Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan-Spy.Win32.KeyLogger.aa

Started by kjamesgary , Sep 15 2008 08:32 AM

  • Please log in to reply

#1
kjamesgary
Posted 15 September 2008 - 08:32 AM

kjamesgary

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

Every time I open the internet browser a Windows Security Alet pops up. I have Norton 360 and have ran a virus scan and it does not get rid of this scan. Each time it comes up it has a different name. The first was Trojean-Spy.Win32.KeyLogger.aa and then it had Trojan-Downloader.Win32.Agent.Bq. I look through some of the topics for this issue and I ran Malwarebytes Anti-Malware and RSIT. Please help.

I have posted the three logs below:


Malwarebytes' Anti-Malware 1.28
Database version: 1155
Windows 6.0.6001 Service Pack 1

9/15/2008 12:06:12 PM
mbam-log-2008-09-15 (12-05-15).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 165359
Time elapsed: 1 hour(s), 42 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 33
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{1d22e9e4-f771-4b8d-aa68-ba04e8980e07} (Adware.Gamevance) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a851c98a-6136-4b02-9ec7-22aaf33e7b97} (Adware.Gamevance) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{da4b6a86-82e7-4a9e-abb9-3b225bc214a4} (Adware.Gamevance) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7370f91f-6994-4595-9949-601fa2261c8d} (Adware.Gamevance) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7370f91f-6994-4595-9949-601fa2261c8d} (Adware.Gamevance) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamevance (Adware.Gamevance) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hpg2c1numa (Trojan.FakeAlert.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcnj5j0enc2 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Gamevance (Adware.Gamevance) -> No action taken.

Files Infected:
C:\ProgramData\anujchex\anclohsd.exe (Trojan.FakeAlert.H) -> No action taken.
C:\Program Files\Gamevance\ars.cfg (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gamevancelib32.dll (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gvcfglib.dll (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gvhlp.dll (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gvpop.dll (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gvtl.dll (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gvun.exe (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gvutil.dll (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gvwslib.dll (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\icon.ico (Adware.Gamevance) -> No action taken.


RSIT log.txt

Logfile of random's system information tool 1.01 (written by random/random)
Run by the gary family at 2008-09-15 12:22:27
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 205 GB (69%) free of 296 GB
Total RAM: 894 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:29 PM, on 9/15/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\OBD2 TekLink Consumer\TekInit.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\uimnt\bgvanwfw.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\hp\kbd\kbd.exe
C:\Users\the gary family\Desktop\Trojan removal RSIT.exe
C:\Program Files\trend micro\the gary family.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [OBD2_TekLink_Start2.0] "C:\Program Files\OBD2 TekLink Consumer\TekInit.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uimnt] C:\ProgramData\uimnt\bgvanwfw.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.h...osticsVista.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11239 bytes

Scheduled tasks folder

C:\Windows\tasks\User_Feed_Synchronization-{E6C5EE56-03DB-4D3B-99BD-110ADD50E712}.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-09-05 816400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
Ask Search Assistant BHO - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2008-08-04 66912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-04-13 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-12-10 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
Ask Toolbar BHO - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-08-04 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-09-05 816400]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-12-10 2403392]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-06-30 349552]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-08-04 262144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
""=C:\Windows\system32\
"SnapfishMediaDetector"=C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe [2007-03-02 1441792]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"OBD2_TekLink_Start2.0"=C:\Program Files\OBD2 TekLink Consumer\TekInit.exe [2006-10-16 45056]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-02-18 51048]
"osCheck"=C:\Program Files\Norton 360\osCheck.exe [2008-02-26 988512]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-07-06 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-07-06 8466432]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-07-06 81920]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-04-23 228088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-09-10 1253040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2007-03-07 44168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-03-12 1773568]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"uimnt"=C:\ProgramData\uimnt\bgvanwfw.exe [2008-09-12 81920]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

