-
Linabbs's blog- ZA采用升級安裝或者導入舊版ZA的配置文件到新版導致程序列表假死的Bug。
- 裝了ZA,如何使你的開機速度快點
- 如何設置查看局域網內被設入internet區機器的共享資源
- ZA也可以做到低資源占用!
- 關于za for vista(在VISTA下用ZA的人過來看看)
- CheckPoint Integrity Desktop v6.5.063.207 KeyGen
- 戰術攻防之近距離搏擊篇(ARP)攻擊
- 還在使用老版ZA的朋友們注意:ZoneAlarm防火墻產品有多個本地權限提升存在漏洞
- Knowledge Base / KB Extended (KE) 內容列表及說明
- 關于《利用ZA專家規則,允許/禁止端口》的一點補充和說明
Jan
6
Some Direction Please
Filed Under Virus |
Hello all.
Firstly i wish i had of found this forum earlier. Whilst having a few years of computer experience I find myself lacking in finding reason why my search engine is sending me on wild goose chases, incorrect site direction, Ibelieve this problem is caused by a Trojan virus. If there is someone out therethat can look over my log and info files and point me in the right direction that would be well appreciated.
Info files Below Log files next post
Thanks to all
Jo
info.txt logfile of random’s system information tool 1.05 2009-01-06 09:25:39
======Uninstall list======
–>C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
–>C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
–>C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
–>MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
–>MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
–>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal–>C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Bridge 1.0–>MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer–>MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX–>C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0–>MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2–>msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 6.0.1–>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Reader Korean Fonts–>MsiExec.exe /I{AC76BA86-7AD7-5676-5A64-7E8A45000001}
Adobe Stock Photos 1.0–>MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Athlon 64 Processor Driver–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0×9
ATI Control Panel–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver–>rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0×2010001 -inf_classISPLAY -clean
AVG Free 8.0–>C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Brother MFL-Pro Suite–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,Launch Setup "C:\Program Files\InstallShield Installation Information\{40A6C96D-808E-41DD-8716-617AB6B0F1F1}\Setup.exe" -l0×9 Brunin03.dllBrunin03.dll
Canon Camera Window for ZoomBrowser EX–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}
Canon EOS Kiss REBEL 300D WIA Driver–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{31A57C3E-30DD-421F-B5C7-974DACB0D05F}
Canon iP3500 series–>"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3500_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3500_series /L0×0009
Canon MP Drivers 7.0–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D335AC77-6F59-46D6-9082-F74A9F7E0FC3}\Setup.exe" -l0×9 -Uninstall
Canon My Printer–>C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon PhotoRecord–>MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}
Canon RAW Image Task for ZoomBrowser EX–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}
Canon RemoteCapture Task for ZoomBrowser EX–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2236B741-6631-49AE-B76E-3E14CA01CC87}
Canon ScanGear Starter–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\setup.exe" -l0×9 anything
Canon Utilities Easy-PhotoPrint EX–>C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities File Viewer Utility 1.3–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}
Canon Utilities PhotoStitch 3.1–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F11A403B-0DE9-4953-B790-7A2F014FBB2B}
Canon Utilities RemoteCapture 2.7–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}
Canon Utilities Solution Menu–>C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Canon Utilities ZoomBrowser EX–>MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CCScore–>MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
ClickArt 400,000–>MsiExec.exe /I{F3368DE6-F3F0-4D83-BED9-5A9A57AD012E}
Conexant AC-Link Audio–>CIAunwdm.exe
Corel SVG Viewer–>MsiExec.exe /X{E32D1370-414D-45CC-950A-7320BA6022C5}
CorelDRAW Graphics Suite 12–>MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}
Easy Internet Sign-up–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
ESSBrwr–>MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK–>MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore–>MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui–>MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini–>MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD–>MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock–>MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC–>MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS–>MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt–>MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
fflink–>MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
Form Fill (Windows Live Toolbar)–>MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
Generic color icon driver–>C:\WINDOWS\temp\fixustor\remove.exe
Google Toolbar for Internet Explorer–>MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer–>regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GSP 100,000 Clipart Vol.1–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8B48454D-DC0E-4AA6-9629-8B628519243D}
HijackThis 2.0.2–>"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)–>"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Help and Support–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0×9
HP Pavillion zv6000 User Guides–>C:\PROGRA~1\HPQ\UNWISE.EXE C:\PROGRA~1\HPQ\INSTALL.LOG
HP Wireless Assistant–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,Launch Setup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0×9
InCD (Ahead Software)–>C:\WINDOWS\NuNInst.exe /UNINSTALL
InterVideo WinDVD–>"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
kgcbaby–>MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase–>MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday–>MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn–>MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt–>MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids–>MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove–>MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday–>MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
KnockOut 2–>C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\Corel\KnockOut 2\UninstKO.isu"
Kodak EasyShare software–>C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_10d3ec\Setup.exe /APR-REMOVE
KPT(R) Collection–>C:\WINDOWS\IsUninst.exe -f"c:\KPT Collection\KPT Collection.isu"
LiveUpdate 3.1 (Symantec Corporation)–>"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)–>MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Map Button (Windows Live Toolbar)–>MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)–>"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninst all.msp"
Microsoft .NET Framework 1.1–>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1–>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs–>"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.ex e"
