10-10 11:06:58 ----D---- C:\Windows\system32\config
    2008-10-09 23:42:06 ----RSD---- C:\Windows\assembly
    2008-10-09 23:41:35 ----SD---- C:\ProgramData\Microsoft
    2008-10-09 17:23:23 ----D---- C:\Windows\Tasks
    2008-10-09 17:23:23 ----D---- C:\Windows\system32\Tasks
    2008-10-09 17:23:23 ----D---- C:\Windows\system32\spool
    2008-10-09 17:23:23 ----D---- C:\Windows\system32\Msdtc
    2008-10-09 17:23:23 ----D---- C:\Windows\system32\CodeIntegrity
    2008-10-09 17:23:18 ----D---- C:\Windows\system32\wbem
    2008-10-09 17:00:00 ----D---- C:\Windows\system32\LogFiles
    2008-10-09 16:35:40 ----D---- C:\Windows\rescache
    2008-10-09 15:16:45 ----D---- C:\Windows\winsxs
    2008-10-09 15:15:50 ----D---- C:\Windows\Logs
    2008-10-09 15:15:44 ----D---- C:\Program Files\Microsoft Games
    2008-10-09 15:15:41 ----D---- C:\Windows\system32\catroot2
    2008-10-09 15:15:41 ----D---- C:\Windows\system32\catroot
    2008-10-09 15:15:08 ----D---- C:\Windows
    2008-10-09 15:11:42 ----D---- C:\Windows\system32\en-US
    2008-10-09 15:09:46 ----D---- C:\Windows\registration
    2008-10-09 15:09:01 ----D---- C:\Program Files\Internet Explorer
    2008-10-09 14:33:38 ----D---- C:\Program Files\Common Files
    2008-10-05 18:05:26 ----SD---- C:\Windows\Downloaded Program Files
    2008-10-01 22:02:30 ----D---- C:\Windows\Microsoft.NET
    2008-09-28 21:27:47 ----A---- C:\Windows\win.ini
    2008-09-28 21:25:26 ----D---- C:\Windows\twain_32
    2008-09-28 14:39:07 ----D---- C:\Windows\system32\WDI
    2008-09-22 12:22:07 ----D---- C:\Windows\system32\NDF
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvvsvc.exe
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvsvc.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvmctray.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvd3dum.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvcpl.dll
    2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvapi.dll
    2008-09-17 06:59:41 ----D---- C:\Program Files\Common Files\microsoft shared
    2008-09-17 03:03:14 ----RSD---- C:\Windows\Fonts
    2008-09-17 02:33:57 ----D---- C:\Windows\AppPatch
    2008-09-17 02:33:56 ----D---- C:\Windows\PolicyDefinitions
    2008-09-17 02:30:48 ----D---- C:\Windows\Cursors
    2008-09-17 02:30:34 ----D---- C:\Program Files\Windows Mail
    2008-09-17 02:23:56 ----D---- C:\Program Files\MSBuild
    2008-09-17 02:23:49 ----D---- C:\Windows\ShellNew
    2008-09-17 02:21:58 ----D---- C:\Program Files\Common Files\System
    2008-09-17 02:00:07 ----A---- C:\Windows\system32\SmaxCo.dll
    2008-09-17 02:00:06 ----A---- C:\Windows\system32\AEADIExt.dll
    2008-09-17 02:00:06 ----A---- C:\Windows\system32\AEADIAPO.dll
    2008-09-17 01:55:34 ----D---- C:\Windows\Web
    2008-09-17 01:55:33 ----D---- C:\Windows\system32\migration
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\zh-TW
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\zh-CN
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\uk-UA
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\tr-TR
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\th-TH
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\sv-SE
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\sr-Latn-CS
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\sl-SI
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\sk-SK
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\ru-RU
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\ro-RO
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\pt-PT
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\pt-BR
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\pl-PL
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\nl-NL
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\nb-NO
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\lv-LV
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\lt-LT
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\ko-KR
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\ja-JP
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\it-IT
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\hu-HU
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\hr-HR
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\he-IL
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\fr-FR
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\fi-FI
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\et-EE
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\es-ES
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\el-GR
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\de-DE
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\da-DK
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\cs-CZ
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\bg-BG
    2008-09-17 01:48:38 ----D---- C:\Windows\system32\ar-SA
    2008-09-17 01:48:37 ----RSD---- C:\Windows\Media
    2008-09-17 01:42:12 ----D---- C:\Windows\Help
    2008-09-17 01:39:30 ----D---- C:\Windows\system32\restore
    2008-09-16 23:33:04 ----SHD---- C:\$Recycle.Bin
    2008-09-16 23:32:37 ----RD---- C:\Users
    2008-08-26 13:28:14 ----A---- C:\Windows\system32\mrt.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-20 350720]
    R1 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2008-08-25 66952]
    R1 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2008-08-25 81288]
    R1 pctfw2;pctfw2; \??\C:\Windows\System32\drivers\pctfw2.sys [2008-10-09 160792]
    R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2008-10-05 278984]
    R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2008-10-05 25416]
    R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2008-09-17 316928]
    R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-20 131584]
    R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-20 16384]
    R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-20 36864]
    R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
    R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-18 1040544]
    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-17 7379872]
    R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187.sys [2008-06-27 335872]
    R3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [2008-10-09 33088]
    R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
    S3 a9ge37hc;a9ge37hc; C:\Windows\system32\drivers\a9ge37hc.sys []
    S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
    S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
    S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
    S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
    S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
    S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-20 21504]
    R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
    R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
    R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
    R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-17 196608]
    R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
    R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-09-17 66872]
    R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
    R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-09-22 1079176]
    R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
    R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
    R3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2008-10-09 66880]
    S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-20 21504]
    S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-20 33800]
    S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-20 523776]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-17 651720]
    S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-20 21504]
    S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-20 917504]

