View Full Version : 50% CPU Usage
zero777cool
2009-06-09, 20:41
Hi
I recently had a Trojan infect my pc. The 'New Folder.exe' Trojan I think is the name. The one that makes link to some folders as exe's and hides the actual folder. I have managed to remove this Trojan with a combo of Bitdefender 2008/Spybot S&D scanning. I also ran a tool called ComboFix which was supposed to fix the problem, but instead made a "link" called ComboFix on my harddrive which acted like "My Computer" displaying all folders and drives on my pc. I managed to fix that, but now my CPU usage is constantly sitting at 50% and never goes down, which you can imagine is not so nice I have scanned with hijackthis and included the log file for your perusal
I would really appreciate any help
Thanks muchly
------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:41:16 PM, on 2009/06/09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\PGPsdkServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\SASA ADSL Stats Analyser\sasa.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Copy Handler\ch.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [SASA ADSL Stats Analyser] C:\Program Files\SASA ADSL Stats Analyser\sasa.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Copy Handler] C:\Program Files\Copy Handler\ch.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Windows Task Manager.lnk = C:\WINDOWS\system32\taskmgr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Windows Task Manager.lnk = C:\WINDOWS\system32\taskmgr.exe (User 'Default user')
O4 - Startup: Windows Task Manager.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: PGPtray.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PEVSystemStart - Unknown owner - cmd /k start /i "/dC:" "C:\ComboFix\HIDEC.exe" "C:\WINDOWS\system32\CF25244.exe" /c RD /S/Q \$RECYCLE.bin \RECYCLER \RECYCLED (file missing)
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\system32\PGPsdkServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 10418 bytes
Hello and welcome to Safer Networking
My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
Please observe these rules while we work:
I f you don't know or understand something please don't hesitate to ask
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.
1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
2 - download and run RSIT
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)
3 - Status Check
Please reply with
1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log
Thanks peku006
zero777cool
2009-06-11, 18:54
hi
the thread has a limit of 64000 characters per post :oops: so ill have to post the logs in different replies. i cant attach the logs caus the files exceed the size limit for .txt files :oops: :oops:
-----
Logfile of random's system information tool 1.06 (written by random/random)
Run by zero777cool at 2009-06-11 18:39:32
Microsoft Windows XP Professional Service Pack 2
System drive C: has 11 GB (8%) free of 153 GB
Total RAM: 1014 MB (35% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:39:47 PM, on 2009/06/11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PGPsdkServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\SASA ADSL Stats Analyser\sasa.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Copy Handler\ch.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\zero777cool\Apps\Safer Networking\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\zero777cool.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [SASA ADSL Stats Analyser] C:\Program Files\SASA ADSL Stats Analyser\sasa.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Copy Handler] C:\Program Files\Copy Handler\ch.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Windows Task Manager.lnk = C:\WINDOWS\system32\taskmgr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Windows Task Manager.lnk = C:\WINDOWS\system32\taskmgr.exe (User 'Default user')
O4 - Startup: Windows Task Manager.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: PGPtray.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PEVSystemStart - Unknown owner - cmd /k start /i "/dC:" "C:\ComboFix\HIDEC.exe" "C:\WINDOWS\system32\CF25244.exe" /c RD /S/Q \$RECYCLE.bin \RECYCLER \RECYCLED (file missing)
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\system32\PGPsdkServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 10537 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2009-04-03 134344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2009-05-25 86016]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-04-20 142104]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-04-20 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-04-20 138008]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"QuickTime Task"=C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe [2009-05-25 61440]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2009-05-25 368640]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe [2009-01-02 3399727]
"SASA ADSL Stats Analyser"=C:\Program Files\SASA ADSL Stats Analyser\sasa.exe [2007-07-15 1288704]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-10-09 139264]
"Copy Handler"=C:\Program Files\Copy Handler\ch.exe [2008-03-25 425472]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-03-20 1312256]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copy Handler]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^zero777cool^Start Menu^Programs^Startup^ .lnk]
C:\WINDOWS\system32\XP-D41~1.EXE []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe
PGPtray.lnk - C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\zero777cool\Start Menu\Programs\Startup
Windows Task Manager.lnk - C:\WINDOWS\system32\taskmgr.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-04-16 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac7b5ee-4884-11de-b42a-001c250774d9}]
shell\1\command - G:\Recycled.exe
shell\2\command - G:\Recycled.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe
======List of files/folders created in the last 3 months======
2009-06-11 18:39:32 ----D---- C:\rsit
2009-06-11 16:42:28 ----D---- C:\Documents and Settings\zero777cool\Application Data\Malwarebytes
2009-06-11 16:42:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-11 16:42:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-30 15:39:10 ----D---- C:\Program Files\DVD Shrink
2009-05-30 15:39:10 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-05-28 18:33:14 ----D---- C:\Program Files\ERUNT
2009-05-28 13:14:23 ----A---- C:\WINDOWS\wininit.ini
2009-05-28 12:21:36 ----D---- C:\Program Files\Trend Micro
2009-05-27 11:17:42 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2009-05-27 11:08:06 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-05-26 09:50:01 ----D---- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2009-05-26 09:49:48 ----D---- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2009-05-26 09:40:08 ----A---- C:\WINDOWS\CSTBox.INI