Microsoft Money 2005–>C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft National Language Support Downlevel APIs–>"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst. exe"
Microsoft Office Professional Edition 2003–>MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003–>MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C 2005 Redistributable–>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52–>RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4×86.inf,WebPostUninstall
Microsoft Works–>MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSXML 4.0 SP2 (KB927978)–>MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)–>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)–>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 3.5 - SE–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,Launch Setup "C:\Program Files\InstallShield Installation Information\{37E31FCE-A048-4D8C-B167-31891BCF6585}\setup.exe" -l0×9
Nero–>MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
netbrdg–>MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
OfotoXMI–>MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OneCare Advisor (Windows Live Toolbar)–>MsiExec.exe /X{DF821FC5-C198-452B-A0D4-82433EFEAE9B}
PaperPort–>MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PCI 1620 Cardbus Controller and Software–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{97355297-21C8-40CD-96D3-48E58037A9B8} /l1033
PIXMA Extended Survey Program–>C:\Program Files\Canon\IJPLM\SETUP.EXE -R
Popup Blocker (Windows Live Toolbar)–>MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
Quick Launch Buttons 5.10 A2–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,Launch Setup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0×9 -uninst
QuickTime–>MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Security Update for CAPICOM (KB931906)–>MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)–>MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)–>"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)–>"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)–>"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)–>"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)–>"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)–>"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)–>"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)–>"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)–>"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)–>"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)–>"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)–>"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)–>"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)–>"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)–>"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)–>"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)–>"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)–>"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)–>"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)–>"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)–>"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)–>"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)–>"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)–>"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)–>"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)–>"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)–>"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)–>"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)–>"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)–>"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)–>"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)–>"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)–>"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)–>"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)–>"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SFR–>MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA–>MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001–>MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK–>MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Smart Menus (Windows Live Toolbar)–>MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SoftV90 Data Fax Modem with SmartCP–>C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C\HXFSETUP.EX E -U -Icpl30855.inf
Sonic RecordNow!–>MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager–>MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spybot - Search & Destroy–>"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
staticcr–>MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Synaptics Pointing Device Driver–>rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tabbed Browsing (Windows Live Toolbar)–>MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}
Tablet–>C:\Program Files\Tablet\Remove.exe /u
Texas Instruments PCIxx21/x515 drivers.–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D71AC256-FA83-45EA-9F14-1B20BB5105C9} /l1033
tooltips–>MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Update for Windows XP (KB951072-v2)–>"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)–>"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)–>"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
UserGuides–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{02E22217-0E96-4C3F-B831-83AA942B7715}\setup.exe" -l0×9
VPRINTOL–>MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Desktop Search –>"C:\WINDOWS\$NtUninstallKB911993-V2$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar–>MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Messenger–>MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Outlook Toolbar (Windows Live Toolbar)–>MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}
Windows Live Sign-in Assistant–>MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar Extension (Windows Live Toolbar)–>MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar)–>MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Live Toolbar–>"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar–>MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows XP Service Pack 3–>"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WIRELESS–>MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
======Security center information======
AV: AVG Anti-Virus Free
System event log
Computer Name: YOUR-4105E587B6
Event Code: 19
Message: Installation Successful: Windows successfully installed the following update: Security Update for Microsoft Office 2003 (KB953404)
Record Number: 24274
Source Name: Windows Update Agent
Time Written: 20080911163207.000000 600
Event Type: information
User:
Computer Name: YOUR-4105E587B6
Event Code: 19
Message: Installation Successful: Windows successfully installed the following update: Update for Outlook 2003 Junk E-mail Filter (KB956077)
Record Number: 24273
Source Name: Windows Update Agent
Time Written: 20080911163114.000000 600
Event Type: information
User:
Computer Name: YOUR-4105E587B6
Event Code: 7036
Message: The Office Source Engine service entered the running state.
