Answers to your tech questions
Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

 
 Closed TopicStart new topic
> 2 explorer.exe on vista, don't love this
helpmeouthere
post Nov 11 2008, 05:35 AM
Post #1


Authentic Member
**

Group: Authentic Member
Posts: 30
Joined: 19-November 07
Member No.: 74,447
Operating System: Windows vista
well i have been infected by many trojans and viruses,my kis7 and spybot didn't work so i made an online scan with kaspersky then with trendmicro,i removed some bagles,trojans,viruses...then i installed avg8 and it has removed other viruses after that i removed avg8,now i can't install any av, and i'm always thinking that i have other viruses especialy when i have seen 2 explorer.exe process's.
this is my hijackthis log:(i have renamed hijackthis.exe to jack_this.exe)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16, on 2008-11-11
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Windows\explorer.exe
C:\Users\MED PROD\Desktop\jack_this.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Ajouter ŕ Kaspersky Anti-Banničre - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download by easyMule - C:\Program Files\easyMule\IE2EM.htm
O8 - Extra context menu item: Download with Rapget - C:\Users\MEDPRO~1\Desktop\RAPGET~1\rapget.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Advanced Software Technologies - C:\Windows\SYSTEM32\astsrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\Windows\system32\\SatSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

--
End of file - 4484 bytes
Go to the top of the page
 
+Quote Post
ken545
post Nov 13 2008, 11:51 AM
Post #2


SuperHelper
Group Icon

Group: Malware Expert
Posts: 7,142
Joined: 3-December 04
From: Darien, Connecticut
Member No.: 19,436
Operating System: Win Xp Home SP3/ Vista Home Premium SP1
Hello helpmeouthere

Welcome to the Whatthetech Malware Removal Forum


C:\Program Files\easyMule <--- This is most likely where you picking up the infections as P2P (File Sharing Programs ) are the latest avenue of attack by malware writers, read this please.

QUOTE
We have noticed that many people seeking help from us are coming with infections contracted from the use of P2P programs.

Because of this, we changed our malware forum's policy on the use of P2P file sharing programs.

  • If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.
  • If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programs, volunteer analysts will refuse their help.


We do not ask you to do this without reason.


P2P (File Sharing ) programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P program is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

This article from InfoWorld illustrates the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/06/...ID-theft_1.html

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.


Uninstall EasyMule via the Add Remove Programs and post a new HJT log please
Go to the top of the page
 
+Quote Post
helpmeouthere
post Nov 13 2008, 02:25 PM
Post #3


Authentic Member
**

Group: Authentic Member
Posts: 30
Joined: 19-November 07
Member No.: 74,447
Operating System: Windows vista
ok ,thanks ! i had deleted it with revo uninstaller...and i have noticed something..its when i open a folder that the second explorer.exe appear and when i close all folders it disappear...hope you can help me now

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23, on 2008-11-13
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\Explorer.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\MED PROD\Desktop\jack_this.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\MED PROD\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Advanced Software Technologies - C:\Windows\SYSTEM32\astsrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\Windows\system32\\SatSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

--
End of file - 5178 bytes
Go to the top of the page
 
+Quote Post
ken545
post Nov 13 2008, 03:04 PM
Post #4


SuperHelper
Group Icon

Group: Malware Expert
Posts: 7,142
Joined: 3-December 04
From: Darien, Connecticut
Member No.: 19,436
Operating System: Win Xp Home SP3/ Vista Home Premium SP1
Hello,

You basically have a clean log, no virus or malware that I can see.


Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank




Lets run Malwarebytes and a virus scanner and if they come up clean I will link you to some windows support forums for your issue as we just do malware removal in this one.


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.<-- Don't forget this
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply along with a New Hijackthis log.