2009-05-26 09:29:08 ----D---- C:\Program Files\Canon
2009-05-26 09:28:39 ----HD---- C:\CanoScan
2009-05-26 09:28:39 ----A---- C:\WINDOWS\system32\CNQU111.DLL
2009-05-26 09:28:39 ----A---- C:\WINDOWS\system32\CNQL1212.dll
2009-05-25 13:33:06 ----D---- C:\Documents and Settings\zero777cool\Application Data\BitDefender
2009-05-25 13:32:03 ----D---- C:\Program Files\Common Files\BitDefender
2009-05-25 13:31:56 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2009-05-25 13:31:15 ----SHD---- C:\Config.Msi
2009-05-25 13:06:10 ----D---- C:\Program Files\Windows Installer Clean Up
2009-05-25 13:06:01 ----D---- C:\Program Files\MSECACHE
2009-05-25 09:39:39 ----D---- C:\WINDOWS\Applian FLV Player
2009-05-25 09:15:25 ----A---- C:\WINDOWS\system32\CF27860.exe
2009-05-25 09:10:28 ----SHD---- C:\RECYCLER
2009-05-25 09:07:15 ----D---- C:\WINDOWS\temp
2009-05-25 09:02:06 ----A---- C:\WINDOWS\zip.exe
2009-05-25 09:02:06 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-05-25 09:02:06 ----A---- C:\WINDOWS\SWSC.exe
2009-05-25 09:02:06 ----A---- C:\WINDOWS\SWREG.exe
2009-05-25 09:02:06 ----A---- C:\WINDOWS\sed.exe
2009-05-25 09:02:06 ----A---- C:\WINDOWS\PEV.exe
2009-05-25 09:02:06 ----A---- C:\WINDOWS\NIRCMD.exe
2009-05-25 09:02:06 ----A---- C:\WINDOWS\grep.exe
2009-05-25 08:58:28 ----D---- C:\WINDOWS\ERDNT
2009-05-24 23:42:55 ----D---- C:\Documents and Settings\zero777cool\Application Data\Apple Computer
2009-05-24 23:42:43 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-05-24 23:41:54 ----D---- C:\Program Files\iPod
2009-05-24 23:41:50 ----D---- C:\Program Files\iTunes
2009-05-24 23:41:50 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-24 23:41:31 ----D---- C:\Program Files\Bonjour
2009-05-24 23:40:52 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-05-24 23:40:31 ----D---- C:\Program Files\Apple Software Update
2009-05-24 23:39:31 ----D---- C:\Program Files\Common Files\Apple
2009-05-24 23:39:31 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-05-22 12:04:39 ----D---- C:\Documents and Settings\All Users\Application Data\JollyBear
2009-05-21 17:38:56 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-21 10:33:07 ----D---- C:\Program Files\Common Files\PCSuite
2009-05-21 10:31:56 ----D---- C:\Program Files\PC Connectivity Solution
2009-05-21 10:31:29 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2009-05-21 10:31:29 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2009-05-20 12:36:39 ----D---- C:\WINDOWS\pss
2009-05-19 21:25:45 ----D---- C:\Documents and Settings\zero777cool\Application Data\Ahead
2009-05-19 21:23:23 ----D---- C:\Program Files\Nero
2009-05-19 21:23:23 ----D---- C:\Program Files\Common Files\Ahead
2009-05-19 21:22:50 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-05-19 21:22:49 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-05-19 14:10:30 ----D---- C:\Program Files\FolderSize
2009-05-14 23:09:06 ----D---- C:\WINDOWS\Sun
2009-05-12 19:26:37 ----D---- C:\Program Files\Add-in Express
2009-05-09 23:05:42 ----D---- C:\Documents and Settings\All Users\Application Data\Nokia
2009-05-09 23:04:59 ----D---- C:\Program Files\MSXML 6.0
2009-05-09 23:02:37 ----HDC---- C:\WINDOWS\$NtUninstallWudf01005$
2009-05-09 23:01:48 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2009-05-09 23:01:46 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2009-05-09 23:01:18 ----D---- C:\Documents and Settings\zero777cool\Application Data\PC Suite
2009-05-09 23:01:18 ----D---- C:\Documents and Settings\zero777cool\Application Data\Nokia
2009-05-09 23:01:17 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite
2009-05-09 22:59:25 ----D---- C:\Program Files\Common Files\Nokia
2009-05-09 22:59:13 ----D---- C:\Program Files\DIFX
2009-05-09 22:58:50 ----D---- C:\Program Files\Nokia
2009-05-09 22:58:50 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2009-05-09 22:58:12 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2009-05-09 14:37:05 ----D---- C:\Documents and Settings\zero777cool\Application Data\com.adobe.ExMan
2009-05-08 20:14:52 ----D---- C:\Program Files\SASA ADSL Stats Analyser
2009-05-08 19:53:53 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-05-08 19:28:54 ----D---- C:\Program Files\Adobe Media Player
2009-05-08 19:26:18 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-05-08 19:22:13 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-05-06 18:11:16 ----D---- C:\WINDOWS\system32\FxsTmp
2009-05-06 18:11:10 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt
2009-05-06 18:11:02 ----A---- C:\WINDOWS\system32\fxsxp32.dll
2009-05-06 18:11:02 ----A---- C:\WINDOWS\system32\fxswzrd.dll
2009-05-06 18:11:02 ----A---- C:\WINDOWS\system32\fxsui.dll
2009-05-06 18:11:02 ----A---- C:\WINDOWS\system32\fxstiff.dll
2009-05-06 18:11:02 ----A---- C:\WINDOWS\system32\fxst30.dll
2009-05-06 18:11:02 ----A---- C:\WINDOWS\system32\fxssvc.exe
2009-05-06 18:11:02 ----A---- C:\WINDOWS\system32\fxsst.dll
2009-05-06 18:11:02 ----A---- C:\WINDOWS\system32\fxssend.exe
2009-05-06 18:11:02 ----A---- C:\WINDOWS\system32\fxsroute.dll
2009-05-06 18:11:02 ----A---- C:\WINDOWS\system32\fxsres.dll
2009-05-06 18:11:02 ----A---- C:\WINDOWS\system32\fxsperf.ini
2009-05-06 18:11:02 ----A---- C:\WINDOWS\system32\fxsperf.dll
2009-05-06 18:11:02 ----A---- C:\WINDOWS\system32\fxsmon.dll
2009-05-06 18:11:02 ----A---- C:\WINDOWS\system32\fxsext32.dll
2009-05-06 18:11:02 ----A---- C:\WINDOWS\system32\fxsevent.dll
2009-05-06 18:11:02 ----A---- C:\WINDOWS\system32\fxsdrv.dll
2009-05-06 18:11:02 ----A---- C:\WINDOWS\system32\fxscover.exe
2009-05-06 18:11:02 ----A---- C:\WINDOWS\system32\fxscomex.dll
2009-05-06 18:11:02 ----A---- C:\WINDOWS\system32\fxscom.dll
2009-05-06 18:11:02 ----A---- C:\WINDOWS\system32\fxsclntR.dll
2009-05-06 18:11:02 ----A---- C:\WINDOWS\system32\fxsclnt.exe
2009-05-06 18:11:02 ----A---- C:\WINDOWS\system32\fxscfgwz.dll
2009-05-06 18:11:00 ----A---- C:\WINDOWS\system32\fxsapi.dll
2009-05-05 22:43:37 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-05 22:43:37 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-05 22:42:34 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-05-05 22:13:27 ----D---- C:\WINDOWS\system32\Adobe
2009-05-05 19:45:04 ----D---- C:\Documents and Settings\zero777cool\Application Data\FileZilla
2009-05-05 19:44:49 ----D---- C:\Program Files\FileZilla FTP Client
2009-05-05 19:33:52 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-05-05 12:49:06 ----A---- C:\WINDOWS\MFPD.INI
2009-05-05 12:49:02 ----A---- C:\WINDOWS\system32\APFAXCNV.DLL
2009-05-05 12:49:01 ----D---- C:\Program Files\MightyFax
2009-05-05 12:39:40 ----HD---- C:\WINDOWS\PIF
2009-05-05 12:39:13 ----D---- C:\Documents and Settings\zero777cool\Application Data\Windows Search
2009-05-05 12:25:19 ----D---- C:\Program Files\DAMN NFO Viewer
2009-05-05 12:23:59 ----A---- C:\WINDOWS\system32\AVERM.dll
2009-05-05 12:23:59 ----A---- C:\WINDOWS\system32\AVEQT.dll
2009-05-05 12:23:58 ----D---- C:\Program Files\Ultra MP4 Video Converter
2009-05-05 11:34:46 ----D---- C:\Program Files\Neoretix