List of files/folders created in the last three months

2008-09-15 12:22:41 ----D---- C:\Program Files\trend micro
2008-09-15 12:22:27 ----D---- C:\rsit
2008-09-15 12:11:31 ----D---- C:\Avenger
2008-09-15 12:11:31 ----A---- C:\avenger.txt
2008-09-15 09:39:37 ----D---- C:\Users\the gary family\AppData\Roaming\Malwarebytes
2008-09-15 09:39:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-14 20:03:01 ----A---- C:\Windows\system32\GEARAspi.dll
2008-09-14 20:02:59 ----DC---- C:\Windows\system32\DRVSTORE
2008-09-14 20:02:28 ----D---- C:\Program Files\iPod
2008-09-14 20:02:26 ----D---- C:\Program Files\iTunes
2008-09-14 20:00:30 ----D---- C:\Program Files\Bonjour
2008-09-14 19:57:03 ----D---- C:\Program Files\QuickTime
2008-09-14 19:55:55 ----SHD---- C:\Config.Msi
2008-09-10 15:47:10 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-10 15:47:08 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-10 15:47:03 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-10 15:46:52 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-10 15:46:51 ----A---- C:\Windows\system32\dataclen.dll
2008-09-10 15:46:51 ----A---- C:\Windows\system32\cdd.dll
2008-08-29 10:18:58 ----A---- C:\Windows\system32\dns-sd.exe
2008-08-29 09:53:50 ----A---- C:\Windows\system32\dnssd.dll
2008-08-22 21:24:53 ----D---- C:\Program Files\Apple Software Update
2008-08-19 06:17:11 ----A---- C:\Windows\system32\wups2.dll
2008-08-19 06:17:11 ----A---- C:\Windows\system32\wuauclt.exe
2008-08-19 06:17:10 ----A---- C:\Windows\system32\wucltux.dll
2008-08-19 06:17:10 ----A---- C:\Windows\system32\wuaueng.dll
2008-08-19 06:16:34 ----A---- C:\Windows\system32\wups.dll
2008-08-19 06:16:33 ----A---- C:\Windows\system32\wudriver.dll
2008-08-19 06:16:33 ----A---- C:\Windows\system32\wuapi.dll
2008-08-19 06:16:12 ----A---- C:\Windows\system32\wuwebv.dll
2008-08-19 06:16:12 ----A---- C:\Windows\system32\wuapp.exe
2008-08-15 05:58:29 ----A---- C:\Windows\system32\msshooks.dll
2008-08-15 05:58:27 ----A---- C:\Windows\system32\msscb.dll
2008-08-15 05:58:20 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-08-15 05:58:20 ----A---- C:\Windows\system32\propdefs.dll
2008-08-15 05:58:20 ----A---- C:\Windows\system32\mssitlb.dll
2008-08-15 05:58:19 ----A---- C:\Windows\system32\propsys.dll
2008-08-15 05:58:19 ----A---- C:\Windows\system32\msstrc.dll
2008-08-15 05:58:19 ----A---- C:\Windows\system32\mssprxy.dll
2008-08-15 05:58:19 ----A---- C:\Windows\system32\msshsq.dll
2008-08-15 05:58:18 ----A---- C:\Windows\system32\thawbrkr.dll
2008-08-15 05:58:18 ----A---- C:\Windows\system32\srchadmin.dll
2008-08-15 05:58:18 ----A---- C:\Windows\system32\korwbrkr.dll
2008-08-15 05:58:14 ----A---- C:\Windows\system32\wsepno.dll
2008-08-15 05:58:14 ----A---- C:\Windows\system32\rtffilt.dll
2008-08-15 05:58:14 ----A---- C:\Windows\system32\mimefilt.dll
2008-08-15 05:58:13 ----A---- C:\Windows\system32\xmlfilter.dll
2008-08-15 05:58:13 ----A---- C:\Windows\system32\offfilt.dll
2008-08-15 05:58:13 ----A---- C:\Windows\system32\nlhtml.dll
2008-08-15 05:58:12 ----A---- C:\Windows\system32\msscntrs.dll
2008-08-15 05:58:12 ----A---- C:\Windows\system32\chsbrkr.dll
2008-08-15 05:58:11 ----A---- C:\Windows\system32\chtbrkr.dll
2008-08-15 05:58:10 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-08-15 05:58:09 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-08-15 05:58:08 ----A---- C:\Windows\system32\tquery.dll
2008-08-15 05:58:07 ----A---- C:\Windows\system32\mssvp.dll
2008-08-15 05:58:07 ----A---- C:\Windows\system32\mssrch.dll
2008-08-15 05:58:06 ----A---- C:\Windows\system32\mssphtb.dll
2008-08-15 05:58:06 ----A---- C:\Windows\system32\mssph.dll