    -----------------EOF-----------------
     
    newberrydc,
    #9
  11. 2008/10/11
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK please do this.

    AntiMalware Pro is a fraudulent application and should be removed. Did you buy this?


    Download ComboFix from Here to your Desktop.

    It's best to disable realtime protection applications as they sometimes interfere with the tool.
    Check this link for any applicable programs you may have.
    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • Vista users right click Combofix.exe and select Run As Administrator.
    • When finished, it shall produce a log for you. Post the Combofix log
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

    Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

    Thanks
    Geri
     
    Geri,
    #10
  12. 2008/10/11
    newberrydc

    newberrydc Inactive Thread Starter

    Joined:
    2008/10/09
    Messages:
    7
    Likes Received:
    0
    ComboFix 08-10-10.09 - Family 2008-10-11 13:29:23.1 - NTFSx86
    Microsoft® Windows Vistaâ„¢ Ultimate 6.0.6001.1.1252.1.1033.18.2159 [GMT -5:00]
    Running from: C:\Users\Family\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
    C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
    C:\Users\Family\AppData\Roaming\Adobe\crc.dat

    ----- BITS: Possible infected sites -----

    hxxp://78.157.143.198
    hxxp://91.203.93.6
    hxxp://78.157.143.163
    .
    ((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 )))))))))))))))))))))))))))))))
    .

