Malware Virus/Trojan Blocks IE Images! (HELP)

**eslfish** · #1 2nd Jan 2009, 09:45

Hello all.

Yesterday I got a malware virus (heh I was torrenting something)

Turns out it was a bad torrent. I scanned my PC with a Malware scanner I had on my PC, I did 2 scans and all the Malware viruse's were off. Then, I scanned 2 times on Spy Bot S&D and I found some other trojans that this virus had. I fixed those Viruse's as well. Now, any time I go on to Internet explorer, every image (besides links) won't show up! they are all some how being blocked. The Malware/Trojans are all of my pc. I am doing a Vista Update right now because my friend said the update might bring back the Images. Does anyone know how I can get my images back on IE? Also I use Xfire (a gaming messenger) and they have advertisements that are in the app that you can view. They are blocked as well! How do I get my images un-blocked?
HERES A PICTURE OF IE WITH BLOCKED IMAGES!

thanks,

Evan

**evilfantasy** · #2 2nd Jan 2009, 10:12

Let's have a look at a few logs.

Download random's system information tool (RSIT) by random/random from and save it to your Desktop.

Double click on RSIT.exe to run.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open.
log.txt <will be maximized and info.txt <will be minimized
Please post the contents of both logs in the next reply.

**eslfish** · #3 2nd Jan 2009, 10:23

LOG:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-01-02 12:19:13
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 124 GB (26%) free of 477 GB
Total RAM: 4094 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:15 PM, on 1/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\AIM6\aim6.exe
C:\Program Files (x86)\AIM6\aolsoftware.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Users\Administrator\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SurfLite Toolbar - {6226BA26-C017-4007-928C-DE9715C6FA68} - C:\Program Files (x86)\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files (x86)\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O9 - Extra button: SurfLite Toolbar - {6226BA26-C017-4007-928C-DE9715C6FA68} - C:\Program Files (x86)\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll
O9 - Extra 'Tools' menuitem: SurfLite Toolbar - {6226BA26-C017-4007-928C-DE9715C6FA68} - C:\Program Files (x86)\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\SysWow64\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: mss.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer3\TeamViewer_Service.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7541 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{F863BFED-AF14-45A8-9C67-00B56C08BB75}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]
{6226BA26-C017-4007-928C-DE9715C6FA68} - SurfLite Toolbar - C:\Program Files (x86)\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll [2008-06-07 2404352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1555968]
"Steam"=c:\program files (x86)\steam\steam.exe [2008-12-04 1410296]
"RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616]
"ccleaner"=C:\Program Files (x86)\CCleaner\CCleaner.exe [2008-12-01 1406192]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2008-11-18 21633320]
"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

C:\Users\Administrator\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Startup
Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="mss.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"ConsentPromptBehaviorUser"=0
"EnableInstallerDetection"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=177
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5acf479c-c2b7-11dd-935a-0023543180b1}]
shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{92a923e5-c7bc-11dd-8187-0023543180b1}]
shell\AutoRun\command - F:\setupSNK.exe