2008-08-13 03:10:06 ----A---- C:\Windows\system32\tzres.dll
2008-08-12 16:08:13 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-12 16:08:07 ----A---- C:\Windows\system32\es.dll
2008-08-12 16:07:57 ----A---- C:\Windows\system32\mshtml.dll
2008-08-12 16:07:56 ----A---- C:\Windows\system32\ieframe.dll
2008-08-12 16:07:55 ----A---- C:\Windows\system32\wininet.dll
2008-08-12 16:07:55 ----A---- C:\Windows\system32\urlmon.dll
2008-08-12 16:07:54 ----A---- C:\Windows\system32\mstime.dll
2008-08-12 16:07:52 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-12 16:07:19 ----A---- C:\Windows\system32\inetcomm.dll
2008-08-08 08:20:24 ----D---- C:\Program Files\Application
2008-08-08 08:20:09 ----D---- C:\Program Files\Hanes T-ShirtMaker Lite
2008-08-08 08:18:42 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-04 21:24:00 ----D---- C:\Program Files\AskSBar
2008-07-24 12:03:31 ----D---- C:\Program Files\Sun
2008-07-24 12:02:20 ----A---- C:\Windows\system32\javaws.exe
2008-07-24 12:02:20 ----A---- C:\Windows\system32\javaw.exe
2008-07-24 12:02:20 ----A---- C:\Windows\system32\java.exe
2008-07-24 11:59:12 ----D---- C:\Program Files\Java
2008-07-24 11:57:22 ----D---- C:\Program Files\Common Files\Java
2008-07-23 06:21:25 ----D---- C:\Program Files\Safari
2008-07-18 13:52:41 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-07-18 13:52:38 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-07-18 13:52:29 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-07-09 02:12:40 ----A---- C:\Windows\system32\rpcrt4.dll
2008-07-09 02:12:39 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-07-09 02:12:39 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-07-09 02:12:38 ----A---- C:\Windows\system32\pacerprf.dll
2008-07-09 02:10:16 ----A---- C:\Windows\system32\shell32.dll
2008-07-09 02:06:05 ----A---- C:\Windows\system32\vbscript.dll
2008-07-09 02:06:04 ----A---- C:\Windows\system32\wshext.dll
2008-07-09 02:06:04 ----A---- C:\Windows\system32\wscript.exe
2008-07-09 02:06:04 ----A---- C:\Windows\system32\jscript.dll
2008-07-09 02:06:04 ----A---- C:\Windows\system32\cscript.exe
2008-07-09 02:06:03 ----A---- C:\Windows\system32\scrrun.dll
2008-07-09 02:06:03 ----A---- C:\Windows\system32\scrobj.dll
2008-06-26 18:52:31 ----D---- C:\Users\the gary family\AppData\Roaming\Research In Motion
2008-06-26 17:19:08 ----ASH---- C:\Users\the gary family\AppData\Roaming\desktop.ini
2008-06-26 17:17:53 ----D---- C:\Program Files\Common Files\PX Storage Engine
2008-06-26 17:17:05 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-06-26 16:53:43 ----D---- C:\Users\the gary family\AppData\Roaming\Blackberry Desktop
2008-06-26 16:52:57 ----D---- C:\Program Files\Common Files\Research In Motion
2008-06-26 16:52:36 ----D---- C:\Program Files\Research In Motion
2008-06-22 09:12:55 ----D---- C:\PerfLogs
2008-06-21 00:39:42 ----A---- C:\Windows\system32\SLsvc.exe
2008-06-21 00:39:42 ----A---- C:\Windows\system32\onex.dll
2008-06-21 00:39:32 ----A---- C:\Windows\system32\PSHED.DLL
2008-06-21 00:39:31 ----A---- C:\Windows\system32\imagesp1.dll
2008-06-21 00:39:29 ----A---- C:\Windows\system32\dfsr.exe
2008-06-21 00:39:28 ----A---- C:\Windows\system32\sstpsvc.dll
2008-06-21 00:39:28 ----A---- C:\Windows\system32\pidgenx.dll
2008-06-21 00:39:27 ----A---- C:\Windows\system32\mstscax.dll
2008-06-21 00:39:26 ----A---- C:\Windows\system32\WsmSvc.dll
2008-06-21 00:39:26 ----A---- C:\Windows\system32\winrscmd.dll
2008-06-21 00:39:25 ----A---- C:\Windows\system32\sysmain.dll
2008-06-21 00:39:25 ----A---- C:\Windows\system32\RMActivate.exe
2008-06-21 00:39:24 ----A---- C:\Windows\system32\VSSVC.exe