Record Number: 24272
Source Name: Service Control Manager
Time Written: 20080911163048.000000 600
Event Type: information
User:
Computer Name: YOUR-4105E587B6
Event Code: 7035
Message: The Office Source Engine service was successfully sent a start control.
Record Number: 24271
Source Name: Service Control Manager
Time Written: 20080911163048.000000 600
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: YOUR-4105E587B6
Event Code: 7036
Message: The Windows Installer service entered the running state.
Record Number: 24270
Source Name: Service Control Manager
Time Written: 20080911163034.000000 600
Event Type: information
User:
Application event log
Computer Name: YOUR-4105E587B6
Event Code: 101
Message: Information Level: success
Automatic LiveUpdate has terminated.
Record Number: 11136
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20080707094903.000000 600
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: YOUR-4105E587B6
Event Code: 101
Message: Information Level: success
Scheduler launched Automatic LiveUpdate.
Record Number: 11135
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20080707094901.000000 600
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: YOUR-4105E587B6
Event Code: 101
Message: Information Level: success
The next run has been scheduled to occur at approximately 9:48 AM.
Record Number: 11134
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20080707094004.000000 600
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: YOUR-4105E587B6
Event Code: 101
Message: Information Level: warning
Automatic LiveUpdate produced an unexpected exit code: -1073741502; advancing schedule…
Record Number: 11133
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20080707094004.000000 600
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: YOUR-4105E587B6
Event Code: 101
Message: Information Level: success
Automatic LiveUpdate has terminated.
Record Number: 11132
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20080707094004.000000 600
Event Type: information
User: NT AUTHORITY\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Corel\Corel SVG Viewer\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Pr ogram Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=2f00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip
—————–EOF—————–
Log File
Log File below.
Thanks again to all
Jo
Logfile of random’s system information tool 1.05 (written by random/random)
Run by User at 2009-01-06 09:25:10
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 51 GB (67%) free of 76 GB
Total RAM: 1022 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:35 AM, on 6/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\umonit.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\trend micro\User.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.americangreetings.com/cnp….pd?source=hpn
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KPT(R)6] C:\KPTCOL~1\Register\REGIST~1.EXE /title="KPT(R)" /date=012009 serial=KC07CCD-0014272-DJA
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [KnockOut8] C:\PROGRA~1\KNOCKO~1\Register\REGIST~1.EXE /title="KnockOut" /date=012009 serial=KO20CCD-2324500-FGF
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?77314e0640e04fb68e29b346c7d22c86
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?77314e0640e04fb68e29b346c7d22c86
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
–
End of file - 11550 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 54248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{2F85D76C-0569-466F-A488-493E6BD0E955}]