======List of files/folders created in the last 1 months======

2009-01-02 12:19:14 ----D---- C:\Program Files (x86)\trend micro
2009-01-02 12:19:13 ----D---- C:\rsit
2009-01-02 10:34:37 ----D---- C:\Users\Administrator\AppData\Roaming\Xfire
2009-01-02 10:34:37 ----D---- C:\ProgramData\Xfire
2009-01-02 10:34:36 ----D---- C:\Program Files (x86)\Xfire
2009-01-02 10:17:28 ----A---- C:\Windows\wininit.ini
2009-01-01 15:59:18 ----D---- C:\Users\Administrator\AppData\Roaming\Malwarebyte s
2009-01-01 15:59:13 ----D---- C:\ProgramData\Malwarebytes
2009-01-01 15:48:24 ----D---- C:\Program Files (x86)\IESurfBar
2008-12-30 10:05:34 ----D---- C:\temp
2008-12-29 18:43:44 ----A---- C:\Windows\QSync.INI
2008-12-29 18:43:42 ----D---- C:\Program Files (x86)\directx
2008-12-29 18:40:56 ----D---- C:\Program Files (x86)\Common Files\Logitech
2008-12-29 18:39:28 ----A---- C:\Windows\system32\MimicICM.dll
2008-12-29 18:39:28 ----A---- C:\Windows\system32\CIMVIEW.dll
2008-12-29 18:39:28 ----A---- C:\Windows\system32\CIMSVRps.dll
2008-12-29 18:39:28 ----A---- C:\Windows\system32\CIMSVR.exe
2008-12-29 18:39:21 ----D---- C:\Users\Administrator\AppData\Roaming\FotoWire
2008-12-29 18:39:19 ----D---- C:\Program Files (x86)\Common Files\FotoWire
2008-12-29 18:39:14 ----D---- C:\My Music
2008-12-29 18:39:09 ----A---- C:\Windows\system32\rmoc3260.dll
2008-12-29 18:39:06 ----D---- C:\Program Files (x86)\Real
2008-12-29 18:39:06 ----D---- C:\Program Files (x86)\Common Files\Real
2008-12-29 18:39:06 ----A---- C:\Windows\system32\pndx5032.dll
2008-12-29 18:39:06 ----A---- C:\Windows\system32\pndx5016.dll
2008-12-29 18:39:06 ----A---- C:\Windows\system32\pncrt.dll
2008-12-29 18:38:43 ----D---- C:\Program Files (x86)\Windows Media Components
2008-12-29 18:36:44 ----R---- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
2008-12-29 18:36:38 ----D---- C:\Program Files (x86)\Logitech
2008-12-27 13:09:59 ----D---- C:\Program Files (x86)\TeamViewer
2008-12-26 22:27:39 ----D---- C:\Program Files (x86)\PowerISO
2008-12-26 11:32:21 ----A---- C:\Windows\game.ini
2008-12-26 11:10:34 ----D---- C:\Program Files (x86)\Activision
2008-12-23 20:11:57 ----D---- C:\Program Files (x86)\Hamachi
2008-12-23 17:41:04 ----A---- C:\Windows\system32\gdiplus.dll
2008-12-23 17:28:40 ----D---- C:\Program Files (x86)\Rockstar Games
2008-12-23 17:26:40 ----D---- C:\Windows\system32\xlive
2008-12-23 17:26:39 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2008-12-23 12:36:14 ----D---- C:\Users\Administrator\AppData\Roaming\Hamachi
2008-12-22 10:34:14 ----D---- C:\ProgramData\Codemasters
2008-12-22 10:30:20 ----RA---- C:\Windows\system32\tmpA1FB.tmp
2008-12-22 10:30:20 ----D---- C:\Program Files (x86)\OpenAL
2008-12-22 10:00:05 ----RA---- C:\Windows\system32\tmpA1DB.tmp
2008-12-21 16:49:49 ----D---- C:\Users\Administrator\AppData\Roaming\dyyno-vlc
2008-12-21 16:48:44 ----D---- C:\Program Files (x86)\Dyyno
2008-12-21 09:21:22 ----D---- C:\Program Files (x86)\Common Files\Apple
2008-12-21 09:21:17 ----D---- C:\ProgramData\Apple Computer
2008-12-21 09:21:17 ----D---- C:\Program Files (x86)\QuickTime
2008-12-21 09:20:27 ----D---- C:\Program Files (x86)\Apple Software Update
2008-12-21 09:20:26 ----D---- C:\ProgramData\Apple
2008-12-18 15:33:15 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-12-18 15:33:13 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-12-18 15:16:25 ----D---- C:\Program Files (x86)\id Software
2008-12-17 16:21:14 ----D---- C:\Windows\system32\spool
2008-12-17 16:18:30 ----D---- C:\Program Files (x86)\Common Files\Adobe
2008-12-17 15:26:35 ----A---- C:\Windows\system32\mshtml.dll
2008-12-16 17:59:59 ----D---- C:\Users\Administrator\AppData\Roaming\Leadertech
2008-12-16 17:41:31 ----D---- C:\ProgramData\Buena Vista Games
2008-12-16 17:41:23 ----D---- C:\Program Files (x86)\Buena Vista Games
2008-12-15 17:05:30 ----HT---- C:\Windows\system32\4c5d764.dll
2008-12-15 16:42:19 ----D---- C:\Fraps
2008-12-15 16:42:19 ----AD---- C:\ProgramData\TEMP
2008-12-15 16:17:37 ----D---- C:\Program Files (x86)\Game Cam V2
2008-12-15 16:12:39 ----HT---- C:\Windows\system32\ec3c3ce.dll
2008-12-15 16:12:39 ----HT---- C:\Windows\system32\145f887.dll
2008-12-15 16:12:39 ----HT---- C:\Windows\system32\141d2450.dll
2008-12-15 16:12:39 ----HT---- C:\Windows\system32\108cf1bf.dll
2008-12-13 17:57:46 ----D---- C:\Windows\.jagex_cache_32
2008-12-13 14:03:42 ----D---- C:\ProgramData\Yahoo! Companion
2008-12-13 09:41:39 ----D---- C:\ProgramData\NexonUS
2008-12-13 09:41:39 ----D---- C:\Nexon
2008-12-13 08:44:12 ----D---- C:\Windows\PCHEALTH
2008-12-13 08:41:30 ----SHDC---- C:\Program Files (x86)\Common Files\WindowsLiveInstaller
2008-12-13 08:41:21 ----D---- C:\Program Files (x86)\Windows Live
2008-12-13 08:40:59 ----D---- C:\ProgramData\WLInstaller
2008-12-12 21:28:23 ----A---- C:\Windows\GunzLauncher.INI
2008-12-12 21:12:30 ----D---- C:\ijji
2008-12-12 21:12:29 ----HD---- C:\Users\Administrator\AppData\Roaming\ijjigame