2008-06-21 00:39:24 ----A---- C:\Windows\system32\vssapi.dll
2008-06-21 00:39:24 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2008-06-21 00:39:23 ----A---- C:\Windows\system32\secproc.dll
2008-06-21 00:39:23 ----A---- C:\Windows\system32\RMActivate_isv.exe
2008-06-21 00:39:23 ----A---- C:\Windows\system32\iesetup.dll
2008-06-21 00:39:21 ----A---- C:\Windows\system32\secproc_isv.dll
2008-06-21 00:39:20 ----A---- C:\Windows\system32\drmv2clt.dll
2008-06-21 00:39:19 ----A---- C:\Windows\system32\icardres.dll
2008-06-21 00:39:19 ----A---- C:\Windows\system32\icardagt.exe
2008-06-21 00:39:18 ----A---- C:\Windows\system32\xpssvcs.dll
2008-06-21 00:39:18 ----A---- C:\Windows\system32\blackbox.dll
2008-06-21 00:39:17 ----A---- C:\Windows\system32\RacEngn.dll
2008-06-21 00:39:16 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2008-06-21 00:39:16 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2008-06-21 00:39:16 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2008-06-21 00:39:15 ----A---- C:\Windows\system32\spwizimg.dll
2008-06-21 00:39:15 ----A---- C:\Windows\system32\rdpencom.dll
2008-06-21 00:39:15 ----A---- C:\Windows\system32\msxml3.dll
2008-06-21 00:39:15 ----A---- C:\Windows\system32\lpremove.exe
2008-06-21 00:39:15 ----A---- C:\Windows\bfsvc.exe
2008-06-21 00:39:14 ----A---- C:\Windows\system32\ntdll.dll
2008-06-21 00:39:14 ----A---- C:\Windows\system32\msxml6.dll
2008-06-21 00:39:14 ----A---- C:\Windows\system32\msjet40.dll
2008-06-21 00:39:13 ----A---- C:\Windows\system32\qmgr.dll
2008-06-21 00:39:13 ----A---- C:\Windows\system32\lsasrv.dll
2008-06-21 00:39:13 ----A---- C:\Windows\system32\localspl.dll
2008-06-21 00:39:12 ----A---- C:\Windows\system32\IKEEXT.DLL
2008-06-21 00:39:11 ----A---- C:\Windows\system32\wevtsvc.dll
2008-06-21 00:39:11 ----A---- C:\Windows\system32\wcncsvc.dll
2008-06-21 00:39:11 ----A---- C:\Windows\system32\mscoree.dll
2008-06-21 00:39:10 ----A---- C:\Windows\system32\recdisc.exe
2008-06-21 00:39:10 ----A---- C:\Windows\system32\kernel32.dll
2008-06-21 00:39:09 ----A---- C:\Windows\system32\TsWpfWrp.exe
2008-06-21 00:39:07 ----A---- C:\Windows\system32\CompMgmtLauncher.exe
2008-06-21 00:39:06 ----A---- C:\Windows\system32\vds.exe
2008-06-21 00:39:04 ----A---- C:\Windows\system32\wmp.dll
2008-06-21 00:39:02 ----A---- C:\Windows\system32\wcnwiz.dll
2008-06-21 00:39:02 ----A---- C:\Windows\system32\SMBHelperClass.dll
2008-06-21 00:39:02 ----A---- C:\Windows\system32\msvbvm60.dll
2008-06-21 00:39:02 ----A---- C:\Windows\system32\mstsc.exe
2008-06-21 00:39:01 ----A---- C:\Windows\system32\mf.dll
2008-06-21 00:39:00 ----A---- C:\Windows\system32\termsrv.dll
2008-06-21 00:39:00 ----A---- C:\Windows\system32\msdtctm.dll
2008-06-21 00:39:00 ----A---- C:\Windows\system32\kerberos.dll
2008-06-21 00:39:00 ----A---- C:\Windows\system32\IMJP10K.DLL
2008-06-21 00:39:00 ----A---- C:\Windows\system32\advapi32.dll
2008-06-21 00:38:58 ----A---- C:\Windows\system32\MSMPEG2ADEC.DLL
2008-06-21 00:38:58 ----A---- C:\Windows\system32\mmcndmgr.dll
2008-06-21 00:38:58 ----A---- C:\Windows\system32\CertEnroll.dll
2008-06-21 00:38:57 ----A---- C:\Windows\system32\xolehlp.dll
2008-06-21 00:38:57 ----A---- C:\Windows\system32\Query.dll
2008-06-21 00:38:57 ----A---- C:\Windows\system32\ole32.dll
2008-06-21 00:38:57 ----A---- C:\Windows\system32\msdtcprx.dll
2008-06-21 00:38:57 ----A---- C:\Windows\system32\MPSSVC.dll
2008-06-21 00:38:56 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2008-06-21 00:38:56 ----A---- C:\Windows\system32\netlogon.dll
2008-06-21 00:38:55 ----A---- C:\Windows\system32\SSShim.dll
2008-06-21 00:38:55 ----A---- C:\Windows\system32\msvcrt.dll