    2008-10-11 09:30 . 2008-10-11 09:30 <DIR> d-------- C:\Users\Family\AppData\Roaming\Malwarebytes
    2008-10-11 09:30 . 2008-10-11 09:30 <DIR> d-------- C:\Users\All Users\Malwarebytes
    2008-10-11 09:30 . 2008-10-11 09:30 <DIR> d-------- C:\ProgramData\Malwarebytes
    2008-10-11 09:30 . 2008-10-11 09:30 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-11 09:30 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
    2008-10-11 09:30 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
    2008-10-10 15:59 . 2008-10-10 15:59 <DIR> d-------- C:\Program Files\Sony
    2008-10-10 15:59 . 2008-10-10 15:59 <DIR> d-------- C:\Program Files\Flying Lab Software
    2008-10-09 23:38 . 2008-10-09 23:38 <DIR> d-------- C:\Program Files\Global Star
    2008-10-09 15:23 . 2008-10-09 15:43 <DIR> d-------- C:\rsit
    2008-10-09 15:23 . 2008-10-11 09:44 <DIR> d-------- C:\Program Files\trend micro
    2008-10-09 15:15 . 2008-07-12 08:18 3,851,784 --a------ C:\Windows\System32\D3DX9_39.dll
    2008-10-09 15:14 . 2008-10-09 15:36 <DIR> d-------- C:\Windows\nvtmpinst
    2008-10-09 15:11 . 2008-08-17 05:33 678,408 --a------ C:\Windows\System32\gpprefcl.dll
    2008-10-09 14:43 . 2008-10-09 14:44 <DIR> d-------- C:\Users\All Users\PC Tools
    2008-10-09 14:43 . 2008-10-09 14:44 <DIR> d-------- C:\ProgramData\PC Tools
    2008-10-09 14:42 . 2008-10-09 14:36 160,792 --a------ C:\Windows\System32\drivers\pctfw2.sys
    2008-10-09 14:37 . 2008-10-09 14:37 51,520 --a------ C:\Windows\System32\drivers\TfFsMon.sys
    2008-10-09 14:37 . 2008-10-09 14:37 38,208 --a------ C:\Windows\System32\drivers\TfSysMon.sys
    2008-10-09 14:37 . 2008-10-09 14:37 33,088 --a------ C:\Windows\System32\drivers\TfNetMon.sys
    2008-10-09 14:37 . 2008-10-09 14:37 12,608 --a------ C:\Windows\System32\drivers\TfKbMon.sys
    2008-10-09 14:33 . 2008-10-09 14:42 <DIR> d-------- C:\Program Files\Common Files\PC Tools
    2008-10-09 14:32 . 2008-10-09 14:32 <DIR> d-------- C:\Users\Family\AppData\Roaming\PC Tools
    2008-10-09 14:32 . 2008-08-25 11:36 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
    2008-10-09 14:32 . 2008-08-25 11:36 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
    2008-10-09 14:32 . 2008-08-25 11:36 40,840 --a------ C:\Windows\System32\drivers\ikfilesec.sys
    2008-10-09 14:32 . 2008-06-02 15:19 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
    2008-10-09 14:26 . 2004-08-04 07:00 506,368 --a------ C:\Windows\System32\msxml.dll
    2008-10-09 14:26 . 2008-10-09 14:26 124 --a------ C:\Users\Family\871.bat
    2008-10-09 13:20 . 2008-10-11 09:44 <DIR> d-------- C:\Program Files\Spyware Doctor
    2008-10-09 12:50 . 2008-10-09 12:50 <DIR> d-------- C:\Program Files\Enigma Software Group
    2008-10-09 12:13 . 2008-10-09 12:17 <DIR> d-------- C:\Program Files\AntiMalware Pro
    2008-10-09 11:15 . 2008-10-09 11:31 <DIR> d-------- C:\temp\Acrobat Distiller 9
    2008-10-09 11:15 . 2008-10-09 11:15 <DIR> d-------- C:\temp
    2008-10-09 11:11 . 2008-10-09 11:11 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
    2008-10-09 11:11 . 2008-10-09 11:11 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
    2008-10-09 11:11 . 2008-10-09 11:11 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
    2008-10-09 11:11 . 2008-10-09 11:11 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
    2008-10-09 10:51 . 2008-10-09 10:52 <DIR> d-------- C:\Users\All Users\Lavasoft
    2008-10-09 10:51 . 2008-10-09 10:52 <DIR> d-------- C:\ProgramData\Lavasoft
    2008-10-09 10:51 . 2008-10-09 10:51 <DIR> d-------- C:\Program Files\Lavasoft