2008-12-12 21:11:49 ----D---- C:\ProgramData\IJJIGame
2008-12-12 18:24:19 ----D---- C:\Users\Administrator\AppData\Roaming\skypePM
2008-12-12 18:23:55 ----D---- C:\Users\Administrator\AppData\Roaming\Skype
2008-12-12 18:23:26 ----D---- C:\Program Files (x86)\Skype
2008-12-12 18:23:26 ----D---- C:\Program Files (x86)\Common Files\Skype
2008-12-12 18:23:20 ----D---- C:\ProgramData\Skype
2008-12-12 03:01:53 ----A---- C:\Windows\system32\tzres.dll
2008-12-11 20:59:36 ----D---- C:\Program Files (x86)\Yahoo!
2008-12-11 20:52:50 ----D---- C:\Program Files (x86)\Defraggler
2008-12-11 19:54:02 ----D---- C:\DVDVideoSoft
2008-12-11 19:53:55 ----D---- C:\Program Files (x86)\DVDVideoSoft
2008-12-11 19:53:55 ----D---- C:\Program Files (x86)\Common Files\DVDVideoSoft
2008-12-11 19:52:34 ----D---- C:\ProgramData\AVS4YOU
2008-12-11 19:52:33 ----D---- C:\Users\Administrator\AppData\Roaming\AVS4YOU
2008-12-11 19:52:25 ----D---- C:\Program Files (x86)\Common Files\AVSMedia
2008-12-11 19:52:25 ----D---- C:\Program Files (x86)\AVS4YOU
2008-12-11 19:52:25 ----A---- C:\Windows\system32\msxml3a.dll
2008-12-11 19:52:25 ----A---- C:\Windows\system32\cc3270mt.dll
2008-12-11 19:39:48 ----D---- C:\Users\Administrator\AppData\Roaming\FrostWire
2008-12-11 19:39:26 ----D---- C:\Program Files (x86)\FrostWire
2008-12-11 16:47:45 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-11 16:47:44 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-11 16:47:38 ----A---- C:\Windows\system32\gdi32.dll
2008-12-11 16:47:33 ----N---- C:\Windows\system32\shdocvw.exe
2008-12-11 16:47:33 ----A---- C:\Windows\system32\explorer.exe
2008-12-11 16:47:33 ----A---- C:\Windows\explorer.exe
2008-12-11 16:47:27 ----A---- C:\Windows\system32\mf.dll
2008-12-11 16:47:25 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-11 16:47:24 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-11 16:47:24 ----A---- C:\Windows\system32\logagent.exe
2008-12-11 16:47:12 ----A---- C:\Windows\system32\shell32.dll
2008-12-11 16:46:54 ----A---- C:\Windows\system32\urlmon.dll
2008-12-11 16:46:54 ----A---- C:\Windows\system32\ieframe.dll
2008-12-11 16:46:53 ----A---- C:\Windows\system32\wininet.dll
2008-12-11 16:46:52 ----A---- C:\Windows\system32\mstime.dll
2008-12-11 16:46:51 ----A---- C:\Windows\system32\iertutil.dll
2008-12-11 16:46:50 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-11 16:15:53 ----A---- C:\Program Files (x86)\Paint.NET.3.36.exe
2008-12-11 15:38:34 ----A---- C:\Windows\system32\xfcodec.dll
2008-12-10 18:32:22 ----D---- C:\Windows\Sun
2008-12-10 18:31:48 ----A---- C:\Windows\system32\deploytk.dll
2008-12-10 17:34:54 ----RA---- C:\Windows\apptune1020.exe
2008-12-10 17:34:46 ----RA---- C:\Windows\system32\ZTAG32.DLL
2008-12-10 17:34:46 ----RA---- C:\Windows\system32\ZSPOOL.DLL
2008-12-10 17:34:46 ----RA---- C:\Windows\system32\IMF32.DLL
2008-12-10 17:34:45 ----RA---- C:\Windows\system32\zlm.dll
2008-12-10 17:34:45 ----RA---- C:\Windows\system32\ZLhp1020.dll
2008-12-10 17:34:44 ----RA---- C:\Windows\system32\zshp1020.exe
2008-12-10 17:34:44 ----RA---- C:\Windows\system32\vshp1020.dll
2008-12-10 17:34:43 ----D---- C:\Program Files (x86)\Hewlett-Packard
2008-12-10 17:34:41 ----HD---- C:\Program Files (x86)\Zenographics
2008-12-08 21:18:32 ----D---- C:\Program Files (x86)\Unlocker
2008-12-08 20:43:46 ----D---- C:\Users\Administrator\AppData\Roaming\TeamViewer
2008-12-08 20:43:41 ----D---- C:\Program Files (x86)\TeamViewer3
2008-12-08 17:44:56 ----D---- C:\Users\Administrator\AppData\Roaming\Red Alert 3
2008-12-08 17:04:44 ----D---- C:\Program Files (x86)\EA GAMES
2008-12-08 17:00:15 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2008-12-08 17:00:01 ----D---- C:\Users\Administrator\AppData\Roaming\DAEMON Tools
2008-12-07 13:51:38 ----D---- C:\Users\Administrator\AppData\Roaming\FileZilla
2008-12-07 13:51:37 ----D---- C:\Program Files (x86)\FileZilla FTP Client
2008-12-07 13:18:27 ----D---- C:\Users\Administrator\AppData\Roaming\Audacity
2008-12-07 13:18:24 ----D---- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
2008-12-07 08:48:20 ----D---- C:\Users\Administrator\AppData\Roaming\Publish Providers
2008-12-07 08:48:13 ----D---- C:\Users\Administrator\AppData\Roaming\Sony
2008-12-07 08:43:43 ----D---- C:\Program Files (x86)\NewBlue
2008-12-07 08:39:51 ----D---- C:\Program Files (x86)\Vstplugins
2008-12-07 08:39:33 ----D---- C:\Program Files (x86)\Sony
2008-12-06 10:23:14 ----D---- C:\ProgramData\Blizzard
2008-12-06 10:22:45 ----A---- C:\Windows\BlendSettings.ini
2008-12-06 08:45:26 ----D---- C:\Users\Administrator\AppData\Roaming\Ubisoft
2008-12-05 15:42:34 ----D---- C:\Windows\system32\RTCOM
2008-12-05 15:42:11 ----A---- C:\Windows\DIFxAPI.dll
2008-12-05 15:42:09 ----A---- C:\Windows\SkyTel.exe
2008-12-05 15:42:09 ----A---- C:\Windows\RtlUpd64.exe
2008-12-05 15:42:08 ----A---- C:\Windows\RAVCpl64.exe
2008-12-05 15:42:07 ----D---- C:\Program Files (x86)\Realtek