Please run this free online virus scanner from ESET
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic





Post both reports please
Go to the top of the page
 
+Quote Post
helpmeouthere
post Nov 18 2008, 04:18 AM
Post #5


Authentic Member
**

Group: Authentic Member
Posts: 30
Joined: 19-November 07
Member No.: 74,447
Operating System: Windows vista
well...i launched malwarebyte on windows normal mode and it comes clean,but in this mode i couldn't start the online scanner so i made it on safe mode and this is the log from eset scanner:

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3619 (20081117)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=dfbf6c4f17bc3c45970a3117685af0a2
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-11-18 01:53:06
# local_time=2008-11-18 02:53:06 (+0100, Paris, Madrid)
# country="France"
# osver=6.0.6001 NT Service Pack 1
# scanned=1159813
# found=55
# scan_time=12271
C:\Program Files\Image-Line\FL Studio 8\fl_date_trick_by_JJohnny.dll Win32/Agent.OFV trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Image-Line\FL Studio 8\FL_Studio_date_trick.rar Win32/Agent.OFV trojan (deleted) 00000000000000000000000000000000
C:\Program Files\Image-Line\FL Studio 8\FL_Studio_date_trick.rar »RAR »fl_date_trick_by_JJohnny.dll Win32/Agent.OFV trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Program Files\VIR\Vocal Imitation Demo\Crack.exe Win32/Agent.OBH trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Users\MED PROD\Desktop\just using\mail extractor\Craigslist Mail Harvester System Patch.exe Win32/Agent.OBH trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Users\MED PROD\Desktop\just using\mail extractor\CLrSoftMailHarvesterDEMO\Craigslist Mail Harvester System Patch.exe Win32/Agent.OBH trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Craigslist.Mail.Harvester.System.-.CBP.zip Win32/Agent.OBH trojan (deleted) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Craigslist.Mail.Harvester.System.-.CBP.zip »ZIP »Craigslist Mail Harvester System Patch.exe Win32/Agent.OBH trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\FriendBlasterPro.v10.0.7.-.Cracked.by.PutterPlace(2).zip Win32/Agent.OBH trojan (deleted) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\FriendBlasterPro.v10.0.7.-.Cracked.by.PutterPlace(2).zip »ZIP »FriendBlasterPro v10.0.7 Patch.exe Win32/Agent.OBH trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\FriendBlasterPro.v10.0.8.-.Cracked.by.PutterPlace.zip Win32/Agent.OBH trojan (deleted) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\FriendBlasterPro.v10.0.8.-.Cracked.by.PutterPlace.zip »ZIP »FriendBlasterPro v10.0.8 Patch.exe Win32/Agent.OBH trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\FriendBlasterPro.v10.1.0.-.Cracked.by.PutterPlace.zip Win32/Agent.OBH trojan (deleted) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\FriendBlasterPro.v10.1.0.-.Cracked.by.PutterPlace.zip »ZIP »FriendBlasterPro v10.1.0 Patch.exe Win32/Agent.OBH trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v1.1(2).zip multiple infiltrations (deleted) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v1.1(2).zip »ZIP »Client/SubSeven.exe SubSeven.1_1 trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v1.1(2).zip »ZIP »Server/SubSeven v1.1.exe Win32/Subseven.1_1 trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v1.1.zip SubSeven.1_1 trojan (deleted) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v1.1.zip »ZIP »Client/SubSeven.exe SubSeven.1_1 trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.1.5 Legends.zip Win32/SubSeven.215 trojan (deleted) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.1.5 Legends.zip »ZIP »editserver.exe Win32/SubSeven.215 trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.1.5 Legends.zip »ZIP »server.exe Win32/SubSeven.215 trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.1.5 Legends.zip »ZIP »SubSeven.exe Win32/SubSeven.215 trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.2(3).zip multiple infiltrations (deleted) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.2(3).zip »ZIP »cgi/setup.cgi Win32/SubSeven.22 trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.2(3).zip »ZIP »cgi/subseven.cgi Win32/SubSeven.22 trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.2(3).zip »ZIP »plugins/matrix.dll Win32/SubSeven.2_2.Plugin trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.2(3).zip »ZIP »plugins/recmic.dll Win32/SubSeven.22.Plugin trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.2(3).zip »ZIP »plugins/icqpwsteal.dll Win32/SubSeven.2_2.Plugin trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.2(3).zip »ZIP »plugins/s7advanced.dll Win32/SubSeven.2_2.Plugin trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.2(3).zip »ZIP »plugins/s7capture.dll Win32/SubSeven.22.B2 trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.2(3).zip »ZIP »plugins/s7fun1.dll Win32/SubSeven.2_2.Plugin trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.2(3).zip »ZIP »plugins/s7fun2.dll Win32/SubSeven.2_2.Plugin trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.2(3).zip »ZIP »plugins/s7takeover.dll Win32/SubSeven.2_2.Plugin trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.2(3).zip »ZIP »plugins/s7keys.dll Win32/SubSeven.2_2.Plugin trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.2(3).zip »ZIP »plugins/s7moreinfo.dll Win32/SubSeven.2_2.Plugin trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.2(3).zip »ZIP »plugins/s7passwords.dll Win32/SubSeven.2_2.Plugin trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.2(3).zip »ZIP »plugins/s7scanner.dll Win32/SubSeven.2_2.Plugin trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.2(3).zip »ZIP »plugins/s7sniffer.dll Win32/SubSeven.2_2.Plugin trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.2(3).zip »ZIP »EditServer.exe Win32/SubSeven.2_2.A trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.2(3).zip »ZIP »server.exe Win32/SubSeven.2_2.A trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.2(3).zip »ZIP »sin.exe Win32/SubSeven.2_2.A trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\Sub7 v2.2(3).zip »ZIP »sub7.exe Win32/SubSeven.2_2.A trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\BURAU $$$$$\IMAGE LINE 2008\more\more.zip Win32/Agent.OFV trojan (deleted) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\BURAU $$$$$\IMAGE LINE 2008\more\more.zip »ZIP »Tools/FL Studio date trick - You can chance your Date Time for FL Studio/FL_Studio_date_trick.rar Win32/Agent.OFV trojan (error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\BURAU $$$$$\IMAGE LINE 2008\more\more.zip »ZIP »Tools/FL Studio date trick - You can chance your Date Time for FL Studio/FL_Studio_date_trick.rar »RAR »fl_date_trick_by_JJohnny.dll Win32/Agent.OFV trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\BURAU $$$$$\IMAGE LINE 2008\more\Tools\FL Studio date trick - You can chance your Date Time for FL Studio\FL_Studio_date_trick.rar Win32/Agent.OFV trojan (deleted) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\BURAU $$$$$\IMAGE LINE 2008\more\Tools\FL Studio date trick - You can chance your Date Time for FL Studio\FL_Studio_date_trick.rar »RAR »fl_date_trick_by_JJohnny.dll Win32/Agent.OFV trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\BURAU $$$$$\VocalImitation101_ByMechoDownload\Vocal.Imitation.v1.0.1\Crack.exe Win32/Agent.OBH trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\bureau memoire\fbp\FriendBlasterPro v10.0.8 Patch.exe Win32/Agent.OBH trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\FriendBlasterPro.v10.0.7.-.Cracked.by.PutterPlace(2)\FriendBlasterPro v10.0.7 Patch.exe Win32/Agent.OBH trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\serial 2000 up\s2k.7.1.plus.zip Win32/Adware.BHO.AA application (deleted) 00000000000000000000000000000000
C:\Users\MED PROD\Documents\serial 2000 up\s2k.7.1.plus.zip »ZIP »setup.exe Win32/Adware.BHO.AA application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Users\MED PROD\Downloads\Incoming\Adobe Illustrator Cs3 Keygen.rar probably a variant of Win32/Agent trojan (deleted) 00000000000000000000000000000000
C:\Users\MED PROD\Downloads\Incoming\Adobe Illustrator Cs3 Keygen.rar »RAR »readme.bat probably a variant of Win32/Agent trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000