2009-05-05 11:34:12 ----D---- C:\Documents and Settings\zero777cool\Application Data\Windows Desktop Search
2009-05-05 11:33:35 ----D---- C:\Program Files\Windows Desktop Search
2009-05-05 11:33:34 ----D---- C:\WINDOWS\system32\GroupPolicy
2009-05-05 11:33:34 ----D---- C:\WINDOWS\system32\en-US
2009-05-05 11:33:17 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2009-05-05 11:33:09 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2009-05-05 11:32:57 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-05-05 11:32:56 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-05 11:32:52 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-05-05 10:44:13 ----D---- C:\Program Files\WinPcap
2009-05-05 10:43:30 ----D---- C:\WINDOWS\Downloaded Installations
2009-05-05 10:42:14 ----D---- C:\Program Files\FLV Player
2009-05-05 10:25:19 ----D---- C:\Program Files\Unlocker
2009-05-05 10:01:02 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-05 10:01:02 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-05 10:01:02 ----A---- C:\WINDOWS\system32\java.exe
2009-05-05 10:00:34 ----D---- C:\Program Files\Java
2009-05-05 10:00:32 ----D---- C:\Program Files\Common Files\Java
2009-05-05 09:49:32 ----D---- C:\Documents and Settings\zero777cool\Application Data\Sun
2009-05-04 20:30:22 ----A---- C:\WINDOWS\system32\keymail.dll
2009-05-03 19:33:06 ----D---- C:\Documents and Settings\zero777cool\Application Data\vlc
2009-05-03 18:41:29 ----D---- C:\Documents and Settings\zero777cool\Application Data\Mozilla
2009-05-03 17:55:25 ----D---- C:\Documents and Settings\zero777cool\Application Data\GrabPro
2009-05-03 17:55:21 ----D---- C:\Program Files\Orbitdownloader
2009-05-03 17:55:21 ----D---- C:\Documents and Settings\zero777cool\Application Data\Orbit
2009-05-03 17:48:13 ----D---- C:\Documents and Settings\zero777cool\Application Data\ACD Systems
2009-05-03 17:47:35 ----D---- C:\Documents and Settings\All Users\Application Data\ACD Systems
2009-05-03 17:47:30 ----D---- C:\Program Files\Common Files\ACD Systems
2009-05-03 17:47:30 ----D---- C:\Program Files\ACD Systems
2009-05-03 17:42:35 ----D---- C:\Documents and Settings\zero777cool\Application Data\PGP Corporation
2009-05-03 17:42:35 ----D---- C:\Documents and Settings\All Users\Application Data\PGP Corporation
2009-05-03 17:42:32 ----A---- C:\WINDOWS\system32\PGPtclP11.dll
2009-05-03 17:42:32 ----A---- C:\WINDOWS\system32\PGPsdkUI.dll
2009-05-03 17:42:32 ----A---- C:\WINDOWS\system32\PGPsdkNL.dll
2009-05-03 17:42:32 ----A---- C:\WINDOWS\system32\PGPsdk.dll
2009-05-03 17:42:31 ----D---- C:\Program Files\PGP Corporation
2009-05-03 17:42:31 ----A---- C:\WINDOWS\system32\PGPsdkServ.exe
2009-05-03 17:42:31 ----A---- C:\WINDOWS\system32\PGPsc.dll
2009-05-03 17:42:31 ----A---- C:\WINDOWS\system32\PGPmn.dll
2009-05-03 17:42:31 ----A---- C:\WINDOWS\system32\PGPhk.dll
2009-05-03 17:42:31 ----A---- C:\WINDOWS\system32\PGPdiskUI.dll
2009-05-03 17:42:31 ----A---- C:\WINDOWS\system32\PGPdiskEngine.dll
2009-05-03 17:42:31 ----A---- C:\WINDOWS\system32\PGPclientLib.dll
2009-05-03 13:47:02 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-05-03 13:46:21 ----D---- C:\Program Files\Hewlett-Packard
2009-05-03 09:29:40 ----D---- C:\WINDOWS\system32\appmgmt
2009-05-02 19:34:11 ----D---- C:\Documents and Settings\zero777cool\Application Data\Free Download Manager
2009-05-01 22:48:26 ----D---- C:\Program Files\Copy Handler
2009-05-01 21:11:27 ----D---- C:\Documents and Settings\zero777cool\Application Data\Media Player Classic
2009-05-01 21:04:00 ----D---- C:\Documents and Settings\zero777cool\Application Data\WinRAR
2009-05-01 21:03:22 ----D---- C:\Documents and Settings\zero777cool\Application Data\DAEMON Tools
2009-05-01 20:41:36 ----D---- C:\Documents and Settings\zero777cool\Application Data\Adobe
2009-05-01 20:30:01 ----D---- C:\Documents and Settings\zero777cool\Application Data\Winamp
2009-05-01 20:27:45 ----D---- C:\Documents and Settings\zero777cool\Application Data\Macromedia
2009-05-01 20:27:38 ----D---- C:\Documents and Settings\zero777cool\Application Data\Identities
2009-05-01 20:27:27 ----SD---- C:\Documents and Settings\zero777cool\Application Data\Microsoft
2009-05-01 20:27:27 ----ASH---- C:\Documents and Settings\zero777cool\Application Data\desktop.ini
2009-05-01 19:22:58 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-05-01 19:22:54 ----D---- C:\Program Files\Common Files\Adobe
2009-05-01 19:22:54 ----D---- C:\Program Files\Adobe
2009-04-30 23:04:59 ----D---- C:\Program Files\Common Files\Real
2009-04-30 23:04:57 ----D---- C:\Program Files\Ringz Studio
2009-04-30 21:19:26 ----D---- C:\Program Files\Google
2009-04-30 20:49:52 ----D---- C:\Program Files\VideoLAN
2009-04-30 20:29:06 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-04-30 20:29:06 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-04-30 20:29:06 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-04-30 20:29:06 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-04-30 20:29:06 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-04-30 20:29:05 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-04-30 20:29:05 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-04-30 20:29:05 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-04-30 20:29:05 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-04-30 20:29:05 ----N---- C:\WINDOWS\system32\px.dll
2009-04-30 20:29:02 ----D---- C:\Program Files\Winamp
2009-04-30 20:23:42 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-04-30 20:23:38 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-04-30 20:23:37 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-04-30 20:23:25 ----D---- C:\Program Files\Windows Media Connect 2
2009-04-30 20:23:18 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-04-30 20:22:53 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-04-30 20:22:35 ----D---- C:\WINDOWS\system32\LogFiles
2009-04-30 20:22:33 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-04-30 20:22:32 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-04-30 20:22:15 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-04-30 19:03:49 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-04-30 18:48:10 ----D---- C:\Program Files\Common Files\InstallShield
2009-04-30 15:59:55 ----D---- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2009-04-30 15:59:54 ----D---- C:\Program Files\Free Download Manager
2009-04-30 15:48:52 ----D---- C:\Program Files\Mozilla Firefox
2009-04-30 15:44:57 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-04-30 15:44:39 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-04-30 15:43:38 ----D---- C:\Program Files\Microsoft Works
2009-04-30 15:43:31 ----D---- C:\Program Files\MSBuild
2009-04-30 15:43:08 ----D---- C:\Program Files\Microsoft Visual Studio
2009-04-30 15:43:08 ----D---- C:\Program Files\Common Files\DESIGNER
2009-04-30 15:39:32 ----D---- C:\WINDOWS\SHELLNEW
2009-04-30 15:39:11 ----D---- C:\Program Files\Microsoft Office