dsWebAllowBHO Class - C:\Program Files\Windows Desktop Search\dsWebAllow.dll [2006-03-26 265432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-12 455960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-12 2055960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-10-18 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-07 737776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-10-18 2403392]
{90222687-F593-4738-B738-FBEE9C7B26DF}
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-12 2055960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UMonit"=C:\WINDOWS\system32\umonit.exe [2004-01-06 53248]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-11-05 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-11-05 688218]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0\bin\jusched.exe [2003-05-11 36972]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"SetDefPrt"=C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe [2004-05-25 49152]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-04-14 57393]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"KPT(R)6"=C:\KPTCOL~1\Register\REGIST~1.EXE [2003-02-18 327680]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-04-14 40960]
"hpWirelessAssistant"=C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe [2004-12-09 790528]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-12-04 290816]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2004-11-06 233534]
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2004-07-20 851968]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-12-22 344064]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
"KnockOut8"=C:\PROGRA~1\KNOCKO~1\Register\REGIST~1.EXE [2003-02-18 327680]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-15 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-04 1603152]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-01 1261336]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-22 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-12-22 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 233472]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explor er]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
======List of files/folders created in the last 3 months======
2009-01-06 09:25:10 —-D—- C:\rsit
2009-01-06 09:25:10 —-D—- C:\Program Files\trend micro
2009-01-05 10:01:07 —-HDC—- C:\WINDOWS\$NtUninstallKB951978$
2009-01-05 10:00:51 —-HDC—- C:\WINDOWS\$NtUninstallKB954459$
2008-12-19 13:28:58 —-SHD—- C:\Config.Msi
2008-12-19 12:18:53 —-D—- C:\WINDOWS\Prefetch
2008-12-19 12:13:19 —-HDC—- C:\WINDOWS\$NtUninstallKB958644$
2008-12-19 12:13:11 —-HDC—- C:\WINDOWS\$NtUninstallKB957097$
2008-12-19 12:12:57 —-HDC—- C:\WINDOWS\$NtUninstallKB957095$
2008-12-19 12:12:29 —-HDC—- C:\WINDOWS\$NtUninstallKB956841$
2008-12-19 12:12:17 —-HDC—- C:\WINDOWS\$NtUninstallKB956803$
2008-12-19 12:11:58 —-HDC—- C:\WINDOWS\$NtUninstallKB956802$
2008-12-19 12:11:27 —-HDC—- C:\WINDOWS\$NtUninstallKB955069$
2008-12-19 12:11:05 —-HDC—- C:\WINDOWS\$NtUninstallKB954600$
2008-12-19 12:10:43 —-HDC—- C:\WINDOWS\$NtUninstallKB954211$
2008-12-19 12:10:18 —-HDC—- C:\WINDOWS\$NtUninstallKB952954$
2008-12-19 12:09:57 —-HDC—- C:\WINDOWS\$NtUninstallKB952287$
2008-12-19 12:09:47 —-HDC—- C:\WINDOWS\$NtUninstallKB951748$
2008-12-19 12:09:36 —-HDC—- C:\WINDOWS\$NtUninstallKB951698$
2008-12-19 12:09:25 —-HDC—- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-19 12:09:09 —-HDC—- C:\WINDOWS\$NtUninstallKB951376$
2008-12-19 12:08:59 —-HDC—- C:\WINDOWS\$NtUninstallKB951066$
2008-12-19 12:08:49 —-HDC—- C:\WINDOWS\$NtUninstallKB950974$
2008-12-19 12:08:38 —-HDC—- C:\WINDOWS\$NtUninstallKB950762$