2008-12-05 15:41:52 ----A---- C:\Windows\HideWin.exe
2008-12-05 15:41:51 ----A---- C:\Windows\RtlExUpd.dll
2008-12-05 15:41:48 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2008-12-05 15:00:54 ----D---- C:\ProgramData\Ubisoft
2008-12-05 06:37:00 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-12-05 06:37:00 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2008-12-04 20:26:35 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2008-12-04 18:26:27 ----D---- C:\Windows\DirectX
2008-12-04 18:15:05 ----A---- C:\Windows\system32\d3dx10_40.dll
2008-12-04 18:15:05 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2008-12-04 18:15:03 ----A---- C:\Windows\system32\XAudio2_3.dll
2008-12-04 18:15:03 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2008-12-04 18:15:03 ----A---- C:\Windows\system32\D3DX9_40.dll
2008-12-04 18:15:02 ----A---- C:\Windows\system32\xactengine3_3.dll
2008-12-04 18:15:01 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2008-12-04 18:15:00 ----A---- C:\Windows\system32\XAudio2_2.dll
2008-12-04 18:15:00 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2008-12-04 18:15:00 ----A---- C:\Windows\system32\xactengine3_2.dll
2008-12-04 18:14:59 ----A---- C:\Windows\system32\D3DX9_39.dll
2008-12-04 18:14:59 ----A---- C:\Windows\system32\d3dx10_39.dll
2008-12-04 18:14:59 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2008-12-04 18:14:57 ----A---- C:\Windows\system32\XAudio2_1.dll
2008-12-04 18:14:57 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2008-12-04 18:14:56 ----A---- C:\Windows\system32\xactengine3_1.dll
2008-12-04 18:14:55 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2008-12-04 18:14:54 ----A---- C:\Windows\system32\d3dx10_38.dll
2008-12-04 18:14:54 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2008-12-04 18:14:53 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-12-04 18:14:53 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-12-04 18:14:53 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-12-04 18:14:53 ----A---- C:\Windows\system32\D3DX9_38.dll
2008-12-04 18:14:52 ----A---- C:\Windows\system32\xactengine2_10.dll
2008-12-04 18:14:52 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-12-04 18:14:52 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-12-04 18:14:52 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-12-04 18:14:51 ----A---- C:\Windows\system32\d3dx9_36.dll
2008-12-04 18:14:51 ----A---- C:\Windows\system32\d3dx10_36.dll
2008-12-04 18:14:51 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2008-12-04 18:14:48 ----A---- C:\Windows\system32\xactengine2_9.dll
2008-12-04 18:14:48 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-12-04 18:14:48 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2008-12-04 18:14:48 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-12-04 18:14:48 ----A---- C:\Windows\system32\d3dx10_35.dll
2008-12-04 18:14:48 ----A---- C:\Windows\system32\d3dx10_34.dll
2008-12-04 18:14:48 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2008-12-04 18:14:47 ----A---- C:\Windows\system32\xinput1_3.dll
2008-12-04 18:14:47 ----A---- C:\Windows\system32\xactengine2_7.dll
2008-12-04 18:14:47 ----A---- C:\Windows\system32\d3dx9_34.dll
2008-12-04 18:14:47 ----A---- C:\Windows\system32\d3dx10_33.dll
2008-12-04 18:14:47 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2008-12-04 18:14:47 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2008-12-04 18:14:46 ----A---- C:\Windows\system32\xactengine2_6.dll
2008-12-04 18:14:46 ----A---- C:\Windows\system32\xactengine2_5.dll
2008-12-04 18:14:46 ----A---- C:\Windows\system32\d3dx9_33.dll
2008-12-04 18:14:45 ----A---- C:\Windows\system32\xinput1_2.dll
2008-12-04 18:14:45 ----A---- C:\Windows\system32\xactengine2_4.dll
2008-12-04 18:14:45 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-12-04 18:14:45 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-12-04 18:14:45 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-12-04 18:14:45 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-12-04 18:14:45 ----A---- C:\Windows\system32\d3dx10.dll
2008-12-04 18:14:44 ----A---- C:\Windows\system32\xinput1_1.dll
2008-12-04 18:14:44 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-12-04 18:14:42 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-12-04 18:14:40 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-12-04 18:14:40 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-12-04 18:14:40 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-12-04 18:14:39 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-12-04 18:14:39 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-12-04 18:14:39 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-12-04 18:14:38 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-12-04 18:14:38 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-12-04 18:14:38 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-12-04 18:11:16 ----HD---- C:\Windows\msdownld.tmp