2009-04-30 15:39:11 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-04-30 15:38:53 ----RHD---- C:\MSOCache
2009-04-30 15:32:52 ----D---- C:\Program Files\DAEMON Tools Lite
2009-04-30 15:11:18 ----A---- C:\WINDOWS\system32\h323log.txt
2009-04-30 15:09:05 ----A---- C:\WINDOWS\system32\wshirda.dll
2009-04-30 15:09:05 ----A---- C:\WINDOWS\system32\irmon.dll
2009-04-30 15:09:05 ----A---- C:\WINDOWS\system32\irftp.exe
2009-04-30 15:08:37 ----A---- C:\WINDOWS\system32\HSFCISP2.dll
2009-04-30 15:08:36 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2009-04-30 15:08:25 ----A---- C:\WINDOWS\system32\usbui.dll
2009-04-30 15:07:19 ----A---- C:\WINDOWS\imsins.BAK
2009-04-30 15:07:16 ----SHD---- C:\WINDOWS\Installer
2009-04-30 15:07:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-30 15:07:15 ----D---- C:\Program Files\Common Files\ODBC
2009-04-30 15:07:15 ----A---- C:\WINDOWS\ODBCINST.INI
2009-04-30 15:07:12 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-04-30 15:07:11 ----RD---- C:\Program Files
2009-04-30 15:07:11 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-30 15:07:11 ----D---- C:\Program Files\Common Files
2009-04-30 15:07:09 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-04-30 15:07:09 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-04-30 15:07:09 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-04-30 15:07:07 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-04-30 15:07:07 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-04-30 15:07:07 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-04-30 15:07:07 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-04-30 15:07:07 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-04-30 15:07:07 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-04-30 15:07:07 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-04-30 15:07:07 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-04-30 15:07:07 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-04-30 15:07:07 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-04-30 15:07:07 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-04-30 15:07:07 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-04-30 15:07:06 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-04-30 15:07:06 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-04-30 15:07:06 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-04-30 15:07:06 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-04-30 15:07:06 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-04-30 15:07:06 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-04-30 15:07:06 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-04-30 15:07:05 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-04-30 15:07:05 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-04-30 15:07:05 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-04-30 15:07:05 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-04-30 15:07:05 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-04-30 15:07:03 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-04-30 15:07:03 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-04-30 15:07:03 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-04-30 15:07:03 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-04-30 15:07:03 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-04-30 15:07:03 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-04-30 15:07:03 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-04-30 15:07:03 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-04-30 15:07:03 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-04-30 15:07:03 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-04-30 15:07:03 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-04-30 15:07:03 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-04-30 15:07:03 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-04-30 15:07:01 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-04-30 15:07:01 ----A---- C:\WINDOWS\system32\irclass.dll
2009-04-30 15:07:01 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-04-30 15:07:01 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-04-30 15:07:01 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-04-30 15:06:59 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-04-30 15:06:59 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-04-30 15:06:59 ----A---- C:\WINDOWS\system32\batt.dll
2009-04-30 15:06:59 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-04-30 15:06:55 ----A---- C:\WINDOWS\system32\storprop.dll
2009-04-30 15:06:48 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-04-30 15:05:07 ----RA---- C:\WINDOWS\SET8.tmp
2009-04-30 15:05:05 ----RA---- C:\WINDOWS\SET4.tmp
2009-04-30 15:05:03 ----RA---- C:\WINDOWS\SET3.tmp
2009-04-30 15:04:59 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-30 15:04:59 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-30 15:04:53 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-30 15:04:31 ----SHD---- C:\System Volume Information
2009-04-30 15:04:31 ----HD---- C:\Documents and Settings
2009-04-30 15:03:35 ----SH---- C:\boot.ini
2009-04-30 15:03:03 ----A---- C:\WINDOWS\bdagent.INI
2009-04-30 14:59:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-30 14:59:40 ----RSD---- C:\WINDOWS\Fonts
2009-04-30 14:59:40 ----RD---- C:\WINDOWS\Web
2009-04-30 14:59:40 ----HD---- C:\WINDOWS\inf
2009-04-30 14:59:40 ----D---- C:\WINDOWS\WinSxS
2009-04-30 14:59:40 ----D---- C:\WINDOWS\twain_32
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\wins
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\wbem
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\usmt
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\spool
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\ShellExt
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\Setup
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\ras
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\oobe
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\npp
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\mui
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\inetsrv
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\IME
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\icsxml
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\ias
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\export
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\drivers
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\dhcp
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\config
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\3com_dmi
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\3076
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\2052
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\1054
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\1042
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\1041
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\1037