2008-06-21 00:38:55 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2008-06-21 00:38:54 ----A---- C:\Windows\system32\shlwapi.dll
2008-06-21 00:38:54 ----A---- C:\Windows\system32\schedsvc.dll
2008-06-21 00:38:54 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2008-06-21 00:38:54 ----A---- C:\Windows\system32\nlmgp.dll
2008-06-21 00:38:54 ----A---- C:\Windows\system32\IasMigPlugin.dll
2008-06-21 00:38:54 ----A---- C:\Windows\system32\DfsShlEx.dll
2008-06-21 00:38:53 ----A---- C:\Windows\system32\wer.dll
2008-06-21 00:38:53 ----A---- C:\Windows\system32\user32.dll
2008-06-21 00:38:53 ----A---- C:\Windows\system32\sdclt.exe
2008-06-21 00:38:53 ----A---- C:\Windows\system32\milcore.dll
2008-06-21 00:38:52 ----A---- C:\Windows\system32\WSDApi.dll
2008-06-21 00:38:52 ----A---- C:\Windows\system32\vdsdyn.dll
2008-06-21 00:38:52 ----A---- C:\Windows\system32\QAGENTRT.DLL
2008-06-21 00:38:52 ----A---- C:\Windows\system32\diagperf.dll
2008-06-21 00:38:52 ----A---- C:\Windows\system32\d3d9.dll
2008-06-21 00:38:52 ----A---- C:\Windows\system32\clusapi.dll
2008-06-21 00:38:51 ----A---- C:\Windows\system32\winrsmgr.dll
2008-06-21 00:38:51 ----A---- C:\Windows\system32\mmc.exe
2008-06-21 00:38:50 ----A---- C:\Windows\system32\vdsbas.dll
2008-06-21 00:38:50 ----A---- C:\Windows\system32\swprv.dll
2008-06-21 00:38:50 ----A---- C:\Windows\system32\SLC.dll
2008-06-21 00:38:50 ----A---- C:\Windows\system32\mtxclu.dll
2008-06-21 00:38:49 ----A---- C:\Windows\system32\msi.dll
2008-06-21 00:38:49 ----A---- C:\Windows\system32\comctl32.dll
2008-06-21 00:38:48 ----A---- C:\Windows\system32\MSVidCtl.dll
2008-06-21 00:38:47 ----A---- C:\Windows\system32\XPSSHHDR.dll
2008-06-21 00:38:47 ----A---- C:\Windows\system32\msdtckrm.dll
2008-06-21 00:38:47 ----A---- C:\Windows\system32\gpsvc.dll
2008-06-21 00:38:46 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2008-06-21 00:38:45 ----A---- C:\Windows\system32\samsrv.dll
2008-06-21 00:38:44 ----A---- C:\Windows\system32\sbe.dll
2008-06-21 00:38:43 ----A---- C:\Windows\system32\mfc42u.dll
2008-06-21 00:38:42 ----A---- C:\Windows\system32\wecutil.exe
2008-06-21 00:38:42 ----A---- C:\Windows\system32\esent.dll
2008-06-21 00:38:41 ----A---- C:\Windows\system32\usp10.dll
2008-06-21 00:38:41 ----A---- C:\Windows\system32\sdengin2.dll
2008-06-21 00:38:40 ----A---- C:\Windows\system32\gacinstall.dll
2008-06-21 00:38:40 ----A---- C:\Windows\system32\cmipnpinstall.dll
2008-06-21 00:38:40 ----A---- C:\Windows\system32\cmicryptinstall.dll
2008-06-21 00:38:39 ----A---- C:\Windows\system32\mfc42.dll
2008-06-21 00:38:37 ----A---- C:\Windows\system32\comsvcs.dll
2008-06-21 00:38:36 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2008-06-21 00:38:36 ----A---- C:\Windows\system32\crypt32.dll
2008-06-21 00:38:36 ----A---- C:\Windows\system32\certutil.exe
2008-06-21 00:38:35 ----A---- C:\Windows\system32\mswsock.dll
2008-06-21 00:38:35 ----A---- C:\Windows\explorer.exe
2008-06-21 00:38:34 ----A---- C:\Windows\system32\wmdrmsdk.dll
2008-06-21 00:38:34 ----A---- C:\Windows\system32\setupapi.dll
2008-06-21 00:38:34 ----A---- C:\Windows\system32\oleaut32.dll
2008-06-21 00:38:34 ----A---- C:\Windows\system32\FirewallAPI.dll
2008-06-21 00:38:33 ----A---- C:\Windows\system32\wecsvc.dll
2008-06-21 00:38:33 ----A---- C:\Windows\system32\sqlceqp30.dll
2008-06-21 00:38:33 ----A---- C:\Windows\system32\sdohlp.dll
2008-06-21 00:38:33 ----A---- C:\Windows\system32\msv1_0.dll
2008-06-21 00:38:33 ----A---- C:\Windows\system32\lsm.exe
2008-06-21 00:38:33 ----A---- C:\Windows\system32\bcrypt.dll
2008-06-21 00:38:33 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2008-06-21 00:38:32 ----A---- C:\Windows\system32\thumbcache.dll