    2008-10-09 10:37 . 2008-10-11 13:35 <DIR> d-a------ C:\Users\All Users\TEMP
    2008-10-09 10:37 . 2008-10-11 13:35 <DIR> d-a------ C:\ProgramData\TEMP
    2008-10-06 15:20 . 2008-10-06 15:20 <DIR> d-------- C:\Program Files\Microsoft Silverlight
    2008-10-06 11:41 . 2008-10-06 11:41 <DIR> d-------- C:\Users\Family\AppData\Roaming\Microsoft Games
    2008-10-06 08:41 . 2008-10-06 08:41 <DIR> d-------- C:\Users\Family\AppData\Roaming\Games
    2008-10-05 18:16 . 2008-10-05 18:16 <DIR> d-------- C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP
    2008-10-05 18:16 . 2008-10-05 18:16 <DIR> d-------- C:\Users\All Users\InstallShield
    2008-10-05 18:16 . 2008-10-05 18:16 <DIR> d-------- C:\ProgramData\InstallShield
    2008-10-05 18:16 . 2008-10-05 18:16 278,984 --a------ C:\Windows\System32\drivers\atksgt.sys
    2008-10-05 18:16 . 2008-10-05 18:16 25,416 --a------ C:\Windows\System32\drivers\lirsgt.sys
    2008-10-05 13:58 . 2008-10-09 14:42 <DIR> d-------- C:\Program Files\Curse
    2008-10-01 21:37 . 2008-10-01 21:37 <DIR> d-------- C:\Program Files\Sega
    2008-10-01 21:36 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
    2008-09-30 23:05 . 2008-09-30 23:46 <DIR> d-------- C:\Program Files\EA GAMES
    2008-09-30 23:05 . 2004-08-17 20:34 442,368 -ra------ C:\Windows\System32\vp6vfw.dll
    2008-09-29 13:16 . 2008-09-29 13:18 <DIR> d-------- C:\Users\Family\AppData\Roaming\Ventrilo
    2008-09-29 13:15 . 2008-09-29 13:15 <DIR> d-------- C:\Program Files\Ventrilo
    2008-09-28 21:30 . 2008-09-28 21:30 <DIR> d-------- C:\Users\All Users\WEBREG
    2008-09-28 21:30 . 2008-09-28 21:30 <DIR> d-------- C:\ProgramData\WEBREG
    2008-09-28 21:27 . 2008-10-07 10:02 <DIR> d-------- C:\Users\Family\AppData\Roaming\HP
    2008-09-28 21:27 . 2008-09-28 21:27 <DIR> d-------- C:\Users\All Users\HPSSUPPLY
    2008-09-28 21:27 . 2008-09-28 21:27 <DIR> d-------- C:\ProgramData\HPSSUPPLY
    2008-09-28 21:25 . 2008-09-28 21:25 <DIR> d-------- C:\Program Files\Hewlett-Packard
    2008-09-28 21:25 . 2008-09-28 21:27 <DIR> d-------- C:\Program Files\Common Files\HP
    2008-09-28 21:25 . 2008-09-28 21:25 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
    2008-09-28 21:19 . 2008-09-28 21:27 <DIR> d-------- C:\Program Files\HP
    2008-09-28 21:18 . 2008-09-28 21:30 148,932 --a------ C:\Windows\hpoins19.dat
    2008-09-28 21:10 . 2008-09-28 21:37 <DIR> d-------- C:\Users\All Users\HP
    2008-09-28 21:10 . 2008-09-28 21:37 <DIR> d-------- C:\ProgramData\HP
    2008-09-28 21:10 . 2006-12-16 01:19 675,840 --a------ C:\Windows\System32\hpowiav1.dll
    2008-09-28 21:10 . 2006-12-16 01:19 573,440 --a------ C:\Windows\System32\hpotscl1.dll
    2008-09-28 21:10 . 2006-12-16 01:19 303,104 --a------ C:\Windows\System32\hpovst01.dll
    2008-09-28 21:10 . 2006-11-20 16:36 258,048 --a------ C:\Windows\System32\hpzids01.dll
    2008-09-28 21:10 . 2007-03-13 14:52 26,952 --a------ C:\Windows\hpomdl19.dat
    2008-09-28 10:42 . 2008-09-28 10:45 <DIR> d-------- C:\Users\Family\AppData\Roaming\SPORE
    2008-09-25 19:09 . 2008-10-04 09:47 <DIR> d-------- C:\Users\Family\AppData\Roaming\skypePM
    2008-09-25 19:09 . 2008-09-25 19:09 56 --ah----- C:\Windows\System32\ezsidmv.dat
    2008-09-25 19:08 . 2008-10-08 14:43 <DIR> d-------- C:\Users\Family\AppData\Roaming\Skype
    2008-09-25 11:13 . 2008-09-25 11:13 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-09-25 10:31 . 2008-09-25 10:31 <DIR> d-------- C:\Users\All Users\Skype
    2008-09-25 10:31 . 2008-09-25 10:31 <DIR> d-------- C:\ProgramData\Skype
    2008-09-25 10:31 . 2008-09-25 10:31 <DIR> d-------- C:\Program Files\Skype