THIS IS THE HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15, on 2008-11-18
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\MED PROD\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\MED PROD\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\MED PROD\Desktop\jack_this.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.turkojan.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\MED PROD\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Unknown owner - C:\Windows\SYSTEM32\astsrv.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 5013 bytes
Go to the top of the page
 
+Quote Post
ken545
post Nov 18 2008, 06:21 AM
Post #6


SuperHelper
Group Icon

Group: Malware Expert
Posts: 7,142
Joined: 3-December 04
From: Darien, Connecticut
Member No.: 19,436
Operating System: Win Xp Home SP3/ Vista Home Premium SP1
Hello,

Nod32 removed some other garbage. There may be more.


Download CCleaner from here to clean temp files from your computer.
  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.


*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!
**Note** Go to Options> Cookies and any you want to keep move them to The Keep window





  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Go to the top of the page
 
+Quote Post
helpmeouthere
post Nov 18 2008, 11:12 AM
Post #7


Authentic Member
**

Group: Authentic Member
Posts: 30
Joined: 19-November 07
Member No.: 74,447
Operating System: Windows vista
RSIT.exe log files

----------------------------------------------------------------------log.txt----------------------------------------------------------------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by MED PROD at 2008-11-18 18:04:51
Microsoft® Windows Vista™ Édition Intégrale Service Pack 1
System drive C: has 45 GB (15%) free of 299 GB
Total RAM: 2046 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06, on 2008-11-18
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\MED PROD\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\MED PROD\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.exe
C:\Users\MED PROD\Desktop\RSIT.exe
C:\Program Files\trend micro\MED PROD.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.turkojan.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\MED PROD\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Unknown owner - C:\Windows\SYSTEM32\astsrv.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 5009 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Maintenance en 1 clic.job
C:\Windows\tasks\RegCure Program Check.job
C:\Windows\tasks\RegCure.job
C:\Windows\tasks\User_Feed_Synchronization-{A75AE6BD-2818-45FE-8BC4-3356699205ED}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-04-19 151552]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"=C:\Program Files\CCleaner\CCleaner.exe [2008-10-23 1336560]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]