2008-12-19 12:08:20 —-HDC—- C:\WINDOWS\$NtUninstallKB946648$
2008-12-19 12:08:12 —-HDC—- C:\WINDOWS\$NtUninstallKB938464$
2008-12-19 12:00:44 —-D—- C:\WINDOWS\system32\scripting
2008-12-19 12:00:44 —-D—- C:\WINDOWS\l2schemas
2008-12-19 12:00:43 —-D—- C:\WINDOWS\system32\en
2008-12-19 12:00:43 —-D—- C:\WINDOWS\system32\bits
2008-12-19 11:57:01 —-D—- C:\WINDOWS\ServicePackFiles
2008-12-19 11:50:25 —-HDC—- C:\WINDOWS\$NtServicePackUninstall$
2008-12-19 11:50:23 —-D—- C:\WINDOWS\EHome
2008-12-15 16:56:29 —-HDC—- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-15 16:56:23 —-HDC—- C:\WINDOWS\$NtUninstallKB955839$
2008-12-15 16:50:30 —-HDC—- C:\WINDOWS\$NtUninstallKB956802_0$
2008-12-11 15:50:33 —-HDC—- C:\WINDOWS\$NtUninstallKB954600_0$
2008-11-19 09:12:43 —-D—- C:\WINDOWS\ie7updates
2008-11-19 09:12:11 —-D—- C:\WINDOWS\WBEM
2008-11-19 09:12:10 —-D—- C:\WINDOWS\system32\en-US
2008-11-19 09:11:13 —-HDC—- C:\WINDOWS\ie7
2008-11-19 09:11:00 —-HDC—- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-11-19 09:10:41 —-HDC—- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-11-19 09:10:01 —-HDC—- C:\WINDOWS\$NtUninstallKB915865$
2008-11-19 09:09:56 —-A—- C:\WINDOWS\system32\xmllite.dll
2008-11-19 09:08:32 —-D—- C:\WINDOWS\network diagnostic
2008-11-19 09:08:31 —-HDC—- C:\WINDOWS\$NtUninstallKB914440$
2008-11-19 09:08:20 —-HDC—- C:\WINDOWS\$NtUninstallKB904942$
2008-11-17 15:34:34 —-HDC—- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-17 15:32:50 —-HDC—- C:\WINDOWS\$NtUninstallKB955069_0$
2008-10-24 10:19:00 —-HDC—- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-16 15:15:03 —-HDC—- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-16 15:14:55 —-HDC—- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 15:14:47 —-HDC—- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-16 15:11:58 —-HDC—- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-16 15:11:30 —-HDC—- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-16 15:08:28 —-HDC—- C:\WINDOWS\$NtUninstallKB956390$
2008-10-07 10:29:11 —-N—- C:\WINDOWS\system32\wmphoto.dll
2008-10-07 10:29:05 —-N—- C:\WINDOWS\system32\wlanapi.dll
2008-10-07 10:29:02 —-N—- C:\WINDOWS\system32\windowscodecsext.dll
2008-10-07 10:29:02 —-N—- C:\WINDOWS\system32\windowscodecs.dll
2008-10-07 10:28:51 —-N—- C:\WINDOWS\system32\tspkg.dll
2008-10-07 10:28:51 —-N—- C:\WINDOWS\system32\tsgqec.dll
2008-10-07 10:28:42 —-N—- C:\WINDOWS\system32\spupdwxp.exe
2008-10-07 10:28:40 —-A—- C:\WINDOWS\system32\spdwnwxp.exe
2008-10-07 10:28:38 —-N—- C:\WINDOWS\system32\slserv.exe
2008-10-07 10:28:38 —-N—- C:\WINDOWS\system32\slrundll.exe
2008-10-07 10:28:38 —-N—- C:\WINDOWS\system32\slgen.dll
2008-10-07 10:28:38 —-N—- C:\WINDOWS\system32\slextspk.dll
2008-10-07 10:28:38 —-N—- C:\WINDOWS\system32\slcoinst.dll
2008-10-07 10:28:38 —-N—- C:\WINDOWS\slrundll.exe
2008-10-07 10:28:33 —-N—- C:\WINDOWS\system32\setupn.exe
2008-10-07 10:28:30 —-N—- C:\WINDOWS\system32\s3gnb.dll
2008-10-07 10:28:29 —-N—- C:\WINDOWS\system32\rhttpaa.dll
2008-10-07 10:28:27 —-N—- C:\WINDOWS\system32\rasqec.dll
2008-10-07 10:28:25 —-N—- C:\WINDOWS\system32\qutil.dll
2008-10-07 10:28:24 —-N—- C:\WINDOWS\system32\qcliprov.dll
2008-10-07 10:28:24 —-N—- C:\WINDOWS\system32\qagentrt.dll
2008-10-07 10:28:24 —-N—- C:\WINDOWS\system32\qagent.dll
2008-10-07 10:28:22 —-N—- C:\WINDOWS\system32\photometadatahandler.dll
2008-10-07 10:28:18 —-N—- C:\WINDOWS\system32\onex.dll
2008-10-07 10:28:13 —-N—- C:\WINDOWS\system32\nv4_disp.dll
2008-10-07 10:28:05 —-N—- C:\WINDOWS\system32\napstat.exe
2008-10-07 10:28:05 —-N—- C:\WINDOWS\system32\napmontr.dll