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\1033
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\1031
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\1028
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system32\1025
2009-04-30 14:59:40 ----D---- C:\WINDOWS\system
2009-04-30 14:59:40 ----D---- C:\WINDOWS\security
2009-04-30 14:59:40 ----D---- C:\WINDOWS\Resources
2009-04-30 14:59:40 ----D---- C:\WINDOWS\repair
2009-04-30 14:59:40 ----D---- C:\WINDOWS\Provisioning
2009-04-30 14:59:40 ----D---- C:\WINDOWS\PeerNet
2009-04-30 14:59:40 ----D---- C:\WINDOWS\pchealth
2009-04-30 14:59:40 ----D---- C:\WINDOWS\mui
2009-04-30 14:59:40 ----D---- C:\WINDOWS\msapps
2009-04-30 14:59:40 ----D---- C:\WINDOWS\msagent
2009-04-30 14:59:40 ----D---- C:\WINDOWS\Media
2009-04-30 14:59:40 ----D---- C:\WINDOWS\java
2009-04-30 14:59:40 ----D---- C:\WINDOWS\ime
2009-04-30 14:59:40 ----D---- C:\WINDOWS\Help
2009-04-30 14:59:40 ----D---- C:\WINDOWS\ehome
2009-04-30 14:59:40 ----D---- C:\WINDOWS\Driver Cache
2009-04-30 14:59:40 ----D---- C:\WINDOWS\Debug
2009-04-30 14:59:40 ----D---- C:\WINDOWS\Cursors
2009-04-30 14:59:40 ----D---- C:\WINDOWS\Connection Wizard
2009-04-30 14:59:40 ----D---- C:\WINDOWS\Config
2009-04-30 14:59:40 ----D---- C:\WINDOWS\AppPatch
2009-04-30 14:59:40 ----D---- C:\WINDOWS\addins
2009-04-30 14:18:07 ----D---- C:\Program Files\BitDefender
2009-04-30 14:16:29 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803$
2009-04-30 14:15:21 ----D---- C:\Program Files\WinRAR
2009-04-30 14:10:19 ----RA---- C:\WINDOWS\system32\igfxres.dll
2009-04-30 14:09:07 ----RA---- C:\WINDOWS\system32\igxprd32.dll
2009-04-30 14:09:07 ----RA---- C:\WINDOWS\system32\igxpgd32.dll
2009-04-30 14:09:07 ----RA---- C:\WINDOWS\system32\igxpdx32.dll
2009-04-30 14:09:07 ----RA---- C:\WINDOWS\system32\igxpdv32.dll
2009-04-30 14:09:07 ----RA---- C:\WINDOWS\system32\iglicd32.dll
2009-04-30 14:09:07 ----RA---- C:\WINDOWS\system32\igldev32.dll
2009-04-30 14:09:07 ----RA---- C:\WINDOWS\system32\igfxzoom.exe
2009-04-30 14:09:07 ----RA---- C:\WINDOWS\system32\igfxtray.exe
2009-04-30 14:09:07 ----RA---- C:\WINDOWS\system32\igfxsrvc.exe
2009-04-30 14:09:07 ----RA---- C:\WINDOWS\system32\igfxsrvc.dll
2009-04-30 14:09:07 ----RA---- C:\WINDOWS\system32\igfxress.dll
2009-04-30 14:09:07 ----RA---- C:\WINDOWS\system32\igfxpph.dll
2009-04-30 14:09:07 ----RA---- C:\WINDOWS\system32\igfxpers.exe
2009-04-30 14:09:07 ----RA---- C:\WINDOWS\system32\igfxext.exe
2009-04-30 14:09:07 ----RA---- C:\WINDOWS\system32\igfxexps.dll
2009-04-30 14:09:07 ----RA---- C:\WINDOWS\system32\igfxdo.dll
2009-04-30 14:09:07 ----RA---- C:\WINDOWS\system32\igfxdev.dll
2009-04-30 14:09:07 ----RA---- C:\WINDOWS\system32\igfxCoIn_v4820.dll
2009-04-30 14:09:07 ----RA---- C:\WINDOWS\system32\igfxcfg.exe
2009-04-30 14:09:07 ----RA---- C:\WINDOWS\system32\hkcmd.exe
2009-04-30 14:09:07 ----RA---- C:\WINDOWS\system32\hccutils.dll
2009-04-30 14:08:53 ----D---- C:\WINDOWS\system32\Lang
2009-04-30 14:08:52 ----RA---- C:\WINDOWS\system32\igxpun.exe
2009-04-30 14:08:52 ----RA---- C:\WINDOWS\system32\difxapi.dll
2009-04-30 14:08:29 ----D---- C:\WINDOWS\OPTIONS
2009-04-30 14:08:29 ----D---- C:\Program Files\Realtek
2009-04-30 14:08:28 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-30 14:05:48 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-30 14:05:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-30 14:05:46 ----D---- C:\Program Files\Intel
2009-04-30 14:05:28 ----D---- C:\Intel
2009-04-30 14:04:05 ----HD---- C:\Program Files\Uninstall Information
2009-04-30 14:01:29 ----D---- C:\WINDOWS\SoftwareDistribution
2009-04-30 14:01:21 ----D---- C:\WINDOWS\Prefetch
2009-04-30 14:01:20 ----SD---- C:\WINDOWS\system32\Microsoft
2009-04-30 14:01:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-30 13:20:34 ----D---- C:\WINDOWS\system32\xircom
2009-04-30 13:20:34 ----D---- C:\Program Files\xerox
2009-04-30 13:20:34 ----D---- C:\Program Files\microsoft frontpage
2009-04-30 13:20:12 ----A---- C:\WINDOWS\control.ini
2009-04-30 13:20:12 ----A---- C:\AUTOEXEC.BAT
2009-04-30 13:18:48 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-30 13:18:48 ----RD---- C:\WINDOWS\Offline Web Pages
2009-04-30 13:18:48 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-04-30 13:18:41 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-04-30 13:18:35 ----HD---- C:\Program Files\WindowsUpdate
2009-04-30 13:18:17 ----D---- C:\WINDOWS\system32\DirectX
2009-04-30 13:18:02 ----A---- C:\WINDOWS\system32\atrace.dll
2009-04-30 13:18:00 ----A---- C:\WINDOWS\system32\desktop.ini
2009-04-30 13:18:00 ----A---- C:\WINDOWS\desktop.ini
2009-04-30 13:17:55 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-04-30 13:17:54 ----A---- C:\WINDOWS\system32\acctres.dll
2009-04-30 13:17:53 ----D---- C:\Program Files\Common Files\Services
2009-04-30 13:17:52 ----SD---- C:\WINDOWS\Tasks
2009-04-30 13:17:52 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-04-30 13:17:51 ----D---- C:\Program Files\Common Files\MSSoap
2009-04-30 13:17:48 ----D---- C:\WINDOWS\srchasst
2009-04-30 13:17:45 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-04-30 13:17:45 ----A---- C:\WINDOWS\system32\wups.dll
2009-04-30 13:17:45 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-04-30 13:17:45 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-04-30 13:17:45 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-04-30 13:17:45 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-04-30 13:17:44 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-04-30 13:17:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-04-30 13:17:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-04-30 13:17:44 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-04-30 13:17:44 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-04-30 13:17:44 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-04-30 13:17:44 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-04-30 13:17:41 ----D---- C:\Program Files\Movie Maker
2009-04-30 13:17:38 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-04-30 13:17:38 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-04-30 13:17:38 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-04-30 13:17:38 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-04-30 13:17:35 ----D---- C:\WINDOWS\system32\Restore
2009-04-30 13:17:35 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-04-30 13:17:35 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-04-30 13:17:35 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-04-30 13:17:34 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-04-30 13:17:34 ----A---- C:\WINDOWS\system32\srclient.dll
2009-04-30 13:17:34 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-04-30 13:17:34 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-04-30 13:17:34 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-04-30 13:17:34 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-04-30 13:17:34 ----A---- C:\WINDOWS\system32\ils.dll