2008-06-21 00:38:32 ----A---- C:\Windows\system32\schannel.dll
2008-06-21 00:38:32 ----A---- C:\Windows\system32\p2psvc.dll
2008-06-21 00:38:32 ----A---- C:\Windows\system32\netapi32.dll
2008-06-21 00:38:32 ----A---- C:\Windows\system32\iphlpsvc.dll
2008-06-21 00:38:32 ----A---- C:\Windows\system32\eapp3hst.dll
2008-06-21 00:38:31 ----A---- C:\Windows\system32\wmpmde.dll
2008-06-21 00:38:31 ----A---- C:\Windows\system32\riched20.dll
2008-06-21 00:38:31 ----A---- C:\Windows\system32\mcmde.dll
2008-06-21 00:38:30 ----A---- C:\Windows\system32\WinSAT.exe
2008-06-21 00:38:30 ----A---- C:\Windows\system32\vdsutil.dll
2008-06-21 00:38:30 ----A---- C:\Windows\system32\imapi2fs.dll
2008-06-21 00:38:30 ----A---- C:\Windows\system32\d3d10_1.dll
2008-06-21 00:38:30 ----A---- C:\Windows\system32\autofmt.exe
2008-06-21 00:38:30 ----A---- C:\Windows\system32\autoconv.exe
2008-06-21 00:38:30 ----A---- C:\Windows\system32\autochk.exe
2008-06-21 00:38:30 ----A---- C:\Windows\system32\authfwcfg.dll
2008-06-21 00:38:29 ----A---- C:\Windows\system32\wevtapi.dll
2008-06-21 00:38:29 ----A---- C:\Windows\system32\dmvdsitf.dll
2008-06-21 00:38:29 ----A---- C:\Windows\system32\d3d10_1core.dll
2008-06-21 00:38:29 ----A---- C:\Windows\system32\browseui.dll
2008-06-21 00:38:29 ----A---- C:\Windows\system32\authui.dll
2008-06-21 00:38:28 ----A---- C:\Windows\system32\WSDMon.dll
2008-06-21 00:38:28 ----A---- C:\Windows\system32\mscories.dll
2008-06-21 00:38:28 ----A---- C:\Windows\system32\eapphost.dll
2008-06-21 00:38:28 ----A---- C:\Windows\system32\comuid.dll
2008-06-21 00:38:28 ----A---- C:\Windows\system32\comdlg32.dll
2008-06-21 00:38:26 ----A---- C:\Windows\system32\wevtfwd.dll
2008-06-21 00:38:26 ----A---- C:\Windows\system32\untfs.dll
2008-06-21 00:38:26 ----A---- C:\Windows\system32\uexfat.dll
2008-06-21 00:38:26 ----A---- C:\Windows\system32\rasmans.dll
2008-06-21 00:38:26 ----A---- C:\Windows\system32\iassam.dll
2008-06-21 00:38:26 ----A---- C:\Windows\system32\eappcfg.dll
2008-06-21 00:38:26 ----A---- C:\Windows\system32\DfrgNtfs.exe
2008-06-21 00:38:25 ----A---- C:\Windows\system32\wlansvc.dll
2008-06-21 00:38:25 ----A---- C:\Windows\system32\whealogr.dll
2008-06-21 00:38:25 ----A---- C:\Windows\system32\sqlcese30.dll
2008-06-21 00:38:25 ----A---- C:\Windows\system32\pcaui.dll
2008-06-21 00:38:23 ----A---- C:\Windows\system32\dot3svc.dll
2008-06-21 00:38:22 ----A---- C:\Windows\system32\rdpwsx.dll
2008-06-21 00:38:22 ----A---- C:\Windows\system32\mssha.dll
2008-06-21 00:38:21 ----A---- C:\Windows\system32\zipfldr.dll
2008-06-21 00:38:21 ----A---- C:\Windows\system32\WsmAuto.dll
2008-06-21 00:38:21 ----A---- C:\Windows\system32\winhttp.dll
2008-06-21 00:38:21 ----A---- C:\Windows\system32\msdrm.dll
2008-06-21 00:38:21 ----A---- C:\Windows\system32\evr.dll
2008-06-21 00:38:21 ----A---- C:\Windows\system32\dfrgui.exe
2008-06-21 00:38:20 ----A---- C:\Windows\system32\rpcss.dll
2008-06-21 00:38:20 ----A---- C:\Windows\system32\rasppp.dll
2008-06-21 00:38:20 ----A---- C:\Windows\system32\nlasvc.dll
2008-06-21 00:38:20 ----A---- C:\Windows\system32\ncrypt.dll
2008-06-21 00:38:20 ----A---- C:\Windows\system32\BFE.DLL
2008-06-21 00:38:19 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-06-21 00:38:19 ----A---- C:\Windows\system32\wmdrmdev.dll
2008-06-21 00:38:19 ----A---- C:\Windows\system32\msrepl40.dll
2008-06-21 00:38:19 ----A---- C:\Windows\system32\audiosrv.dll
2008-06-21 00:38:18 ----A---- C:\Windows\system32\WsmWmiPl.dll
2008-06-21 00:38:18 ----A---- C:\Windows\system32\win32spl.dll
2008-06-21 00:38:18 ----A---- C:\Windows\system32\WebClnt.dll