    2008-09-25 10:31 . 2008-09-25 10:31 <DIR> d-------- C:\Program Files\Common Files\Skype
    2008-09-24 22:19 . 2008-09-28 14:43 296,554,339 --a------ C:\Windows\MEMORY.DMP
    2008-09-23 12:08 . 2008-09-23 12:08 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
    2008-09-21 11:48 . 2008-09-21 11:48 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2008-09-21 11:45 . 2008-10-04 19:00 <DIR> d-------- C:\Program Files\The Witcher Demo
    2008-09-18 16:55 . 2008-09-18 16:55 <DIR> d-------- C:\Users\All Users\FLEXnet
    2008-09-18 16:55 . 2008-09-18 16:55 <DIR> d-------- C:\ProgramData\FLEXnet
    2008-09-17 19:26 . 2008-09-18 17:40 <DIR> d-------- C:\Users\Family\AppData\Roaming\IGN_DLM
    2008-09-17 18:04 . 2008-09-18 16:27 <DIR> d-------- C:\Windows\System32\Adobe
    2008-09-17 14:25 . 2008-09-17 14:25 <DIR> d-------- C:\Users\Family\AppData\Roaming\DivX
    2008-09-17 14:24 . 2008-10-08 17:36 <DIR> d-------- C:\Music
    2008-09-17 08:40 . 2008-09-17 13:14 <DIR> d-------- C:\Users\Family\AppData\Roaming\Mount&Blade
    2008-09-17 08:34 . 2008-09-17 14:20 <DIR> d-------- C:\Program Files\Mount&Blade
    2008-09-17 07:15 . 2008-09-17 07:15 <DIR> dr-h----- C:\Users\Family\AppData\Roaming\SecuROM
    2008-09-17 07:15 . 2008-09-17 07:15 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
    2008-09-17 07:12 . 2008-09-17 07:12 <DIR> d-------- C:\Program Files\GameSpy
    2008-09-17 07:11 . 2008-09-17 07:11 <DIR> d-------- C:\Windows\System32\URTTEMP
    2008-09-17 07:10 . 2008-09-17 07:10 22,328 --a------ C:\Users\Family\AppData\Roaming\PnkBstrK.sys
    2008-09-17 07:09 . 2008-10-01 21:42 <DIR> d-------- C:\Users\All Users\Media Center Programs
    2008-09-17 07:09 . 2008-10-01 21:42 <DIR> d-------- C:\ProgramData\Media Center Programs
    2008-09-17 07:00 . 2008-09-28 10:06 <DIR> d-------- C:\Program Files\Electronic Arts
    2008-09-17 05:04 . 2008-09-17 05:04 0 --a------ C:\Windows\nsreg.dat
    2008-09-17 04:57 . 2008-09-17 04:57 <DIR> d-------- C:\Program Files\Download Manager
    2008-09-17 04:36 . 2008-09-17 04:40 <DIR> d-------- C:\Program Files\Legend - Hand of God
    2008-09-17 04:25 . 2008-09-17 04:25 <DIR> d-------- C:\NVIDIA
    2008-09-17 04:24 . 2008-09-17 03:28 <DIR> d-------- C:\Windows\Panther
    2008-09-17 04:24 . 2008-09-17 04:24 <DIR> d--hs---- C:\Boot
    2008-09-17 04:24 . 2008-01-20 21:22 333,203 -rahs---- C:\bootmgr
    2008-09-17 04:24 . 2008-09-17 04:24 8,192 -ra-s---- C:\BOOTSECT.BAK
    2008-09-17 03:52 . 2008-10-07 04:05 <DIR> d-------- C:\Users\Family\AppData\Roaming\FrostWire
    2008-09-17 03:51 . 2008-09-17 04:38 <DIR> d-------- C:\Program Files\Java
    2008-09-17 03:51 . 2008-09-17 03:51 <DIR> d-------- C:\Program Files\Common Files\Java
    2008-09-17 03:50 . 2008-09-17 03:52 <DIR> d-------- C:\Program Files\FrostWire
    2008-09-17 03:42 . 2008-10-11 13:29 <DIR> d-------- C:\Users\Family\AppData\Roaming\DNA
    2008-09-17 03:42 . 2008-10-11 13:23 <DIR> d-------- C:\Users\Family\AppData\Roaming\BitTorrent
    2008-09-17 03:42 . 2008-09-17 03:42 <DIR> d-------- C:\Program Files\DNA
    2008-09-17 03:42 . 2008-09-17 03:42 <DIR> d-------- C:\Program Files\BitTorrent
    2008-09-17 03:30 . 2008-09-17 03:19 <DIR> d-------- C:\Windows\Debug
    2008-09-17 03:30 . 2008-09-17 03:30 <DIR> d-------- C:\Program Files\Disney
    2008-09-17 03:07 . 2008-09-17 03:07 <DIR> d-------- C:\Windows\System32\AGEIA
    2008-09-17 03:07 . 2008-10-09 10:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-09-17 03:07 . 2008-09-17 03:07 <DIR> d-------- C:\Program Files\AGEIA Technologies