C:\Users\MED PROD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Outil de notification Live Search.lnk - C:\Users\MED PROD\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe"="C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2008-11-18 18:04:51 ----D---- C:\rsit
2008-11-17 23:19:24 ----D---- C:\Program Files\EsetOnlineScanner
2008-11-17 21:57:37 ----D---- C:\Program Files\Winamp
2008-11-17 21:53:26 ----D---- C:\Users\MED PROD\AppData\Roaming\Winamp med
2008-11-17 21:53:26 ----D---- C:\Users\MED PROD\AppData\Roaming\Winamp
2008-11-17 21:53:26 ----D---- C:\Program Files\Winamp med
2008-11-16 21:34:12 ----A---- C:\Windows\system32\pngfilt.dll
2008-11-16 21:34:12 ----A---- C:\Windows\system32\mshtmler.dll
2008-11-16 21:34:12 ----A---- C:\Windows\system32\mshtmled.dll
2008-11-16 21:34:12 ----A---- C:\Windows\system32\jsproxy.dll
2008-11-16 21:34:12 ----A---- C:\Windows\system32\ieui.dll
2008-11-16 21:34:12 ----A---- C:\Windows\system32\admparse.dll
2008-11-16 21:34:11 ----A---- C:\Windows\system32\PrivacIE.dll
2008-11-16 21:34:11 ----A---- C:\Windows\system32\msls31.dll
2008-11-16 21:34:11 ----A---- C:\Windows\system32\imgutil.dll
2008-11-16 21:34:11 ----A---- C:\Windows\system32\iernonce.dll
2008-11-16 21:34:11 ----A---- C:\Windows\system32\ieapfltr.dll
2008-11-16 21:34:11 ----A---- C:\Windows\system32\corpol.dll
2008-11-16 21:34:11 ----A---- C:\Windows\system32\advpack.dll
2008-11-16 21:34:10 ----A---- C:\Windows\system32\msrating.dll
2008-11-16 21:34:10 ----A---- C:\Windows\system32\msfeedsbs.dll
2008-11-16 21:34:10 ----A---- C:\Windows\system32\msfeeds.dll
2008-11-16 21:34:10 ----A---- C:\Windows\system32\licmgr10.dll
2008-11-16 21:34:10 ----A---- C:\Windows\system32\inseng.dll
2008-11-16 21:34:10 ----A---- C:\Windows\system32\iesetup.dll
2008-11-16 21:34:09 ----A---- C:\Windows\system32\webcheck.dll
2008-11-16 21:34:09 ----A---- C:\Windows\system32\occache.dll
2008-11-16 21:34:09 ----A---- C:\Windows\system32\mstime.dll
2008-11-16 21:34:09 ----A---- C:\Windows\system32\ieaksie.dll
2008-11-16 21:34:09 ----A---- C:\Windows\system32\ieakeng.dll
2008-11-16 21:34:09 ----A---- C:\Windows\system32\dxtrans.dll
2008-11-16 21:34:09 ----A---- C:\Windows\system32\dxtmsft.dll
2008-11-16 21:34:08 ----A---- C:\Windows\system32\WinFXDocObj.exe
2008-11-16 21:34:08 ----A---- C:\Windows\system32\wextract.exe
2008-11-16 21:34:08 ----A---- C:\Windows\system32\url.dll
2008-11-16 21:34:08 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2008-11-16 21:34:08 ----A---- C:\Windows\system32\SetDepNx.exe
2008-11-16 21:34:08 ----A---- C:\Windows\system32\PDMSetup.exe
2008-11-16 21:34:08 ----A---- C:\Windows\system32\msfeedssync.exe
2008-11-16 21:34:08 ----A---- C:\Windows\system32\ieUnatt.exe
2008-11-16 21:34:08 ----A---- C:\Windows\system32\iedkcs32.dll
2008-11-16 21:34:08 ----A---- C:\Windows\system32\ieakui.dll
2008-11-16 21:34:07 ----A---- C:\Windows\system32\jscript.dll
2008-11-16 21:34:07 ----A---- C:\Windows\system32\iertutil.dll
2008-11-16 21:34:07 ----A---- C:\Windows\system32\ie4uinit.exe
2008-11-16 21:34:06 ----A---- C:\Windows\system32\wininet.dll
2008-11-16 21:34:06 ----A---- C:\Windows\system32\mshta.exe
2008-11-16 21:34:06 ----A---- C:\Windows\system32\iexpress.exe
2008-11-16 21:34:06 ----A---- C:\Windows\system32\iepeers.dll
2008-11-16 21:34:06 ----A---- C:\Windows\system32\icardie.dll
2008-11-16 21:34:05 ----A---- C:\Windows\system32\urlmon.dll
2008-11-16 21:34:04 ----A---- C:\Windows\system32\mshtml.dll
2008-11-16 21:34:04 ----A---- C:\Windows\system32\ieframe.dll
2008-11-16 18:29:39 ----D---- C:\Program Files\Windows Live Safety Center
2008-11-16 09:30:00 ----D---- C:\films
2008-11-16 00:01:17 ----D---- C:\Program Files\WinPcap
2008-11-16 00:00:45 ----D---- C:\Program Files\Nmap
2008-11-15 12:11:00 ----D---- C:\Program Files\vLite
2008-11-12 20:19:49 ----D---- C:\Program Files\AviSynth 2.5
2008-11-12 18:06:52 ----D---- C:\Users\MED PROD\AppData\Roaming\vlc
2008-11-12 18:05:31 ----D---- C:\Users\MED PROD\AppData\Roaming\Red Kawa
2008-11-12 15:55:49 ----D---- C:\Program Files\Microsoft
2008-11-12 15:55:19 ----D---- C:\Program Files\Windows Live
2008-11-12 15:17:08 ----D---- C:\Program Files\Common Files\Windows Live
2008-11-12 12:53:59 ----A---- C:\Windows\system32\msxml3.dll