2008-10-07 10:28:04 —-N—- C:\WINDOWS\system32\napipsec.dll
2008-10-07 10:28:04 —-N—- C:\WINDOWS\system32\mtxparhd.dll
2008-10-07 10:28:03 —-N—- C:\WINDOWS\system32\msxml6r.dll
2008-10-07 10:28:03 —-N—- C:\WINDOWS\system32\msxml6.dll
2008-10-07 10:28:00 —-N—- C:\WINDOWS\system32\msshavmsg.dll
2008-10-07 10:28:00 —-N—- C:\WINDOWS\system32\mssha.dll
2008-10-07 10:27:42 —-N—- C:\WINDOWS\system32\mmcperf.exe
2008-10-07 10:27:42 —-N—- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-07 10:27:42 —-N—- C:\WINDOWS\system32\mmcex.dll
2008-10-07 10:27:42 —-N—- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-10-07 10:27:29 —-N—- C:\WINDOWS\system32\l2gpstore.dll
2008-10-07 10:27:20 —-N—- C:\WINDOWS\system32\kmsvc.dll
2008-10-07 10:27:19 —-N—- C:\WINDOWS\system32\kbdpash.dll
2008-10-07 10:27:19 —-N—- C:\WINDOWS\system32\kbdnepr.dll
2008-10-07 10:27:19 —-N—- C:\WINDOWS\system32\kbdiultn.dll
2008-10-07 10:27:19 —-N—- C:\WINDOWS\system32\kbdbhc.dll
2008-10-07 10:26:53 —-N—- C:\WINDOWS\system32\hsfcisp2.dll
2008-10-07 10:26:43 —-N—- C:\WINDOWS\system32\faxpatch.exe
2008-10-07 10:26:43 —-A—- C:\WINDOWS\002753_.tmp
2008-10-07 10:26:39 —-N—- C:\WINDOWS\system32\eapsvc.dll
2008-10-07 10:26:39 —-N—- C:\WINDOWS\system32\eapqec.dll
2008-10-07 10:26:39 —-N—- C:\WINDOWS\system32\eappprxy.dll
2008-10-07 10:26:39 —-N—- C:\WINDOWS\system32\eapphost.dll
2008-10-07 10:26:39 —-N—- C:\WINDOWS\system32\eappgnui.dll
2008-10-07 10:26:39 —-N—- C:\WINDOWS\system32\eappcfg.dll
2008-10-07 10:26:39 —-N—- C:\WINDOWS\system32\eapp3hst.dll
2008-10-07 10:26:39 —-N—- C:\WINDOWS\system32\eapolqec.dll
2008-10-07 10:26:36 —-N—- C:\WINDOWS\system32\dot3ui.dll
2008-10-07 10:26:36 —-N—- C:\WINDOWS\system32\dot3svc.dll
2008-10-07 10:26:36 —-N—- C:\WINDOWS\system32\dot3msm.dll
2008-10-07 10:26:36 —-N—- C:\WINDOWS\system32\dot3gpclnt.dll
2008-10-07 10:26:36 —-N—- C:\WINDOWS\system32\dot3dlg.dll
2008-10-07 10:26:36 —-N—- C:\WINDOWS\system32\dot3cfg.dll
2008-10-07 10:26:36 —-N—- C:\WINDOWS\system32\dot3api.dll
2008-10-07 10:26:35 —-N—- C:\WINDOWS\system32\dimsroam.dll
2008-10-07 10:26:35 —-N—- C:\WINDOWS\system32\dimsntfy.dll
2008-10-07 10:26:34 —-N—- C:\WINDOWS\system32\dhcpqec.dll
2008-10-07 10:26:31 —-N—- C:\WINDOWS\system32\credssp.dll
2008-10-07 10:26:26 —-N—- C:\WINDOWS\system32\bitsprx4.dll
2008-10-07 10:26:26 —-N—- C:\WINDOWS\system32\azroles.dll
2008-10-07 10:26:24 —-N—- C:\WINDOWS\system32\ativtmxx.dll
2008-10-07 10:26:23 —-N—- C:\WINDOWS\system32\ati3d1ag.dll
2008-10-07 10:26:22 —-N—- C:\WINDOWS\system32\ati2dvaa.dll
2008-10-07 10:26:18 —-N—- C:\WINDOWS\system32\aaclient.dll
======List of files/folders modified in the last 3 months======
2009-01-06 09:25:35 —-D—- C:\WINDOWS\Temp
2009-01-06 09:25:10 —-D—- C:\Program Files
2009-01-05 16:20:00 —-D—- C:\WINDOWS\system32
2009-01-05 16:20:00 —-A—- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-05 15:48:41 —-D—- C:\Program Files\Spybot - Search & Destroy
2009-01-05 15:47:35 —-A—- C:\WINDOWS\SchedLgU.Txt
2009-01-05 14:11:05 —-D—- C:\WINDOWS
2009-01-05 13:58:07 —-SD—- C:\WINDOWS\Tasks
2009-01-05 13:14:33 —-HD—- C:\WINDOWS\inf
2009-01-05 13:14:30 —-D—- C:\WINDOWS\system32\CatRoot
2009-01-05 12:39:52 —-D—- C:\WINDOWS\system32\CatRoot2
2009-01-05 10:18:42 —-HD—- C:\$AVG8.VAULT$
2009-01-05 10:01:11 —-RSHD—- C:\WINDOWS\system32\dllcache
2009-01-05 10:00:57 —-A—- C:\WINDOWS\imsins.BAK
2009-01-05 08:44:42 —-HD—- C:\WINDOWS\$hf_mig$
2008-12-19 13:29:03 —-SHD—- C:\WINDOWS\Installer
2008-12-19 13:28:59 —-D—- C:\Program Files\MSN Messenger
2008-12-19 13:27:03 —-A—- C:\WINDOWS\OEWABLog.txt
2008-12-19 12:19:17 —-A—- C:\WINDOWS\setuplog.txt