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-09 20:15 --------- d-----w C:\Program Files\Microsoft Games
    2008-10-02 15:49 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
    2008-10-02 15:49 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
    2008-09-17 12:10 669,184 ----a-w C:\Windows\System32\pbsvc.exe
    2008-09-17 12:10 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
    2008-09-17 07:30 --------- d-----w C:\Program Files\Windows Mail
    2008-09-17 07:23 --------- d-----w C:\Program Files\MSBuild
    2008-09-17 07:00 593,920 ----a-w C:\Windows\System32\AEADIExt.dll
    2008-09-17 07:00 316,928 ----a-w C:\Windows\system32\drivers\ADIHdAud.sys
    2008-09-17 07:00 30,208 ----a-w C:\Windows\System32\SmaxCo.dll
    2008-09-17 07:00 126,768 ----a-w C:\Windows\System32\AEADIAPO.dll
    2008-08-28 15:50 30,720 ----a-w C:\Windows\System32\soundschemes2.exe
    2008-08-16 04:22 795,104 ----a-w C:\Windows\System32\dpinst.exe
    2008-08-05 22:02 524,288 ----a-w C:\Windows\System32\DivXsm.exe
    2008-08-05 22:02 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
    2008-08-05 22:00 200,704 ----a-w C:\Windows\System32\ssldivx.dll
    2008-08-05 22:00 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
    2008-08-05 21:59 81,920 ----a-w C:\Windows\System32\dpl100.dll
    2008-08-05 21:59 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
    2008-08-05 21:59 57,344 ----a-w C:\Windows\System32\dpv11.dll
    2008-08-05 21:59 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
    2008-08-05 21:59 344,064 ----a-w C:\Windows\System32\dpus11.dll
    2008-08-05 21:59 294,912 ----a-w C:\Windows\System32\dpu11.dll
    2008-08-05 21:59 294,912 ----a-w C:\Windows\System32\dpu10.dll
    2008-08-05 21:59 196,608 ----a-w C:\Windows\System32\dtu100.dll
    2008-08-05 21:58 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
    2008-08-05 21:58 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
    2008-08-05 21:58 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
    2008-08-05 21:58 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
    2008-08-05 21:58 683,520 ----a-w C:\Windows\System32\DivX.dll
    2008-08-05 21:58 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
    2008-08-05 21:58 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
    2008-08-01 16:05 70,936 ----a-w C:\Windows\System32\PhysXLoader.dll
    2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-01-21 02:41 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
    "BitTorrent DNA "= "C:\Program Files\DNA\btdna.exe" [2008-09-17 289088]
    "igndlm.exe "= "C:\Program Files\Download Manager\DLM.exe" [2008-08-01 1103216]
    "BitTorrent "= "C:\Program Files\BitTorrent\bittorrent.exe" [2008-09-26 634672]
    "RegistryMechanic "= "C:\Program Files\Registry Mechanic\rmtray.exe" [2008-07-03 812952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVRaidService "= "C:\Windows\system32\nvraidservice.exe" [2006-12-11 184616]
    "SoundMAXPnP "= "C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2008-09-17 868352]
    "GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "NBKeyScan "= "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
    "Adobe Acrobat Speed Launcher "= "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0 "= "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
    "ISTray "= "C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
    "NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [2008-09-17 13580832]
    "NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [2008-09-17 92704]