2008-11-12 12:20:52 ----A---- C:\Windows\system32\msxml6.dll
2008-11-12 10:24:11 ----A---- C:\Windows\system32\cmd.execf
2008-11-12 10:23:58 ----D---- C:\32788R22FWJFW
2008-11-12 09:34:36 ----A---- C:\Windows\system32\gpprefcl.dll
2008-11-11 23:28:18 ----D---- C:\ProgramData\Kaspersky Lab
2008-11-11 23:28:18 ----D---- C:\Program Files\Kaspersky Lab
2008-11-11 18:13:44 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2008-11-11 16:01:46 ----A---- C:\Windows\system32\sfcdetails.txt
2008-11-11 12:41:37 ----D---- C:\Program Files\RegCure
2008-11-11 09:45:29 ----A---- C:\Windows\system32\msvcsv60.dll
2008-11-10 07:06:39 ----D---- C:\Program Files\VS Revo Group
2008-11-10 00:54:31 ----HD---- C:\$AVG8.VAULT$
2008-11-10 00:32:49 ----A---- C:\Windows\system32\avgrsstx.dll
2008-11-10 00:32:35 ----D---- C:\Program Files\AVG
2008-11-09 21:48:13 ----D---- C:\ProgramData\pernov russcov
2008-11-09 12:40:33 ----D---- C:\VundoFix Backups
2008-11-09 12:09:00 ----A---- C:\Windows\VFIND.exe
2008-11-09 12:09:00 ----A---- C:\Windows\SWXCACLS.exe
2008-11-09 12:09:00 ----A---- C:\Windows\SWSC.exe
2008-11-09 12:09:00 ----A---- C:\Windows\SWREG.exe
2008-11-09 12:09:00 ----A---- C:\Windows\sed.exe
2008-11-09 12:09:00 ----A---- C:\Windows\NIRCMD.exe
2008-11-09 12:09:00 ----A---- C:\Windows\grep.exe
2008-11-09 12:09:00 ----A---- C:\Windows\fdsv.exe
2008-11-09 12:08:56 ----D---- C:\cpolod
2008-11-09 12:08:56 ----A---- C:\Windows\system32\swsc.exe
2008-11-09 12:08:56 ----A---- C:\Windows\system32\CF32636.exe
2008-11-09 12:07:40 ----D---- C:\ComboFix
2008-11-09 08:08:31 ----A---- C:\InfoSat.txt
2008-11-09 04:26:00 ----D---- C:\Users\MED PROD\AppData\Roaming\Malwarebytes
2008-11-09 04:20:29 ----D---- C:\Windows\temp
2008-11-09 03:58:01 ----D---- C:\Windows\ERDNT
2008-11-09 03:58:01 ----D---- C:\Qoobox
2008-11-09 03:50:13 ----A---- C:\Windows\gmer.ini
2008-11-09 03:50:06 ----A---- C:\Windows\gmer_uninstall.cmd
2008-11-09 03:50:06 ----A---- C:\Windows\gmer.exe
2008-11-09 03:50:06 ----A---- C:\Windows\gmer.dll
2008-11-09 03:21:14 ----D---- C:\ProgramData\Malwarebytes
2008-11-09 03:21:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-09 03:12:08 ----A---- C:\starvir.txt
2008-11-07 17:04:08 ----D---- C:\Program Files\Trend Micro
2008-11-06 00:48:53 ----D---- C:\Program Files\Flash Website Design
2008-11-05 19:29:15 ----D---- C:\Users\MED PROD\AppData\Roaming\NeroDCTemplates
2008-11-05 19:24:53 ----D---- C:\Users\MED PROD\AppData\Roaming\Nero
2008-11-05 19:10:19 ----D---- C:\ProgramData\LightScribe
2008-11-05 19:04:40 ----A---- C:\Windows\system32\TwnLib4.dll
2008-11-05 19:04:40 ----A---- C:\Windows\system32\imagXRA7.dll
2008-11-05 19:04:40 ----A---- C:\Windows\system32\imagXR7.dll
2008-11-05 19:04:40 ----A---- C:\Windows\system32\imagXpr7.dll
2008-11-05 19:04:39 ----A---- C:\Windows\system32\imagX7.dll
2008-11-05 19:04:37 ----D---- C:\ProgramData\Nero
2008-11-05 19:04:37 ----D---- C:\Program Files\Nero
2008-11-05 19:04:37 ----D---- C:\Program Files\Common Files\Nero
2008-11-04 22:59:35 ----D---- C:\Easy Uploader
2008-11-02 13:38:40 ----D---- C:\AtomPark
2008-10-31 17:29:54 ----D---- C:\Program Files\Mixmaster
2008-10-31 17:28:10 ----D---- C:\Windows\desktop
2008-10-31 17:28:09 ----D---- C:\Program Files\QuickSilver
2008-10-30 01:51:56 ----D---- C:\Program Files\Red Kawa
2008-10-30 00:17:28 ----A---- C:\Windows\system32\ss2uinst.exe
2008-10-29 16:18:27 ----D---- C:\Program Files\Email Sender Deluxe
2008-10-29 09:40:55 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-29 09:40:54 ----A---- C:\Windows\system32\wersvc.dll
2008-10-29 09:40:50 ----A---- C:\Windows\system32\win32spl.dll
2008-10-28 19:55:03 ----A---- C:\Windows\system32\GEARAspi.dll
2008-10-28 19:54:41 ----D---- C:\Program Files\iPod
2008-10-28 19:54:40 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-28 19:54:40 ----D---- C:\Program Files\iTunes
2008-10-28 19:48:52 ----D---- C:\Program Files\QuickTime
2008-10-26 16:08:35 ----D---- C:\Program Files\Ubisoft
2008-10-26 15:33:07 ----D---- C:\Intel
2008-10-26 15:32:54 ----D---- C:\Drivers
2008-10-26 13:31:22 ----D---- C:\Users\MED PROD\AppData\Roaming\Uniblue
2008-10-26 13:31:22 ----D---- C:\ProgramData\DriverScanner
2008-10-26 13:31:22 ----D---- C:\Program Files\Uniblue