2008-12-04 18:11:15 ----D---- C:\Windows\system32\directx
2008-12-04 18:10:24 ----D---- C:\Program Files (x86)\Zemi Interactive
2008-12-04 17:30:26 ----D---- C:\Program Files (x86)\uTorrent
2008-12-04 17:30:21 ----D---- C:\Users\Administrator\AppData\Roaming\uTorrent
2008-12-04 17:26:31 ----A---- C:\Windows\system32\CmdLineExt03.dll
2008-12-04 17:17:16 ----D---- C:\ProgramData\TrackMania
2008-12-04 15:32:18 ----D---- C:\Users\Administrator\AppData\Roaming\acccore
2008-12-04 15:31:57 ----D---- C:\ProgramData\Viewpoint
2008-12-04 15:31:56 ----D---- C:\ProgramData\acccore
2008-12-04 15:31:56 ----D---- C:\Program Files (x86)\Viewpoint
2008-12-04 15:31:51 ----D---- C:\ProgramData\AOL OCP
2008-12-04 15:31:51 ----D---- C:\ProgramData\AOL
2008-12-04 15:31:42 ----D---- C:\Program Files (x86)\Common Files\AOL
2008-12-04 15:31:29 ----D---- C:\Program Files (x86)\AIM6
2008-12-04 11:06:09 ----D---- C:\Windows\SoftwareDistribution
2008-12-04 11:05:16 ----D---- C:\Windows\CSC
2008-12-04 11:04:49 ----D---- C:\Windows\Minidump
2008-12-04 11:02:53 ----D---- C:\Windows\Prefetch
2008-12-04 11:01:57 ----D---- C:\Windows\Panther
2008-12-04 11:01:18 ----RA---- C:\Windows\Removes.ini
2008-12-04 10:53:22 ----D---- C:\Windows.old
2008-12-04 10:14:30 ----SHD---- C:\System Volume Information
2008-12-04 10:13:19 ----RAS---- C:\BOOTSECT.BAK
2008-12-04 10:13:18 ----SHD---- C:\Boot
2008-12-04 10:12:56 ----D---- C:\Downloads
2008-12-04 10:03:54 ----A---- C:\Windows\ppGameDrive.ini
2008-12-04 10:03:54 ----A---- C:\Windows\ppAppDrive.ini
2008-12-04 10:03:48 ----A---- C:\Windows\system32\StartAU.cmd
2008-12-04 10:00:17 ----A---- C:\ssWPI.ini
2008-12-04 10:00:17 ----A---- C:\Fade.ini
2008-12-04 08:20:47 ----D---- C:\Program Files (x86)\Utilities
2008-12-04 08:20:22 ----D---- C:\ProgramData\Stardock
2008-12-04 08:20:22 ----A---- C:\Windows\system32\wbhelp2.dll
2008-12-04 08:20:21 ----D---- C:\Program Files (x86)\Stardock
2008-12-04 08:20:14 ----A---- C:\Windows\system32\javaws.exe
2008-12-04 08:20:14 ----A---- C:\Windows\system32\javaw.exe
2008-12-04 08:20:14 ----A---- C:\Windows\system32\java.exe
2008-12-04 08:19:49 ----D---- C:\Program Files (x86)\Java
2008-12-04 08:19:49 ----D---- C:\Program Files (x86)\Common Files\Java
2008-12-04 08:19:05 ----D---- C:\Program Files (x86)\My Company Name
2008-12-04 08:18:50 ----D---- C:\Program Files (x86)\Opera
2008-12-04 08:18:47 ----D---- C:\Program Files (x86)\Mozilla Firefox
2008-12-04 08:18:46 ----D---- C:\Windows\system32\Macromed
2008-12-04 08:18:41 ----D---- C:\Program Files (x86)\CCleaner
2008-12-04 08:16:12 ----A---- C:\Windows\system32\wrap_oal.dll
2008-12-04 08:16:12 ----A---- C:\Windows\system32\vb40032.dll
2008-12-04 08:16:12 ----A---- C:\Windows\system32\ssleay32.dll
2008-12-04 08:16:12 ----A---- C:\Windows\system32\OpenAL32.dll
2008-12-04 08:16:12 ----A---- C:\Windows\system32\msvcr71.dll
2008-12-04 08:16:12 ----A---- C:\Windows\system32\msvcr70.dll
2008-12-04 08:16:12 ----A---- C:\Windows\system32\msvcp71.dll
2008-12-04 08:16:12 ----A---- C:\Windows\system32\msvcp70.dll
2008-12-04 08:16:12 ----A---- C:\Windows\system32\msvci70.dll
2008-12-04 08:16:12 ----A---- C:\Windows\system32\msstkprp.dll
2008-12-04 08:16:12 ----A---- C:\Windows\system32\msstdfmt.dll
2008-12-04 08:16:12 ----A---- C:\Windows\system32\mfc71u.dll
2008-12-04 08:16:12 ----A---- C:\Windows\system32\mfc71.dll
2008-12-04 08:16:12 ----A---- C:\Windows\system32\mfc70u.dll
2008-12-04 08:16:12 ----A---- C:\Windows\system32\mfc70.dll
2008-12-04 08:16:12 ----A---- C:\Windows\system32\libssl32.dll
2008-12-04 08:16:12 ----A---- C:\Windows\system32\libmmd.dll
2008-12-04 08:16:12 ----A---- C:\Windows\system32\libintl3.dll
2008-12-04 08:16:12 ----A---- C:\Windows\system32\libiconv2.dll
2008-12-04 08:16:11 ----A---- C:\Windows\system32\libeay32.dll
2008-12-04 08:16:11 ----A---- C:\Windows\system32\cygwinb19.dll
2008-12-04 08:16:11 ----A---- C:\Windows\system32\cygwin1.dll
2008-12-04 08:16:11 ----A---- C:\Windows\system32\autoitx3.dll
2008-12-04 08:16:11 ----A---- C:\Windows\system32\atl71.dll
2008-12-04 08:16:11 ----A---- C:\Windows\system32\atl70.dll
2008-12-04 08:14:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-04 08:13:24 ----D---- C:\Windows\system32\URTTEMP
2008-12-04 08:13:09 ----SHD---- C:\Windows\Installer
2008-12-04 08:12:41 ----A---- C:\Windows\SetupSMenu.ini
2008-12-04 08:12:41 ----A---- C:\Windows\LastXPSetupSMenu.ini
2008-12-04 08:11:42 ----D---- C:\Users\Administrator\AppData\Roaming\Identities
2008-12-04 08:11:35 ----SD---- C:\Users\Administrator\AppData\Roaming\Microsoft
2008-12-04 08:11:35 ----D---- C:\Users\Administrator\AppData\Roaming\Media Center Programs
2008-12-04 08:09:45 ----D---- C:\Windows\Debug
2008-12-04 07:23:30 ----D---- C:\ppApps
2008-12-04 06:36:26 ----D---- C:\Users\Administrator\AppData\Roaming\Ventrilo
2008-12-04 06:22:24 ----A---- C:\Windows\system32\msshooks.dll
2008-12-04 06:22:24 ----A---- C:\Windows\system32\msscb.dll