2008-06-21 00:38:18 ----A---- C:\Windows\system32\themecpl.dll
2008-06-21 00:38:18 ----A---- C:\Windows\system32\rastls.dll
2008-06-21 00:38:18 ----A---- C:\Windows\system32\printui.dll
2008-06-21 00:38:18 ----A---- C:\Windows\system32\objsel.dll
2008-06-21 00:38:18 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2008-06-21 00:38:18 ----A---- C:\Windows\system32\ddraw.dll
2008-06-21 00:38:17 ----A---- C:\Windows\system32\QAGENT.DLL
2008-06-21 00:38:17 ----A---- C:\Windows\system32\dbghelp.dll
2008-06-21 00:38:16 ----A---- C:\Windows\system32\w32time.dll
2008-06-21 00:38:16 ----A---- C:\Windows\system32\sqlsrv32.dll
2008-06-21 00:38:16 ----A---- C:\Windows\system32\iasnap.dll
2008-06-21 00:38:14 ----A---- C:\Windows\system32\wmdrmnet.dll
2008-06-21 00:38:14 ----A---- C:\Windows\system32\PresentationHost.exe
2008-06-21 00:38:14 ----A---- C:\Windows\system32\ncryptui.dll
2008-06-21 00:38:14 ----A---- C:\Windows\system32\icm32.dll
2008-06-21 00:38:14 ----A---- C:\Windows\system32\azroles.dll
2008-06-21 00:38:13 ----A---- C:\Windows\system32\WerFaultSecure.exe
2008-06-21 00:38:13 ----A---- C:\Windows\system32\spoolss.dll
2008-06-21 00:38:13 ----A---- C:\Windows\system32\iprtrmgr.dll
2008-06-21 00:38:13 ----A---- C:\Windows\system32\infocardapi.dll
2008-06-21 00:38:12 ----A---- C:\Windows\system32\msctf.dll
2008-06-21 00:38:12 ----A---- C:\Windows\system32\basecsp.dll
2008-06-21 00:38:11 ----A---- C:\Windows\system32\wlangpui.dll
2008-06-21 00:38:11 ----A---- C:\Windows\system32\winsrv.dll
2008-06-21 00:38:11 ----A---- C:\Windows\system32\taskschd.dll
2008-06-21 00:38:11 ----A---- C:\Windows\system32\mstlsapi.dll
2008-06-21 00:38:11 ----A---- C:\Windows\system32\bcdedit.exe
2008-06-21 00:38:10 ----A---- C:\Windows\system32\winsta.dll
2008-06-21 00:38:10 ----A---- C:\Windows\system32\scksp.dll
2008-06-21 00:38:10 ----A---- C:\Windows\system32\netprofm.dll
2008-06-21 00:38:10 ----A---- C:\Windows\system32\AudioEng.dll
2008-06-21 00:38:09 ----A---- C:\Windows\system32\rsaenh.dll
2008-06-21 00:38:09 ----A---- C:\Windows\system32\netcfgx.dll
2008-06-21 00:38:09 ----A---- C:\Windows\system32\dbgeng.dll
2008-06-21 00:38:07 ----A---- C:\Windows\system32\winlogon.exe
2008-06-21 00:38:07 ----A---- C:\Windows\system32\wercon.exe
2008-06-21 00:38:07 ----A---- C:\Windows\system32\taskcomp.dll
2008-06-21 00:38:07 ----A---- C:\Windows\system32\lpksetup.exe
2008-06-21 00:38:07 ----A---- C:\Windows\system32\cdosys.dll
2008-06-21 00:38:06 ----A---- C:\Windows\system32\wlansec.dll
2008-06-21 00:38:06 ----A---- C:\Windows\system32\sqmapi.dll
2008-06-21 00:38:06 ----A---- C:\Windows\system32\msdtcuiu.dll
2008-06-21 00:38:06 ----A---- C:\Windows\system32\dfshim.dll
2008-06-21 00:38:06 ----A---- C:\Windows\system32\apds.dll
2008-06-21 00:38:05 ----A---- C:\Windows\system32\mprddm.dll
2008-06-21 00:38:05 ----A---- C:\Windows\system32\certcli.dll
2008-06-21 00:38:04 ----A---- C:\Windows\system32\tsgqec.dll
2008-06-21 00:38:04 ----A---- C:\Windows\system32\shdocvw.dll
2008-06-21 00:38:04 ----A---- C:\Windows\system32\iasrad.dll
2008-06-21 00:38:04 ----A---- C:\Windows\system32\eapsvc.dll
2008-06-21 00:38:04 ----A---- C:\Windows\system32\AUDIOKSE.dll
2008-06-21 00:38:04 ----A---- C:\Windows\system32\aaclient.dll
2008-06-21 00:38:03 ----A---- C:\Windows\system32\Wldap32.dll
2008-06-21 00:38:03 ----A---- C:\Windows\system32\uDWM.dll
2008-06-21 00:38:03 ----A---- C:\Windows\system32\dnsapi.dll
2008-06-21 00:38:03 ----A---- C:\Windows\system32\certmgr.dll
2008-06-21 00:38:03 ----A---- C:\Windows\system32\bcdsrv.dll
2008-06-21 00:38:02 ----A---- C:\Windows\system32\msidcrl30.dll