2008-10-26 13:24:46 ----HDC---- C:\ProgramData\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-10-26 12:48:01 ----A---- C:\Windows\system32\XAudio2_1.dll
2008-10-26 12:48:01 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2008-10-26 12:48:01 ----A---- C:\Windows\system32\xactengine3_1.dll
2008-10-26 12:48:00 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2008-10-26 12:48:00 ----A---- C:\Windows\system32\d3dx10_38.dll
2008-10-26 12:48:00 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2008-10-26 12:47:59 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-10-26 12:47:59 ----A---- C:\Windows\system32\D3DX9_38.dll
2008-10-26 12:47:58 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-10-26 12:47:58 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-10-26 12:47:58 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-10-26 12:47:57 ----A---- C:\Windows\system32\xactengine2_10.dll
2008-10-26 12:47:57 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-10-26 12:47:57 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-10-26 12:47:56 ----A---- C:\Windows\system32\d3dx10_36.dll
2008-10-26 12:47:56 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2008-10-26 12:47:55 ----A---- C:\Windows\system32\d3dx9_36.dll
2008-10-26 12:47:54 ----A---- C:\Windows\system32\xactengine2_9.dll
2008-10-26 12:47:53 ----A---- C:\Windows\system32\d3dx10_35.dll
2008-10-26 12:47:53 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2008-10-26 12:47:52 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-10-26 12:47:51 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-10-26 12:47:51 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2008-10-26 12:47:50 ----A---- C:\Windows\system32\d3dx10_34.dll
2008-10-26 12:47:50 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2008-10-26 12:47:49 ----A---- C:\Windows\system32\d3dx9_34.dll
2008-10-26 12:47:48 ----A---- C:\Windows\system32\xinput1_3.dll
2008-10-26 12:47:47 ----A---- C:\Windows\system32\xactengine2_7.dll
2008-10-26 12:47:46 ----A---- C:\Windows\system32\d3dx10_33.dll
2008-10-26 12:47:46 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2008-10-26 12:47:45 ----A---- C:\Windows\system32\d3dx9_33.dll
2008-10-26 12:47:44 ----A---- C:\Windows\system32\xactengine2_6.dll
2008-10-26 12:47:43 ----A---- C:\Windows\system32\xactengine2_5.dll
2008-10-26 12:47:43 ----A---- C:\Windows\system32\d3dx10.dll
2008-10-26 12:47:42 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-10-26 12:47:41 ----A---- C:\Windows\system32\xactengine2_4.dll
2008-10-26 12:47:41 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-10-26 12:47:40 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-10-26 12:47:39 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-10-26 12:47:38 ----A---- C:\Windows\system32\xinput1_2.dll
2008-10-26 12:47:38 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-10-26 12:47:37 ----A---- C:\Windows\system32\xinput1_1.dll
2008-10-26 12:47:36 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-10-26 12:47:21 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-10-26 12:47:21 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-10-26 12:47:20 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-10-26 12:47:19 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-10-26 12:47:18 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-10-26 12:47:18 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-10-26 12:47:17 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-10-26 12:47:16 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-10-26 12:47:14 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-10-25 14:33:20 ----SHD---- C:\found.000
2008-10-24 01:31:37 ----A---- C:\Windows\system32\netapi32.dll
2008-10-23 13:34:13 ----D---- C:\Program Files\My-Proxy
2008-10-23 01:35:45 ----A---- C:\Windows\system32\EncDec.dll
2008-10-23 01:35:40 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-21 22:20:42 ----D---- C:\Program Files\MFB-MySpace Friend Bomber
2008-10-19 05:11:27 ----A---- C:\Windows\system32\javaws.exe
2008-10-19 05:11:27 ----A---- C:\Windows\system32\javaw.exe
2008-10-19 05:11:27 ----A---- C:\Windows\system32\java.exe
2008-10-19 05:09:54 ----D---- C:\Program Files\Email-Business
2008-10-19 00:48:30 ----D---- C:\Program Files\Power Email Harvester