2009-04-30 13:17:33 ----A---- C:\WINDOWS\system32\msconf.dll
2009-04-30 13:17:31 ----D---- C:\Program Files\NetMeeting
2009-04-30 13:17:31 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-04-30 13:17:31 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-04-30 13:17:31 ----A---- C:\WINDOWS\system32\inetres.dll
2009-04-30 13:17:30 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-04-30 13:17:29 ----D---- C:\Program Files\Outlook Express
2009-04-30 13:17:29 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-04-30 13:17:29 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-04-30 13:17:29 ----A---- C:\WINDOWS\system32\mstask.dll
2009-04-30 13:17:28 ----A---- C:\WINDOWS\system32\isign32.dll
2009-04-30 13:17:28 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-04-30 13:17:28 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-04-30 13:17:28 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-04-30 13:17:24 ----D---- C:\Program Files\Common Files\System
2009-04-30 13:17:23 ----D---- C:\Program Files\Internet Explorer
2009-04-30 13:16:48 ----D---- C:\Program Files\ComPlus Applications
2009-04-30 13:16:46 ----A---- C:\WINDOWS\vbaddin.ini
2009-04-30 13:16:46 ----A---- C:\WINDOWS\vb.ini
2009-04-30 13:16:41 ----D---- C:\WINDOWS\Registration
2009-04-30 13:16:32 ----D---- C:\Program Files\Windows Media Player
2009-04-30 13:16:32 ----D---- C:\Program Files\Online Services
2009-04-30 13:16:26 ----D---- C:\Program Files\Messenger
2009-04-30 13:16:23 ----D---- C:\Program Files\MSN Gaming Zone
2009-04-30 13:16:23 ----A---- C:\WINDOWS\system32\write.exe
2009-04-30 13:16:17 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-04-30 13:16:17 ----A---- C:\WINDOWS\system32\hticons.dll
2009-04-30 13:16:17 ----A---- C:\WINDOWS\system32\avwav.dll
2009-04-30 13:16:16 ----A---- C:\WINDOWS\system32\winchat.exe
2009-04-30 13:16:16 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-04-30 13:16:16 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-04-30 13:16:11 ----A---- C:\WINDOWS\system32\winmine.exe
2009-04-30 13:16:11 ----A---- C:\WINDOWS\system32\sol.exe
2009-04-30 13:16:11 ----A---- C:\WINDOWS\system32\getuname.dll
2009-04-30 13:16:11 ----A---- C:\WINDOWS\system32\charmap.exe
2009-04-30 13:16:11 ----A---- C:\WINDOWS\system32\calc.exe
2009-04-30 13:16:10 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-04-30 13:16:10 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-04-30 13:16:10 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-04-30 13:16:10 ----A---- C:\WINDOWS\system32\tskill.exe
2009-04-30 13:16:10 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-04-30 13:16:10 ----A---- C:\WINDOWS\system32\tscon.exe
2009-04-30 13:16:10 ----A---- C:\WINDOWS\system32\shadow.exe
2009-04-30 13:16:10 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-04-30 13:16:10 ----A---- C:\WINDOWS\system32\reset.exe
2009-04-30 13:16:10 ----A---- C:\WINDOWS\system32\regini.exe
2009-04-30 13:16:10 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-04-30 13:16:10 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-04-30 13:16:10 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-04-30 13:16:10 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-04-30 13:16:10 ----A---- C:\WINDOWS\system32\freecell.exe
2009-04-30 13:16:09 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-04-30 13:16:09 ----A---- C:\WINDOWS\system32\msg.exe
2009-04-30 13:16:09 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-04-30 13:16:09 ----A---- C:\WINDOWS\system32\logoff.exe
2009-04-30 13:16:09 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-04-30 13:16:09 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-04-30 13:16:08 ----A---- C:\WINDOWS\system32\stclient.dll
2009-04-30 13:16:08 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-04-30 13:16:08 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-04-30 13:16:08 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-04-30 13:16:08 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-04-30 13:16:08 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-04-30 13:16:04 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-04-30 13:15:55 ----D---- C:\Program Files\MSN
2009-04-30 13:15:54 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-04-30 13:15:54 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-04-30 13:15:54 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-04-30 13:15:54 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-04-30 13:15:53 ----D---- C:\Program Files\Windows NT
2009-04-30 13:15:53 ----A---- C:\WINDOWS\system32\spider.exe
2009-04-30 13:15:53 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-04-30 13:15:53 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-04-30 13:15:52 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-04-30 13:15:52 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-04-30 13:15:52 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-04-30 13:15:52 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-04-30 13:15:52 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-04-30 13:15:52 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-04-30 13:15:52 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-04-30 13:15:52 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-04-30 13:15:52 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-04-30 13:15:52 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-04-30 13:15:51 ----D---- C:\WINDOWS\system32\MsDtc
2009-04-30 13:15:51 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-04-30 13:15:51 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-04-30 13:15:51 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-04-30 13:15:51 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-04-30 13:15:51 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-04-30 13:15:51 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-04-30 13:15:51 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-04-30 13:15:51 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-04-30 13:15:51 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-04-30 13:15:50 ----D---- C:\WINDOWS\system32\Com
2009-04-30 13:15:50 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-04-30 13:15:50 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-04-30 13:15:50 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-04-30 13:15:50 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-04-30 13:15:50 ----A---- C:\WINDOWS\system32\colbact.dll
2009-04-30 13:15:50 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-04-30 13:15:49 ----A---- C:\WINDOWS\system32\comuid.dll