2008-12-19 12:18:02 —-D—- C:\WINDOWS\system32\Setup
2008-12-19 12:18:01 —-D—- C:\WINDOWS\system32\wbem
2008-12-19 12:18:01 —-D—- C:\WINDOWS\AppPatch
2008-12-19 12:18:00 —-RSD—- C:\WINDOWS\Fonts
2008-12-19 12:17:53 —-D—- C:\WINDOWS\system32\drivers
2008-12-19 12:08:22 —-D—- C:\Program Files\Messenger
2008-12-19 12:07:32 —-D—- C:\WINDOWS\security
2008-12-19 12:02:00 —-D—- C:\WINDOWS\WinSxS
2008-12-19 12:01:46 —-D—- C:\Program Files\Windows Media Player
2008-12-19 12:01:45 —-D—- C:\WINDOWS\Help
2008-12-19 12:01:08 —-D—- C:\WINDOWS\ime
2008-12-19 12:00:46 —-D—- C:\WINDOWS\system32\usmt
2008-12-19 12:00:43 —-D—- C:\WINDOWS\PeerNet
2008-12-19 12:00:42 —-D—- C:\Program Files\Movie Maker
2008-12-19 11:56:55 —-D—- C:\WINDOWS\system32\Restore
2008-12-19 11:56:55 —-D—- C:\WINDOWS\system32\npp
2008-12-19 11:56:52 —-D—- C:\WINDOWS\msagent
2008-12-19 11:56:50 —-D—- C:\WINDOWS\srchasst
2008-12-19 11:56:47 —-D—- C:\Program Files\NetMeeting
2008-12-19 11:56:44 —-D—- C:\WINDOWS\system32\Com
2008-12-19 11:56:41 —-D—- C:\Program Files\Windows NT
2008-12-19 11:56:41 —-D—- C:\Program Files\Outlook Express
2008-12-19 11:56:37 —-D—- C:\Program Files\Common Files\System
2008-12-19 11:56:09 —-D—- C:\WINDOWS\system32\oobe
2008-12-19 11:56:06 —-D—- C:\WINDOWS\system
2008-12-19 11:52:43 —-D—- C:\WINDOWS\system32\ReinstallBackups
2008-12-15 16:56:08 —-A—- C:\WINDOWS\win.ini
2008-12-15 16:54:20 —-D—- C:\Program Files\Internet Explorer
2008-12-13 16:40:02 —-A—- C:\WINDOWS\system32\mshtml.dll
2008-12-10 09:26:04 —-D—- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2008-12-10 09:24:37 —-A—- C:\WINDOWS\system32\MRT.exe
2008-11-19 09:12:04 —-D—- C:\WINDOWS\Media
2008-11-07 16:45:32 —-A—- C:\WINDOWS\system32\WMVCore.dll
2008-10-23 22:36:14 —-A—- C:\WINDOWS\system32\gdi32.dll
2008-10-22 14:07:32 —-D—- C:\Documents and Settings\User\Application Data\AdobeUM
2008-10-17 06:38:40 —-A—- C:\WINDOWS\system32\wininet.dll
2008-10-17 06:38:39 —-N—- C:\WINDOWS\system32\pngfilt.dll
2008-10-17 06:38:39 —-N—- C:\WINDOWS\system32\occache.dll
2008-10-17 06:38:39 —-N—- C:\WINDOWS\system32\mstime.dll
2008-10-17 06:38:39 —-A—- C:\WINDOWS\system32\webcheck.dll
2008-10-17 06:38:39 —-A—- C:\WINDOWS\system32\urlmon.dll
2008-10-17 06:38:39 —-A—- C:\WINDOWS\system32\url.dll
2008-10-17 06:38:38 —-N—- C:\WINDOWS\system32\msrating.dll
2008-10-17 06:38:38 —-N—- C:\WINDOWS\system32\mshtmled.dll
2008-10-17 06:38:37 —-N—- C:\WINDOWS\system32\jsproxy.dll
2008-10-17 06:38:37 —-N—- C:\WINDOWS\system32\iernonce.dll
2008-10-17 06:38:37 —-A—- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-17 06:38:37 —-A—- C:\WINDOWS\system32\msfeeds.dll
2008-10-17 06:38:37 —-A—- C:\WINDOWS\system32\iertutil.dll
2008-10-17 06:38:37 —-A—- C:\WINDOWS\system32\ieframe.dll
2008-10-17 06:38:35 —-N—- C:\WINDOWS\system32\iedkcs32.dll
2008-10-17 06:38:35 —-N—- C:\WINDOWS\system32\ieaksie.dll
2008-10-17 06:38:35 —-N—- C:\WINDOWS\system32\ieakeng.dll
2008-10-17 06:38:35 —-N—- C:\WINDOWS\system32\extmgr.dll
2008-10-17 06:38:35 —-A—- C:\WINDOWS\system32\ieapfltr.dll
2008-10-17 06:38:35 —-A—- C:\WINDOWS\system32\icardie.dll
2008-10-17 06:38:34 —-N—- C:\WINDOWS\system32\dxtrans.dll
2008-10-17 06:38:34 —-N—- C:\WINDOWS\system32\dxtmsft.dll
2008-10-17 06:38:34 —-A—- C:\WINDOWS\system32\advpack.dll
2008-10-16 23:11:09 —-N—- C:\WINDOWS\system32\ie4uinit.exe
2008-10-16 23:11:09 —-A—- C:\WINDOWS\system32\ieudinit.exe