    C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA "= 0 (0x0)
    "EnableUIADesktopToggle "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=acaptuser32.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{0A8E56D1-DADF-45AD-B39F-E081E67099A7} "= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{15AEF9CA-ADFF-4C19-BD79-5A7821C8E8ED} "= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{C9DB68BC-829C-4365-A0AC-BA13C7071BBE} "= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{625B0994-679B-4D32-B354-5417F80C8E9D} "= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{023433D4-9FD9-49E9-B1EF-03CACAB7C28E} "= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{F9E683BF-22FE-4D0E-8916-D2A8651B2BA7} "= UDP:C:\Program Files\DNA\btdna.exe:DNA
    "{84D013A8-AE25-4675-A59D-2AFB266BC638} "= TCP:C:\Program Files\DNA\btdna.exe:DNA
    "{D8ABF168-5FC2-48CB-B857-E0472062A6DE} "= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
    "{EE8CF7E9-D84A-4D68-95DB-1252105B8D31} "= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
    "{370A62B3-128D-4AAC-B296-C8CF043E1582} "= UDP:C:\Program Files\DNA\btdna.exe:DNA
    "{5BB8D266-B556-4B5C-A075-59FDC0443F22} "= TCP:C:\Program Files\DNA\btdna.exe:DNA
    "{974F3A5C-EB97-4B67-83DE-3AED4365AF8A} "= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
    "{8A853CA7-84BE-42AC-9083-68851A490582} "= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
    "{651DADA6-D220-4787-8604-597CA261A73D} "= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
    "{196871F8-974D-4B68-B145-A7C2E0EFB483} "= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
    "{3E82CFB3-7BDF-4752-93E0-89E8E6E44158} "= UDP:C:\Windows\System32\PnkBstrA.exe:pnkBstrA
    "{0D0FB3C8-BCFA-4AC6-A1BA-BEBCB002A1AB} "= TCP:C:\Windows\System32\PnkBstrA.exe:pnkBstrA
    "{4ABFCF6C-62D7-4E41-9D7D-EA995FF87226} "= UDP:C:\Windows\System32\PnkBstrB.exe:pnkBstrB
    "{3CB6A2F6-E3C0-482C-90EE-9C7D04A9856D} "= TCP:C:\Windows\System32\PnkBstrB.exe:pnkBstrB
    "TCP Query User{292A16CB-EC6A-4E8E-8524-9CC9D76FB4A1}C:\\program files\\bittorrent\\bittorrent.exe "= UDP:C:\program files\bittorrent\bittorrent.exe:µTorrent
    "UDP Query User{966427E9-DC40-446B-84D5-B5B42325B9E8}C:\\program files\\bittorrent\\bittorrent.exe "= TCP:C:\program files\bittorrent\bittorrent.exe:µTorrent
    "{CE49682E-D727-4BDF-A77A-AEDDD4C05732} "= C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{A2CFC948-2E2B-448E-A748-67CFC1B14476} "= UDP:C:\Program Files\Sega\Gas Powered Games\Space Siege\SpaceSiege.exe:Space Siege
    "{676916C5-734A-4CC0-9392-538E30604ECC} "= TCP:C:\Program Files\Sega\Gas Powered Games\Space Siege\SpaceSiege.exe:Space Siege
    "{2C7AA600-6585-41A4-9105-34D30BDE8387} "= UDP:C:\Program Files\Sega\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet
    "{9551764D-6DE5-48D7-8A66-63997D7AE81A} "= TCP:C:\Program Files\Sega\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet
    "{47169F91-C148-4337-A810-D20399B500BD} "= UDP:C:\Program Files\FrostWire\FrostWire.exe:FrostWire
    "{086F7CF0-CD55-4D8F-9755-9247C69A391F} "= TCP:C:\Program Files\FrostWire\FrostWire.exe:FrostWire
    "{F570ABFA-0B8B-4EE9-8879-402F208D0817} "= UDP:C:\Program Files\Curse\CurseClient.exe:Curse Client
    "{23D2D65A-65D4-413D-9CCC-03590603C5E0} "= TCP:C:\Program Files\Curse\CurseClient.exe:Curse Client