2009-04-30 13:15:49 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-04-30 13:15:49 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-04-30 13:15:49 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-04-30 13:15:49 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-04-30 13:15:48 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-04-30 13:15:44 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-04-30 13:15:43 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-04-30 13:15:43 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-04-30 13:15:43 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-04-30 10:55:22 ----D---- C:\Current Desktops
2009-03-28 12:45:43 ----D---- C:\My Music
======List of files/folders modified in the last 3 months======
2009-06-11 18:37:44 ----D---- C:\WINDOWS\system32
2009-06-07 00:24:17 ----D---- C:\Downloads
2009-06-06 13:16:14 ----D---- C:\zero777cool
2009-06-05 23:42:00 ----D---- C:\WINDOWS
2009-06-02 13:20:18 ----D---- C:\Nathan Hephzibah
2009-06-01 15:05:35 ----RD---- C:\QPI's Documents
2009-06-01 15:03:09 ----RD---- C:\Simon
2009-06-01 11:00:46 ----D---- C:\Arlene
2009-05-27 01:00:28 ----D---- C:\Dulcie
2009-05-25 13:54:16 ----A---- C:\WINDOWS\system32\xcomm.dll
2009-05-25 09:05:17 ----A---- C:\WINDOWS\system.ini
2009-05-25 01:15:07 ----RD---- C:\Charity-Ann
2009-05-22 20:23:14 ----A---- C:\WINDOWS\win.ini
2009-04-30 13:27:06 ----D---- C:\WINDOWS\system32\Macromed
2009-04-29 13:48:10 ----D---- C:\Fax Received
2009-04-02 16:36:43 ----D---- C:\Games
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2008-06-01 34064]
R2 PGPdisk;PGPdisk; C:\WINDOWS\system32\drivers\PGPdisk.sys [2003-03-24 170560]
R2 PGPsdkDriver;PGPsdkDriver; C:\WINDOWS\System32\Drivers\PGPsdk.sys [2003-03-24 26624]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2009-05-25 86792]
R3 bdfsfltr;bdfsfltr; 730079007300740065006D00330032005C0044005200490056004500520053005C00620064006600730066006C00740072002E007300790073000000 []
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-04-16 5760096]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]
S3 afgrg02u;afgrg02u; C:\WINDOWS\system32\drivers\afgrg02u.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ZERO77~1\LOCALS~1\Temp\catchme.sys []
S3 FXDrv32;FXDrv32; \??\D:\FXDrv32.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 FolderSize;Folder Size; C:\Program Files\FolderSize\FolderSizeSvc.exe [2007-11-14 131072]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-05-25 1179648]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 PGPsdkServ;PGPsdkService; C:\WINDOWS\system32\PGPsdkServ.exe [2003-03-24 77824]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2009-05-25 1261568]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [2009-05-25 86016]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 PEVSystemStart;PEVSystemStart; cmd /k start /i /dC: C:\ComboFix\HIDEC.exe C:\WINDOWS\system32\CF25244.exe /c RD /S/Q \$RECYCLE.bin \RECYCLER \RECYCLED []
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-08 655624]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
-----------------EOF-----------------
zero777cool
2009-06-11, 18:56
info.txt logfile of random's system information tool 1.06 2009-06-11 18:39:49
======Uninstall list======
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee Pro 2.5-->MsiExec.exe /I{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
BitDefender Total Security 2008-->MsiExec.exe /I{DB368901-C41E-4D86-9809-E0EE635A6939}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon CanoScan Toolbox 4.9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\setup.exe" -l0x9 anything
Canon ScanGear Starter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x9 anything
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Copy Handler 1.30 Final-->"C:\Program Files\Copy Handler\unins000.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
Folder Size for Windows-->MsiExec.exe /I{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}
Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe"
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
InfoSlips ForMe. Viewer-->MsiExec.exe /I{766AD6A5-1177-438A-9560-F23BBCEB44C5}
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Manual CanoScan LiDE 60-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B72D50-1C7E-491C-8086-9E060051D316}\setup.exe" -l0x9
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MightyFax-->"C:\Program Files\MightyFax\unins000.exe"
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Nero 7 Premium-->MsiExec.exe /I{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{82427977-8776-4087-90CA-9F65174D3C4D}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng_web.exe
Nokia PC Suite-->MsiExec.exe /I{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}
Nokia Software Updater-->MsiExec.exe /X{EF4F620F-F295-41D7-92C0-6B635709C850}
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
PC Connectivity Solution-->MsiExec.exe /I{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PGP 8.0.2-->C:\PROGRA~1\PGPCOR~1\PGPFOR~1\PGPUNI~1\setup.exe PGP
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\Setup.exe -runfromtemp -l0x0009 -removeonly
SASA 0.17-->"C:\Program Files\SASA ADSL Stats Analyser\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Storm Codec-->C:\Program Files\Ringz Studio\Storm Codec\uninst.exe
Striata Reader-->rundll32.exe C:\WINDOWS\system32\keymail.dll,UninstallDll
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Trim Spaces for Microsoft Excel 1.1-->"C:\Program Files\Add-in Express\AddIns\Trim Spaces for Excel\unins000.exe"
TubeHunter Ultra-->MsiExec.exe /I{3254FD51-9910-48C4-AC9B-AF3691C1544C}
Ultra MP4 Video Converter 4.2.0716-->"C:\Program Files\Ultra MP4 Video Converter\unins000.exe"
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_171C10620CF14FA76859E310DF8C6CF642D81C73\nokbtmdm.inf
Windows Driver Package - Nokia Modem (02/24/2009 4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_5929FEDBB724B17D4BCDD74361BD95262BE1608B\nokia_bluetooth.inf
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
winpcap-nmap 4.02-->"C:\Program Files\WinPcap\uninstall.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
=====HijackThis Backups=====
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) [2009-05-28]
O23 - Service: PEVSystemStart - Unknown owner - cmd /k start /i "/dC:" "C:\ComboFix\HIDEC.exe" "C:\WINDOWS\system32\CF25244.exe" /c RD /S/Q \$RECYCLE.bin \RECYCLER \RECYCLED (file missing) [2009-05-28]
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) [2009-05-29]
O23 - Service: PEVSystemStart - Unknown owner - cmd /k start /i "/dC:" "C:\ComboFix\HIDEC.exe" "C:\WINDOWS\system32\CF25244.exe" /c RD /S/Q \$RECYCLE.bin \RECYCLER \RECYCLED (file missing) [2009-05-29]
O23 - Service: PEVSystemStart - Unknown owner - cmd /k start /i "/dC:" "C:\ComboFix\HIDEC.exe" "C:\WINDOWS\system32\CF25244.exe" /c RD /S/Q \$RECYCLE.bin \RECYCLER \RECYCLED (file missing) [2009-06-09]
======Hosts File======
127.0.0.1 update.bitdefender.com
127.0.0.1 activate.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
======Security center information======
AV: Bitdefender Antivirus
FW: Bitdefender Firewall
======System event log======
Computer Name: QPISAACS
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.