2008-12-04 06:22:24 ----A---- C:\Windows\system32\mimefilt.dll
2008-12-04 06:22:23 ----A---- C:\Windows\system32\xmlfilter.dll
2008-12-04 06:22:23 ----A---- C:\Windows\system32\thawbrkr.dll
2008-12-04 06:22:23 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-12-04 06:22:23 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-12-04 06:22:23 ----A---- C:\Windows\system32\rtffilt.dll
2008-12-04 06:22:23 ----A---- C:\Windows\system32\propsys.dll
2008-12-04 06:22:23 ----A---- C:\Windows\system32\propdefs.dll
2008-12-04 06:22:23 ----A---- C:\Windows\system32\offfilt.dll
2008-12-04 06:22:23 ----A---- C:\Windows\system32\nlhtml.dll
2008-12-04 06:22:23 ----A---- C:\Windows\system32\msstrc.dll
2008-12-04 06:22:23 ----A---- C:\Windows\system32\mssprxy.dll
2008-12-04 06:22:23 ----A---- C:\Windows\system32\mssphtb.dll
2008-12-04 06:22:23 ----A---- C:\Windows\system32\mssph.dll
2008-12-04 06:22:23 ----A---- C:\Windows\system32\mssitlb.dll
2008-12-04 06:22:23 ----A---- C:\Windows\system32\msshsq.dll
2008-12-04 06:22:23 ----A---- C:\Windows\system32\msscntrs.dll
2008-12-04 06:22:23 ----A---- C:\Windows\system32\korwbrkr.dll
2008-12-04 06:22:23 ----A---- C:\Windows\system32\chtbrkr.dll
2008-12-04 06:22:23 ----A---- C:\Windows\system32\chsbrkr.dll
2008-12-04 06:22:22 ----A---- C:\Windows\system32\tquery.dll
2008-12-04 06:22:22 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-12-04 06:22:22 ----A---- C:\Windows\system32\mssvp.dll
2008-12-04 06:22:22 ----A---- C:\Windows\system32\mssrch.dll
2008-12-04 06:12:14 ----D---- C:\Users\Administrator\AppData\Roaming\Macromedia
2008-12-04 06:12:13 ----D---- C:\Users\Administrator\AppData\Roaming\Adobe
2008-12-04 06:10:18 ----D---- C:\Program Files (x86)\Common Files\Steam
2008-12-04 06:10:16 ----D---- C:\Program Files (x86)\Steam
2008-12-04 06:08:51 ----D---- C:\Program Files (x86)\RocketDock
2008-12-04 06:03:42 ----D---- C:\ProgramData\NVIDIA
2008-12-04 05:54:51 ----D---- C:\Windows\system32\AGEIA
2008-12-04 05:54:51 ----D---- C:\Program Files (x86)\AGEIA Technologies
2008-12-04 05:54:40 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-12-04 05:53:47 ----D---- C:\NVIDIA
2008-12-04 05:51:13 ----A---- C:\Windows\system32\srclient.dll
2008-12-04 05:51:13 ----A---- C:\Windows\system32\kbd106n.dll
2008-12-04 05:50:37 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-12-04 05:50:35 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-12-04 05:50:23 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-12-04 05:49:12 ----A---- C:\Windows\system32\EncDec.dll
2008-12-04 05:49:11 ----A---- C:\Windows\system32\psisdecd.dll
2008-12-04 05:48:38 ----A---- C:\Windows\system32\wshqos.dll
2008-12-04 05:48:38 ----A---- C:\Windows\system32\traffic.dll
2008-12-04 05:48:38 ----A---- C:\Windows\system32\rpcrt4.dll
2008-12-04 05:48:38 ----A---- C:\Windows\system32\pacerprf.dll
2008-12-04 05:48:36 ----A---- C:\Windows\system32\win32spl.dll
2008-12-04 05:48:34 ----A---- C:\Windows\system32\quartz.dll
2008-12-04 05:48:24 ----A---- C:\Windows\system32\gameux.dll
2008-12-04 05:48:19 ----A---- C:\Windows\system32\msxml3.dll
2008-12-04 05:48:16 ----A---- C:\Windows\system32\inetcomm.dll
2008-12-04 05:48:15 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-12-04 05:48:13 ----A---- C:\Windows\system32\msxml6.dll
2008-12-04 05:48:11 ----A---- C:\Windows\system32\es.dll
2008-12-04 05:48:09 ----A---- C:\Windows\system32\winipsec.dll
2008-12-04 05:48:09 ----A---- C:\Windows\system32\polstore.dll
2008-12-04 05:48:09 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-12-04 05:48:08 ----A---- C:\Windows\system32\wshext.dll
2008-12-04 05:48:08 ----A---- C:\Windows\system32\wscript.exe
2008-12-04 05:48:08 ----A---- C:\Windows\system32\vbscript.dll
2008-12-04 05:48:08 ----A---- C:\Windows\system32\scrrun.dll
2008-12-04 05:48:08 ----A---- C:\Windows\system32\scrobj.dll
2008-12-04 05:48:08 ----A---- C:\Windows\system32\jscript.dll
2008-12-04 05:48:08 ----A---- C:\Windows\system32\cscript.exe
2008-12-04 05:48:05 ----A---- C:\Windows\system32\connect.dll
2008-12-04 05:48:03 ----A---- C:\Windows\system32\wmpeffects.dll
2008-12-04 05:48:03 ----A---- C:\Windows\system32\dataclen.dll
2008-12-04 05:48:02 ----A---- C:\Windows\system32\wshrm.dll
2008-12-04 05:46:28 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-12-04 05:46:28 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-12-04 05:46:28 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-12-04 05:44:14 ----A---- C:\Windows\system32\Faultrep.dll
2008-12-04 05:43:59 ----A---- C:\Windows\system32\netapi32.dll
2008-12-04 05:39:38 ----A---- C:\Windows\system32\wups.dll
2008-12-04 05:39:38 ----A---- C:\Windows\system32\wudriver.dll
2008-12-04 05:39:38 ----A---- C:\Windows\system32\wuapi.dll
2008-12-04 05:39:33 ----A---- C:\Windows\system32\wuwebv.dll
2008-12-04 05:39:33 ----A---- C:\Windows\system32\wuapp.exe
2008-12-03 21:09:27 ----D---- C:\Users\Administrator\AppData\Roaming\Mozilla