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe "= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R0 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\DRIVERS\nvrd32.sys [2007-08-09 131616]
    R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys [2008-10-09 51520]
    R0 TfSysMon;TfSysMon;C:\Windows\system32\drivers\TfSysMon.sys [2008-10-09 38208]
    R1 pctfw2;pctfw2;C:\Windows\System32\drivers\pctfw2.sys [2008-10-09 160792]
    R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2008-06-27 335872]
    R3 TfNetMon;TfNetMon;C:\Windows\system32\drivers\TfNetMon.sys [2008-10-09 33088]
    R3 ThreatFire;ThreatFire;C:\Program Files\Spyware Doctor\TFEngine\TFService.exe service [ ]
    S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
    S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{918d7137-8487-11dd-a6d8-001d606f5402}]
    \shell\AutoRun\command - F:\autorun.exe

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
    %SystemRoot%\system32\soundschemes.exe /AddRegistration

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
    %SystemRoot%\system32\soundschemes2.exe /AddRegistration
    .
    Contents of the 'Scheduled Tasks' folder

    2008-10-11 C:\Windows\Tasks\User_Feed_Synchronization-{7371D8D1-5B8C-4059-8376-2C38655594C2}.job
    - C:\Windows\system32\msfeedssync.exe [2008-01-20 21:23]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{00AA97B1-A3C3-4DA5-89BC-BEE764C2E263} - (no file)
    Toolbar-{C741C3AB-8689-4B5E-AE8A-B4A1C212C456} - (no file)
    ShellExecuteHooks-{2AABD0C3-1B64-4DE0-AE17-BBBE806197F2} - (no file)


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
    O8 -: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 -: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 -: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 -: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-11 13:35:54
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    AppInit_DLLs = acaptuser32.dll???

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-10-11 13:37:38
    ComboFix-quarantined-files.txt 2008-10-11 18:37:34

    Pre-Run: 1,167,345,123,328 bytes free
    Post-Run: 1,167,230,611,456 bytes free

    307 --- E O F --- 2008-10-09 20:15:53
     
    newberrydc,
    #11
  13. 2008/10/11
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK please do this.

    Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    Click here to see how to use CFScript.txt
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    Code:
    File::
C:\Windows\System32\ezsidmv.dat

Folder::
C:\Program Files\AntiMalware Pro
    Please post the CF log.

    Thanks
    Geri
     
    Geri,
    #12

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...