Record Number: 2445
Source Name: Cdrom
Time Written: 20090521173817.000000+120
Event Type: error
User:
Computer Name: QPISAACS
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.
Record Number: 2444
Source Name: Cdrom
Time Written: 20090521173808.000000+120
Event Type: error
User:
Computer Name: QPISAACS
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.
Record Number: 2443
Source Name: Cdrom
Time Written: 20090521173759.000000+120
Event Type: error
User:
Computer Name: QPISAACS
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.
Record Number: 2442
Source Name: Cdrom
Time Written: 20090521173718.000000+120
Event Type: error
User:
Computer Name: QPISAACS
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.
Record Number: 2441
Source Name: Cdrom
Time Written: 20090521173709.000000+120
Event Type: error
User:
=====Application event log=====
Computer Name: QPISAACS
Event Code: 1517
Message: Windows saved user QPISAACS\zero777cool registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 1963
Source Name: Userenv
Time Written: 20090611160209.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: QPISAACS
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Record Number: 1950
Source Name: Userenv
Time Written: 20090611020400.000000+120
Event Type: warning
User: QPISAACS\IsaacsQP
Computer Name: QPISAACS
Event Code: 1517
Message: Windows saved user QPISAACS\IsaacsQP registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 1949
Source Name: Userenv
Time Written: 20090610123826.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: QPISAACS
Event Code: 1517
Message: Windows saved user QPISAACS\zero777cool registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 1936
Source Name: Userenv
Time Written: 20090610004709.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: QPISAACS
Event Code: 1517
Message: Windows saved user QPISAACS\IsaacsQP registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 1886
Source Name: Userenv
Time Written: 20090609023549.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Ringz Studio\Storm Codec\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
-----------------EOF-----------------
zero777cool
2009-06-11, 18:57
Malwarebytes' Anti-Malware 1.37
Database version: 2262
Windows 5.1.2600 Service Pack 2
2009/06/11 06:32:13 PM
mbam-log-2009-06-11 (18-32-13).txt
Scan type: Full Scan (C:\|F:\|)
Objects scanned: 259210
Time elapsed: 1 hour(s), 43 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StormCodec_Helper (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\zero777cool\Apps\Adobe\adobe indesign cs4 6.0 + content pack\adobe cs4 master collection - cracks only\acs4mc- keygen (x-force)\Keygen\ACS4MC-Keygen (X-FORCE).exe (Trojan.Downloader) -> Not selected for removal.
c:\zero777cool\Apps\Adobe\adobe indesign cs4 6.0 + content pack\Keygen\AIDCS4MC-Keygen.exe (Trojan.Agent) -> Not selected for removal.
c:\documents and settings\IsaacsQP\Start Menu\Programs\Startup\ .lnk (Autorun.worm) -> Quarantined and deleted successfully.
C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Hi zero777cool
before we continue , can you explain why you have this kind of "software"
c:\zero777cool\Apps\Adobe\adobe indesign cs4 6.0 + content pack\Keygen\AIDCS4MC-Keygen.exe
We do not support the use of illegal Pirated/Warez/Cracked software. (http://forums.spybot.info/showthread.php?t=288)
Thanks peku006
zero777cool
2009-06-12, 08:58
hi
fair enough. you got me. :) i will remove the "Pirated/Warez/Cracked" software. i don't use it in any case. just uses up unnecessary space. where do we go from here?
Hi zero777cool
a wise choice to remove these "Pirated/Warez/Cracked" software :D:
Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
You will now be presented with a screen similar to the one below:
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply
Thanks peku006
zero777cool
2009-06-13, 00:34
hey. here's the uninstall_list log file you asked for :bigthumb:
---
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
BitDefender Total Security 2008
Bonjour
Canon CanoScan Toolbox 4.9
Canon ScanGear Starter
Copy Handler 1.30 Final
Curse Client
DVD Shrink 3.2
ERUNT 1.1j
FLV Player 2.0 (build 25)
Folder Size for Windows
Free Download Manager 3.0
Google Talk (remove only)
HijackThis 2.0.2
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
InfoSlips ForMe. Viewer
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
Manual CanoScan LiDE 60
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
MightyFax
Mozilla Firefox (3.0.10)
MSVC80_x86
MSXML 6.0 Parser
Nero 7 Premium
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Nokia Software Updater
Orbit Downloader
PC Connectivity Solution
PGP 8.0.2
QuickTime
REALTEK GbE & FE Ethernet PCI NIC Driver
SASA 0.17
Spybot - Search & Destroy
Storm Codec
Striata Reader
Trim Spaces for Microsoft Excel 1.1
TubeHunter Ultra
Ultra MP4 Video Converter 4.2.0716
Unlocker 1.8.7
Update for Windows XP (KB932823-v3)
VLC media player 0.9.6
Winamp
Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)
Windows Driver Package - Nokia Modem (02/24/2009 4.0)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Search 4.0
winpcap-nmap 4.02
WinRAR archiver
Hi zero777cool
1 - Update Java
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason it's extremely important that you keep the program up to date and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 14.
Go to HERE (http://java.sun.com/javase/downloads/index.jsp)
Click on the link named Java Runtime Environment (JRE) 6 Update 14
Click on the radio button to Accept License Agreement
Click on Windows Offline Installation Multi-language and save the downloaded file to your hard disk
Go to Start => Control Panel => Add or Remove Programs
Uninstall all old versions of Java (Java 2 Runtime Environment JRE or JSE)
Reboot your computer
Delete the folder C:\Program Files\Java if present
Install the new version by running the newly-downloaded file and follow the on-screen instructions.
Reboot your computer
2 - Clean temp files
Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner息 by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program
3 - Kaspersky Online Scan
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
5 - Status Check
Please reply with
1. the Kaspersky online scanner report
2. a fresh HijackThis log
description of any problems you are having with your PC
Thanks peku006
zero777cool
2009-06-16, 09:11
hi
sorry for the late reply. can't i scan it with bitdefender? caus i already have an updated bitdefender installed. it's gonna eat up my bandwidth if i download 70MB+ of Kaspersky definitions. i live in a country were internet is rather expensive. i have to watch my bandwidth like a hawk:oops:
zero777cool
2009-06-16, 09:56
hey dude
i sorted it out. found out it was a app called nmindexstoresvr.exe.
"nmindexstoresvr.exe is part of Nero Scout that comes with Nero CD/DVD Burning 7. Nero Scout is a database program that catalogs all of the media files on your computer and that makes this database available to other programs in the Nero 7 product package. This process can be removed to free up system resources." - according to http://www.processlibrary.com/directory/files/nmindexstoresvr
thanx muchly for your help
appreciate it
peace
:rockon:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.