======List of files/folders modified in the last 1 months======

2009-01-02 12:20:13 ----D---- C:\Windows\Temp
2009-01-02 12:19:14 ----RD---- C:\Program Files (x86)
2009-01-02 10:49:47 ----D---- C:\Windows
2009-01-02 10:34:37 ----HD---- C:\ProgramData
2009-01-02 10:34:37 ----D---- C:\Windows\SysWOW64
2009-01-02 10:25:31 ----D---- C:\Windows\System32
2009-01-02 10:25:31 ----D---- C:\Windows\inf
2009-01-02 10:17:58 ----D---- C:\Windows\system32\drivers
2008-12-29 18:40:56 ----D---- C:\Program Files (x86)\Common Files
2008-12-26 18:08:16 ----SD---- C:\ProgramData\Microsoft
2008-12-26 11:33:34 ----RSD---- C:\Windows\assembly
2008-12-21 16:38:41 ----AD---- C:\Windows\winsxs
2008-12-21 09:21:43 ----D---- C:\Program Files (x86)\Internet Explorer
2008-12-17 16:22:41 ----RSD---- C:\Windows\Fonts
2008-12-13 08:41:21 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2008-12-12 03:27:01 ----D---- C:\Windows\rescache
2008-12-12 03:09:50 ----D---- C:\Windows\AppPatch
2008-12-12 03:09:50 ----D---- C:\Program Files (x86)\Windows Mail
2008-12-12 03:09:49 ----D---- C:\Windows\system32\en-US
2008-12-11 17:54:34 ----D---- C:\Windows\Microsoft.NET
2008-12-11 17:11:50 ----RD---- C:\Program Files
2008-12-11 17:11:50 ----D---- C:\Windows\Help
2008-12-06 10:23:52 ----RD---- C:\Users
2008-12-04 18:11:18 ----D---- C:\Windows\Logs
2008-12-04 15:44:20 ----D---- C:\Windows\Tasks
2008-12-04 15:31:51 ----SD---- C:\Windows\Downloaded Program Files
2008-12-04 14:43:56 ----D---- C:\Windows\PolicyDefinitions
2008-12-04 14:43:55 ----D---- C:\Windows\ehome
2008-12-04 14:43:54 ----D---- C:\Windows\system32\migration
2008-12-04 08:16:14 ----D---- C:\Windows\system
2008-12-04 08:14:36 ----D---- C:\Windows\Registration
2008-12-03 21:15:17 ----SHD---- C:\$Recycle.Bin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys []
R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0); C:\Windows\system32\DRIVERS\CamDrL64.sys []
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x64.sys []
R3 LVUSBS64;Logitech USB Monitor Filter; C:\Windows\system32\DRIVERS\LVUSBS64.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys []
S3 agik17w5;agik17w5; C:\Windows\system32\drivers\agik17w5.sys []
S3 Avc;AVC Device; C:\Windows\system32\DRIVERS\avc.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 dump_wmimmc;dump_wmimmc; \??\C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2005-01-01 4682]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 TeamViewer;TeamViewer 3; C:\Program Files (x86)\TeamViewer3\TeamViewer_Service.exe [2008-11-17 185640]
R2 TeamViewer4;TeamViewer 4; C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe [2008-12-23 185640]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2008-12-04 104944]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-12-26 66872]
S2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-01-02 202040]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe []
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ms corsvw.exe [2008-01-20 93696]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

**eslfish** · #4 2nd Jan 2009, 10:24

INFO:
info.txt logfile of random's system information tool 1.05 2009-01-02 12:21:16