2008-10-16 14:13:40 —-A—- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 —-A—- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 —-A—- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 —-A—- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 —-A—- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 —-A—- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 —-A—- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 —-A—- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 —-A—- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 —-A—- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 —-A—- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 —-A—- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 —-A—- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 —-A—- C:\WINDOWS\system32\mucltui.dll
2008-10-16 02:34:24 —-A—- C:\WINDOWS\system32\netapi32.dll
2008-10-15 17:04:53 —-N—- C:\WINDOWS\system32\ieakui.dll
2008-10-08 14:46:42 —-A—- C:\WINDOWS\Brpfx04a.ini
2008-10-08 13:35:39 —-A—- C:\WINDOWS\brmx2001.ini
2008-10-07 09:38:59 —-D—- C:\WINDOWS\Debug
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-12 39424]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-12 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-09-12 26824]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-12-22 909824]
R3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-10-28 342912]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2004-11-24 34048]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2004-11-24 280192]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-11 1041536]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-06-11 192896]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-06-28 69760]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-11-05 186016]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2004-11-17 147840]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-11 684800]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-19 15263]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2004-06-12 51712]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2004-01-10 11648]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 fixustor;fixustor; C:\WINDOWS\system32\drivers\fixustor.sys [2004-01-06 6016]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-18 35913]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S4 BsUDF;InCD UDF Driver; C:\WINDOWS\system32\drivers\BsUDF.sys [2002-05-16 335872]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-12-22 425984]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-09-03 198336]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-12 231704]
R2 brmfrmps;Brother Popup Suspend service for Resource manager; C:\WINDOWS\system32\Brmfrmps.exe [2003-05-05 65536]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-14 101528]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2005-01-11 729088]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-09-21 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-18 138168]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-11-18 98304]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-03 2528960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
—————–EOF—————–
Welcome to linabbs befuddled 
Download GMER Rootkit Scanner from here.Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan…click on NO.
In the right panel, you will see several boxes that have been checked. Uncheck the following …Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don’t miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in ark.txt
Save it where you can easily find it, such as your desktop then post the contents here.
**Caution**
Rootkit scans often produce false positives. Do NOT take action on any <—- ROOKIT entries
Related Posts:
Comments
Leave a Reply
You must be logged in to post a comment.