======List of files/folders modified in the last 1 months======

2008-11-18 18:05:48 ----D---- C:\Windows\Prefetch
2008-11-18 18:03:54 ----D---- C:\Windows
2008-11-18 15:29:58 ----SHD---- C:\System Volume Information
2008-11-17 23:19:24 ----RD---- C:\Program Files
2008-11-17 23:19:18 ----SD---- C:\Windows\Downloaded Program Files
2008-11-17 23:19:18 ----D---- C:\Windows\System32
2008-11-17 22:17:27 ----D---- C:\Windows\inf
2008-11-17 22:17:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-17 10:53:47 ----D---- C:\Program Files\ASIO4ALL v2
2008-11-17 10:14:53 ----D---- C:\Windows\rescache
2008-11-17 09:55:10 ----D---- C:\Windows\system32\fr-FR
2008-11-17 09:55:04 ----D---- C:\Windows\system32\WDI
2008-11-17 09:55:04 ----D---- C:\Windows\system32\migration
2008-11-17 09:55:04 ----D---- C:\Windows\system32\en-US
2008-11-17 09:55:04 ----D---- C:\Windows\PolicyDefinitions
2008-11-17 09:55:04 ----D---- C:\Program Files\Internet Explorer
2008-11-16 21:36:18 ----D---- C:\Windows\winsxs
2008-11-16 21:36:13 ----D---- C:\Windows\system32\catroot
2008-11-16 21:34:46 ----D---- C:\Windows\system32\catroot2
2008-11-16 21:33:31 ----D---- C:\Windows\SoftwareDistribution
2008-11-16 18:37:51 ----SHD---- C:\Windows\Installer
2008-11-16 00:47:07 ----D---- C:\Users\MED PROD\AppData\Roaming\gtk-2.0
2008-11-16 00:01:19 ----D---- C:\Windows\system32\drivers
2008-11-15 12:26:39 ----D---- C:\ProgramData\WLInstaller
2008-11-15 02:26:15 ----D---- C:\Windows\Tasks
2008-11-13 21:19:39 ----D---- C:\Program Files\Equis
2008-11-13 21:18:31 ----D---- C:\Program Files\Common Files
2008-11-13 16:20:09 ----D---- C:\Program Files\Mozilla Firefox
2008-11-12 17:57:35 ----D---- C:\Program Files\VideoLAN
2008-11-12 15:16:33 ----SD---- C:\ProgramData\Microsoft
2008-11-12 15:16:31 ----SD---- C:\Users\MED PROD\AppData\Roaming\Microsoft
2008-11-12 00:38:49 ----D---- C:\Windows\Debug
2008-11-11 23:29:57 ----D---- C:\Program Files\Mozilla Thunderbird
2008-11-11 23:28:18 ----HD---- C:\ProgramData
2008-11-11 18:15:09 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-11 18:15:08 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-11-11 12:41:43 ----D---- C:\Windows\system32\Tasks
2008-11-11 12:12:38 ----D---- C:\ProgramData\Avg8
2008-11-10 23:05:58 ----D---- C:\Windows\Minidump
2008-11-10 08:40:40 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-10 08:40:40 ----D---- C:\Program Files\IK Multimedia
2008-11-10 08:36:53 ----D---- C:\Program Files\Stardock
2008-11-10 08:29:40 ----D---- C:\Program Files\DSP-worx
2008-11-10 08:16:55 ----D---- C:\Program Files\Steinberg
2008-11-10 08:16:41 ----D---- C:\Program Files\GForce
2008-11-10 08:05:42 ----D---- C:\Program Files\NeoTracePro
2008-11-10 07:54:51 ----D---- C:\Program Files\Logitech
2008-11-10 07:45:04 ----D---- C:\Program Files\Common Files\Colasoft Shared
2008-11-10 07:36:13 ----D---- C:\Program Files\GameHouse
2008-11-10 07:20:53 ----D---- C:\Program Files\WinamaxPoker
2008-11-10 01:07:27 ----D---- C:\Program Files\Proxy Switcher Standard
2008-11-10 00:55:42 ----D---- C:\Program Files\Hi5Robot
2008-11-09 21:43:18 ----D---- C:\Users\MED PROD\AppData\Roaming\DMCache
2008-11-09 21:41:14 ----D---- C:\Program Files\GnuTLS-2.4.1
2008-11-09 21:40:59 ----D---- C:\Program Files\Gmail Account Creator
2008-11-09 21:40:50 ----D---- C:\Users\MED P