2008-06-21 00:38:00 ----A---- C:\Windows\system32\WMVDECOD.DLL
2008-06-21 00:38:00 ----A---- C:\Windows\system32\umpnpmgr.dll
2008-06-21 00:37:59 ----A---- C:\Windows\system32\pla.dll
2008-06-21 00:37:59 ----A---- C:\Windows\system32\dxgi.dll
2008-06-21 00:37:58 ----A---- C:\Windows\system32\netshell.dll
2008-06-21 00:37:58 ----A---- C:\Windows\system32\dot3gpui.dll
2008-06-21 00:37:57 ----A---- C:\Windows\system32\wmicmiplugin.dll
2008-06-21 00:37:56 ----A---- C:\Windows\system32\ntprint.dll
2008-06-21 00:37:56 ----A---- C:\Windows\system32\comsnap.dll
2008-06-21 00:37:55 ----A---- C:\Windows\system32\shsvcs.dll
2008-06-21 00:37:55 ----A---- C:\Windows\system32\MMDevAPI.dll
2008-06-21 00:37:55 ----A---- C:\Windows\system32\cryptnet.dll
2008-06-21 00:37:54 ----A---- C:\Windows\system32\winmm.dll
2008-06-21 00:37:54 ----A---- C:\Windows\system32\NlsData0009.dll
2008-06-21 00:37:53 ----A---- C:\Windows\system32\wscsvc.dll
2008-06-21 00:37:53 ----A---- C:\Windows\system32\synceng.dll
2008-06-21 00:37:53 ----A---- C:\Windows\system32\services.exe
2008-06-21 00:37:52 ----A---- C:\Windows\system32\wscisvif.dll
2008-06-21 00:37:52 ----A---- C:\Windows\system32\pnidui.dll
2008-06-21 00:37:52 ----A---- C:\Windows\system32\msconfig.exe
2008-06-21 00:37:52 ----A---- C:\Windows\system32\cmifw.dll
2008-06-21 00:37:51 ----A---- C:\Windows\system32\WMVSDECD.DLL
2008-06-21 00:37:51 ----A---- C:\Windows\system32\taskeng.exe
2008-06-21 00:37:51 ----A---- C:\Windows\system32\msjtes40.dll
2008-06-21 00:37:51 ----A---- C:\Windows\system32\iassdo.dll
2008-06-21 00:37:51 ----A---- C:\Windows\system32\cipher.exe
2008-06-21 00:37:50 ----A---- C:\Windows\system32\wersvc.dll
2008-06-21 00:37:50 ----A---- C:\Windows\system32\uxtheme.dll
2008-06-21 00:37:50 ----A---- C:\Windows\system32\tdh.dll
2008-06-21 00:37:50 ----A---- C:\Windows\system32\rasapi32.dll
2008-06-21 00:37:50 ----A---- C:\Windows\system32\imapi2.dll
2008-06-21 00:37:50 ----A---- C:\Windows\system32\dmdskmgr.dll
2008-06-21 00:37:49 ----A---- C:\Windows\system32\SessEnv.dll
2008-06-21 00:37:49 ----A---- C:\Windows\system32\dot3api.dll
2008-06-21 00:37:49 ----A---- C:\Windows\system32\cmd.exe
2008-06-21 00:37:49 ----A---- C:\Windows\system32\cbsra.exe
2008-06-21 00:37:48 ----A---- C:\Windows\system32\wkssvc.dll
2008-06-21 00:37:48 ----A---- C:\Windows\system32\wevtutil.exe
2008-06-21 00:37:48 ----A---- C:\Windows\system32\srvsvc.dll
2008-06-21 00:37:48 ----A---- C:\Windows\system32\qdvd.dll
2008-06-21 00:37:48 ----A---- C:\Windows\system32\msscp.dll
2008-06-21 00:37:48 ----A---- C:\Windows\system32\AuthFWSnapin.dll
2008-06-21 00:37:47 ----A---- C:\Windows\system32\WUDFx.dll
2008-06-21 00:37:47 ----A---- C:\Windows\system32\wlanmsm.dll
2008-06-21 00:37:47 ----A---- C:\Windows\system32\wlancfg.dll
2008-06-21 00:37:47 ----A---- C:\Windows\system32\mshtmled.dll
2008-06-21 00:37:47 ----A---- C:\Windows\system32\msdtcVSp1res.dll
2008-06-21 00:37:47 ----A---- C:\Windows\system32\localsec.dll
2008-06-21 00:37:47 ----A---- C:\Windows\system32\loadperf.dll
2008-06-21 00:37:47 ----A---- C:\Windows\system32\diskpart.exe
2008-06-21 00:37:47 ----A---- C:\Windows\system32\comres.dll
2008-06-21 00:37:46 ----A---- C:\Windows\system32\rpchttp.dll
2008-06-21 00:37:46 ----A---- C:\Windows\system32\rdpdd.dll
2008-06-21 00:37:46 ----A---- C:\Windows\system32\fontext.dll
2008-06-21 00:37:45 ----A---- C:\Windows\system32\wlanapi.dll
2008-06-21 00:37:45 ----A---- C:\Windows\system32\hnetcfg.dll
2008-06-21 00:37:44 ----A---- C:\Windows\system32\wsqmcons.exe
2008-06-21 00:37:44 ----A---- C:\Windows\

Edited by kjamesgary, 15 September 2008 - 11:30 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP