thanks for geting back to me
files as requested
Database version: 1102
Windows 6.0.6001 Service Pack 1
15:41:25 01/09/2008
mbam-log-09-01-2008 (15-41-15).txt
Scan type: Full Scan (C:\|D:\|F:\|G:\|M:\|)
Objects scanned: 291183
Time elapsed: 3 hour(s), 26 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8559dfb8-eaba-499a-814c-071a7fd96dfe} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8559dfb8-eaba-499a-814c-071a7fd96dfe} (Trojan.BHO.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\__c00e4024 (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ac487010 (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Users\steve\AppData\Roaming\RegistrySmart (Rogue.RegistrySmart) -> No action taken.
C:\Users\steve\AppData\Roaming\RegistrySmart\Log (Rogue.RegistrySmart) -> No action taken.
C:\Users\steve\AppData\Roaming\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> No action taken.
Files Infected:
C:\Users\steve\AppData\Local\Temp\cbXQGVOG.dll (Trojan.BHO.H) -> No action taken.
C:\Program Files\WinRAR\Unipatch.exe (Trojan.Downloader) -> No action taken.
M:\aaa backup file temp\downloads\bitlord\WinRAR\Unipatch.exe (Trojan.Downloader) -> No action taken.
M:\System Volume Information\_restore{94C89CC3-6C48-4FD4-9473-B379613D5B11}\RP28\A0004275.exe (Trojan.Downloader) -> No action taken.
C:\Users\steve\AppData\Roaming\RegistrySmart\Registry Backups\2008-03-23_12-15-28.reg (Rogue.RegistrySmart) -> No action taken.
info.txt logfile of random's system information tool 2008-09-01 18:38:27
Uninstall list
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A4B49E30-AFA4-4F2E-A294-7D6F043AF2FD}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Advanced Video FX Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x9 /remove
ASUS Wireless Router WL-520GC Utilities-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71ED4CA9-9AC5-48D9-A2AC-B1E4DFA84F62}\Setup.exe" -l0x9
AutoCAD LT 2000-->C:\Windows\uninst.exe -fC:\PROGRA~1\AUTOCA~1\DeIsL1.isu -c"C:\PROGRA~1\AUTOCA~1\unaclt.dll
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Brother MFL-Pro Suite-->"C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -runfromtemp -l0x0009 Brunin03.dll -removeonly
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon PhotoRecord-->MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Combined Community Codec Pack 2008-01-24-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Creative WebCam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove
Creative WebCam Live! Pro/Effects Driver (1.02.05.0506)-->C:\Windows\CtDrvIns.exe -uninstall -script VF0080.uns -unsext NT -plugin V0080Pin.dll -pluginres CtCamPin.crl
DHTML Editing Component-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
e-Record 6-->C:\Informed\EREC2\unwise.exe C:\Informed\EREC2\install.log
Face Tracking Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A4B49E30-AFA4-4F2E-A294-7D6F043AF2FD}\setup.exe" -l0x9 /remove
FileNet Desktop eForms-->MsiExec.exe /I{42CFD768-94A5-4C0D-A49A-88B536BAC551}
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\Windows\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
Get Yahoo! Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x9 /remove
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
IncrediMail Xe-->C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Magic ISO Maker v5.4 (build 0251)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.6.93-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MCE Software Encoder 1.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7655E113-C306-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
MediaShow-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{20110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Movie DVD Creator-->C:\PROGRA~1\MOVIED~1\UNWISE.EXE C:\PROGRA~1\MOVIED~1\INSTALL.LOG
Mozilla Firefox (3.0)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities 4.00-->MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 7 Essentials-->MsiExec.exe /X{81AB1374-098A-43CB-BE57-31CEB5EB1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetAlyzer 0.3-->"C:\Program Files\PepiMK Software\NetAlyzer\unins000.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
PhotoNow! 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
PowerDirector-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Punch! Home Design - AS4000-->C:\PROGRA~1\PUNCH!~1\UNWISE.EXE C:\PROGRA~1\PUNCH!~1\INSTALL.LOG
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Record Keeping Evaluation Tool-->C:\PROGRA~1\RKET\UNWISE.EXE C:\PROGRA~1\RKET\INSTALL.LOG
RegAlyzer-->"C:\Program Files\Safer Networking\RegAlyzer\unins000.exe"
Roxio CinePlayer DVD Decoder for Windows Vista-->MsiExec.exe /I{CD93976F-D5AC-4C70-805A-9D5BB2210D08}
RunAlyzer-->"C:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sony ACID Music Studio 7.0-->MsiExec.exe /X{A74C1699-4BCE-433F-82D6-F11207A0581B}
Sony ACID Pro 6.0-->MsiExec.exe /X{87DABCF7-2C38-4996-8FBE-053CA6536168}
Sony Media Manager 2.2-->MsiExec.exe /X{47AA42FD-0450-4CB4-ADAF-B6E770AA7B2F}
Sony Noise Reduction Plug-In 2.0h-->MsiExec.exe /X{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}
Sony Sound Forge 9.0-->MsiExec.exe /X{CCA51496-49D4-4FBF-9866-A2E2F40FAC7A}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Ulead PhotoImpact 12-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11AFE21E-B193-430D-B57A-DFF7815BB962}\setup.exe" -l0x9
Uniblue SpeedUpMyPC 3-->"C:\Program Files\Uniblue\SpeedUpMyPC 3\unins000.exe"
USB MassStorage CardReader-->C:\Program Files\Kodak\040a_5005\Remove.exe
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast-Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar Feed Detector (Windows Live Toolbar)-->MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Windows Mobile Device Center-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
X10 Hardware(TM)-->C:\Windows\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
Hosts File
127.0.0.1
www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1
www.008k.com
127.0.0.1 008k.com
127.0.0.1
www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1
www.032439.com
127.0.0.1 032439.com
Security center information
AV: avast! antivirus 4.8.1229 [VPS 080831-0]
AS: Spybot - Search and Destroy (disabled)
AS: Windows Defender (disabled)
AS: avast! antivirus 4.8.1229 [VPS 080831-0]
Environment variables
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\AUTODE~1;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"CSILOGLEVEL"=NORMAL
-----------------EOF-----------------
Logfile of random's system information tool (written by random/random)
Run by steve at 2008-09-01 18:37:58
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 120 GB (43%) free of 281 GB
Total RAM: 2046 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38:24, on 01/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\steve\Desktop\RSIT.exe
C:\Program Files\trend micro\steve.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C7C9742-F47C-49DA-BD11-D271AC6E8AA4} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A0D89F32-3E6B-4AD0-9333-B37A087F8421} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\steve\AppData\Local\Temp\Low\HSPERF~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\steve\AppData\Local\Temp\Low\HSPERF~1.SH! (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O21 - SSODL: MsgSetMon - {057F6220-73CB-0A68-60B6-057EF861DF52} - C:\Program Files\ffpmpsc\MsgSetMon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 8920 bytes
Scheduled tasks folder
C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
C:\Windows\tasks\RegCure Program Check.job
C:\Windows\tasks\RegCure.job
C:\Windows\tasks\User_Feed_Synchronization-{A8780329-9CD0-4213-86AF-BF6DA887FCA6}.job
Registry dump
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C7C9742-F47C-49DA-BD11-D271AC6E8AA4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A0D89F32-3E6B-4AD0-9333-B37A087F8421}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-06-28 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-06-28 2403392]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-05-11 4468736]
"toolbar_eula_launcher"=C:\Program Files\GoogleEULA\EULALauncher.exe [2007-02-09 16896]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"LanguageShortcut"=C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe [2007-01-08 52256]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"RemoteControl"=C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe [2007-01-08 68640]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-06-16 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-06-16 8466432]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-06-16 81920]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-20 78008]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
MsgSetMon - {057F6220-73CB-0A68-60B6-057EF861DF52} - C:\Program Files\ffpmpsc\MsgSetMon.dll [2008-09-01 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\Users\steve\AppData\Local\Temp\cbXQGVOG
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
File associations
.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*
List of files/folders created in the last three months
2008-09-01 18:37:58 ----D---- C:\rsit
2008-09-01 18:37:58 ----D---- C:\Program Files\trend micro
2008-09-01 17:16:37 ----D---- C:\Users\steve\AppData\Roaming\CheckPoint
2008-09-01 17:16:04 ----D---- C:\Program Files\CheckPoint
2008-09-01 12:02:30 ----D---- C:\Users\steve\AppData\Roaming\Malwarebytes
2008-09-01 12:02:27 ----D---- C:\ProgramData\Malwarebytes
2008-09-01 12:02:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-01 07:00:44 ----A---- C:\Windows\system32\aswBoot.exe
2008-09-01 06:16:09 ----D---- C:\Program Files\ffpmpsc
2008-08-27 05:20:25 ----A---- C:\Windows\system32\wups2.dll
2008-08-27 05:20:25 ----A---- C:\Windows\system32\wucltux.dll
2008-08-27 05:20:25 ----A---- C:\Windows\system32\wuaueng.dll
2008-08-27 05:20:25 ----A---- C:\Windows\system32\wuauclt.exe
2008-08-27 05:20:04 ----A---- C:\Windows\system32\wups.dll
2008-08-27 05:20:04 ----A---- C:\Windows\system32\wudriver.dll
2008-08-27 05:20:04 ----A---- C:\Windows\system32\wuapi.dll
2008-08-27 05:19:57 ----A---- C:\Windows\system32\wuwebv.dll
2008-08-27 05:19:57 ----A---- C:\Windows\system32\wuapp.exe
2008-08-19 18:19:59 ----D---- C:\Users\steve\AppData\Roaming\Windows Live Writer
2008-08-19 08:23:36 ----D---- C:\ProgramData\onwhkfap
2008-08-17 10:36:23 ----A---- C:\Windows\system32\msshooks.dll
2008-08-17 10:36:22 ----A---- C:\Windows\system32\msscb.dll
2008-08-17 10:36:20 ----A---- C:\Windows\system32\thawbrkr.dll
2008-08-17 10:36:20 ----A---- C:\Windows\system32\srchadmin.dll
2008-08-17 10:36:20 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-08-17 10:36:20 ----A---- C:\Windows\system32\propsys.dll
2008-08-17 10:36:20 ----A---- C:\Windows\system32\propdefs.dll
2008-08-17 10:36:20 ----A---- C:\Windows\system32\msstrc.dll
2008-08-17 10:36:20 ----A---- C:\Windows\system32\mssprxy.dll
2008-08-17 10:36:20 ----A---- C:\Windows\system32\mssitlb.dll
2008-08-17 10:36:20 ----A---- C:\Windows\system32\msshsq.dll
2008-08-17 10:36:20 ----A---- C:\Windows\system32\korwbrkr.dll
2008-08-17 10:36:18 ----A---- C:\Windows\system32\xmlfilter.dll
2008-08-17 10:36:18 ----A---- C:\Windows\system32\wsepno.dll
2008-08-17 10:36:18 ----A---- C:\Windows\system32\rtffilt.dll
2008-08-17 10:36:18 ----A---- C:\Windows\system32\offfilt.dll
2008-08-17 10:36:18 ----A---- C:\Windows\system32\nlhtml.dll
2008-08-17 10:36:18 ----A---- C:\Windows\system32\msscntrs.dll
2008-08-17 10:36:18 ----A---- C:\Windows\system32\mimefilt.dll
2008-08-17 10:36:18 ----A---- C:\Windows\system32\chsbrkr.dll
2008-08-17 10:36:17 ----A---- C:\Windows\system32\tquery.dll
2008-08-17 10:36:17 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-08-17 10:36:17 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-08-17 10:36:17 ----A---- C:\Windows\system32\mssvp.dll
2008-08-17 10:36:17 ----A---- C:\Windows\system32\mssrch.dll
2008-08-17 10:36:17 ----A---- C:\Windows\system32\mssph.dll
2008-08-17 10:36:17 ----A---- C:\Windows\system32\chtbrkr.dll
2008-08-17 10:36:16 ----A---- C:\Windows\system32\mssphtb.dll
2008-08-16 08:21:38 ----D---- C:\Windows\SQL9_KB948109_ENU
2008-08-14 08:11:02 ----D---- C:\Program Files\Microsoft SQL Server
2008-08-13 17:13:21 ----A---- C:\Windows\system32\tzres.dll
2008-08-13 14:35:45 ----D---- C:\ProgramData\Sony
2008-08-13 06:56:12 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-13 06:52:28 ----A---- C:\Windows\system32\es.dll
2008-08-13 06:50:08 ----A---- C:\Windows\system32\mshtml.dll
2008-08-13 06:50:07 ----A---- C:\Windows\system32\ieframe.dll
2008-08-13 06:50:05 ----A---- C:\Windows\system32\wininet.dll
2008-08-13 06:50:05 ----A---- C:\Windows\system32\urlmon.dll
2008-08-13 06:50:04 ----A---- C:\Windows\system32\mstime.dll
2008-08-13 06:50:03 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-13 06:48:13 ----A---- C:\Windows\system32\inetcomm.dll
2008-08-10 13:50:24 ----D---- C:\Program Files\Vstplugins
2008-08-04 18:11:11 ----A---- C:\Windows\system32\MFC71.dll
2008-08-04 18:11:09 ----D---- C:\Program Files\Alwil Software
2008-07-27 12:56:57 ----D---- C:\Users\steve\AppData\Roaming\Help
2008-07-22 07:27:45 ----D---- C:\NVIDIA
2008-07-12 09:39:35 ----A---- C:\Windows\system32\nvexpbar.dll
2008-07-12 09:39:35 ----A---- C:\Windows\system32\nvcpluir.dll
2008-07-12 09:39:35 ----A---- C:\Windows\system32\nvcplui.exe
2008-07-12 08:33:34 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-07-12 08:33:31 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-07-12 08:33:23 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-07-09 07:13:32 ----A---- C:\Windows\system32\rpcrt4.dll
2008-07-09 07:13:31 ----A---- C:\Windows\system32\pacerprf.dll
2008-07-09 07:13:31 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-07-09 07:13:31 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-07-09 07:13:31 ----A---- C:\Windows\system32\emdmgmt.dll
2008-07-09 07:13:26 ----A---- C:\Windows\system32\shell32.dll
2008-07-09 07:12:59 ----A---- C:\Windows\system32\wshext.dll
2008-07-09 07:12:59 ----A---- C:\Windows\system32\vbscript.dll
2008-07-09 07:12:59 ----A---- C:\Windows\system32\jscript.dll
2008-07-09 07:12:58 ----A---- C:\Windows\system32\wscript.exe
2008-07-09 07:12:58 ----A---- C:\Windows\system32\scrrun.dll
2008-07-09 07:12:58 ----A---- C:\Windows\system32\scrobj.dll
2008-07-09 07:12:58 ----A---- C:\Windows\system32\cscript.exe
2008-07-02 17:25:37 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-07-02 17:25:06 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-15 08:08:23 ----A---- C:\Windows\system32\EncDec.dll
2008-06-15 08:08:22 ----A---- C:\Windows\system32\psisdecd.dll
2008-06-11 19:39:11 ----A---- C:\Windows\system32\quartz.dll
2008-06-11 17:09:20 ----D---- C:\Program Files\Mozilla Firefox
List of drivers
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-07-20 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-07-20 78416]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-07-20 42912]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-20 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-20 51280]
R2 RMCAST;RMCAST (Pgm) Protocol Driver; C:\Windows\system32\DRIVERS\RMCAST.sys [2008-05-10 113664]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series; C:\Windows\system32\DRIVERS\athru6.sys [2007-07-05 873472]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\Windows\system32\DRIVERS\fetnd5bv.sys [2007-04-17 42496]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-05-11 1775712]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-02-18 96256]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-06-16 7566944]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
R3 X10Hid;X10 Hid Device; C:\Windows\System32\Drivers\x10hid.sys [2006-11-17 13976]
S3 3xHybrid;Philips SAA713x PCI Card; C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-09 1136600]
S3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrusb.sys [2006-12-22 449536]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 FETNDIS;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 tap0801;Smarthide TAP driver; C:\Windows\system32\DRIVERS\tap0801.sys [2007-10-12 55808]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 V0080Dev;Creative Camera VF0080 Driver; C:\Windows\system32\DRIVERS\V0080Dev.sys [2005-05-06 255230]
S3 winusb;WinUsb Driver; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-19 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\system32\drivers\wmiacpi.sys []
List of services
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-20 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-20 147640]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-16 118784]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-20 272024]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-20 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-24 348344]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-11-17 72704]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-28 138168]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-12-05 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
-----------------EOF-----------------
ps ive read and understood your views on p2p and as such i have deleted bitlord 1.1 prior to running these checks
regards steve