======Uninstall list======

-->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592}
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plug in.exe
Adobe Flash Player ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_acti veX.exe
Adobe Shockwave Player-->MsiExec.exe /X{2180B909-6C34-4777-AC7F-9D3F5480C4B6}
AIM 6-->C:\Program Files (x86)\AIM6\uninst.exe
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.3.6 (Unicode)-->"C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\unins000.exe"
Audiosurf-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/12900
AVS4YOU Software Navigator 1.2-->"C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files (x86)\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only)-->"C:\Program Files (x86)\CCleaner\uninst.exe"
Combat Arms-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US
Defraggler (remove only)-->"C:\Program Files (x86)\Defraggler\uninst.exe"
DyynoPlayer 0.8.6f-->C:\Program Files (x86)\Dyyno\Dyyno Player\uninstall.exe
Enemy Territory - Quake Wars(TM)-->C:\Program Files (x86)\id Software\Enemy Territory - QUAKE Wars\uninstall.exe
FileZilla Client 3.1.6-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files (x86)\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
FrostWire 4.17.2-->C:\Program Files (x86)\FrostWire\Uninstall.exe
Grand Theft Auto IV-->\
GRID-->"C:\Program Files\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x0009 -removeonly
Half-Life 2: Episode One-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/380
Hamachi 1.0.3.0-->C:\Program Files (x86)\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files (x86)\trend micro\HijackThis.exe" /uninstall
Insurgency Dedicated Server-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/17705
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LaserJet 1020 series-->C:\Program Files (x86)\Zenographics\{5F496FF0-3E4E-4A9F-B64D-0F5E260B6ABB}\SETUP.EXE -u "HPLJInstaller.dll=Hpl_1020.inf"
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech IM Video Companion-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{984F10FD-11FD-4BED-8163-92DB81E6A825}\Setup.exe" -l0x9 UNINSTALL
Logitech ImageStudio-->MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
Logitech Print Service-->C:\PROGRA~2\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~2\Logitech\PRINTS~1\INSTALL.LOG
LogonStudio Vista-->C:\PROGRA~2\Stardock\OBJECT~1\LOGONS~1\UNWISE.E XE C:\PROGRA~2\Stardock\OBJECT~1\LOGONS~1\INSTALL.LOG
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mozilla Firefox (3.0.5)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Need for Speed™ Most Wanted-->C:\Program Files (x86)\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
NewBlue VideoFX MSP-->C:\Program Files (x86)\NewBlue\VideoFX MSP\Uninstal.exe
NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592}
Oblivion-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OpenAL-->"C:\Program Files (x86)\OpenAL\OalinstGridRelease.exe" /U
OrderReminder HP LaserJet 1020-->"C:\Program Files (x86)\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1020
PowerISO-->"C:\Program Files (x86)\PowerISO\uninstall.exe"
PRODUCT_NAME-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\ IDriver.exe /M{3389DC79-8D4C-4447-B1D3-3D8FE43D65C2}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer 7 Basic-->C:\Program Files (x86)\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
RocketDock 1.3.5-->"C:\Program Files (x86)\RocketDock\unins000.exe"
Rockstar Games Social Club-->"C:\Program Files (x86)\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly
Shockwave Player-->MsiExec.exe /X{103906AD-C60E-4E65-BC84-CE980D19CE41}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Vegas Movie Studio Platinum 7.0a-->MsiExec.exe /X{D5D36DAE-B5F1-4B86-AFC1-32B7DF7E5EF7}
Source SDK Base-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/215
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SurfLite Toolbar-->regsvr32 /u /s "C:\Program Files (x86)\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll"
TeamViewer 3-->C:\Program Files (x86)\TeamViewer3\uninstall.exe
TeamViewer 4-->C:\Program Files (x86)\TeamViewer\Version4\uninstall.exe
TrackMania Nations Forever-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/11020
Uninstall 1.0.0.1-->"C:\Program Files (x86)\Common Files\DVDVideoSoft\unins000.exe"
Unlocker 1.8.7-->C:\Program Files (x86)\Unlocker\uninst.exe
Viewpoint Media Player-->C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Xfire (remove only)-->"C:\Program Files (x86)\Xfire\uninst.exe"
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~2\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar-->C:\PROGRA~2\Yahoo!\Common\unyt.exe

======Security center information======

AS: Spybot - Search and Destroy (disabled)
AS: Windows Defender

System event log

Computer Name: BOSS
Event Code: 1103
Message: Your computer was successfully assigned an address from the network, and it can now connect to other computers.
Record Number: 20169
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090102171117.000000-000
Event Type: Information
User:

Computer Name: BOSS
Event Code: 1103
Message: Your computer was successfully assigned an address from the network, and it can now connect to other computers.
Record Number: 20170
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090102171324.000000-000
Event Type: Information
User:

Computer Name: BOSS
Event Code: 1103
Message: Your computer was successfully assigned an address from the network, and it can now connect to other computers.
Record Number: 20171
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090102171531.000000-000
Event Type: Information
User:

Computer Name: BOSS
Event Code: 1103
Message: Your computer was successfully assigned an address from the network, and it can now connect to other computers.
Record Number: 20172
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090102171738.000000-000
Event Type: Information
User:

Computer Name: BOSS
Event Code: 1103
Message: Your computer was successfully assigned an address from the network, and it can now connect to other computers.
Record Number: 20173
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090102171945.000000-000
Event Type: Information
User:

Application event log

Computer Name: BOSS
Event Code: 9013
Message: The Desktop Window Manager was unable to start because composition was disabled by a running application
Record Number: 5020
Source Name: Desktop Window Manager
Time Written: 20090102162056.000000-000
Event Type: Information
User:

Computer Name: BOSS
Event Code: 9010
Message: A request to disable the Desktop Window Manager was made by process (iw3mp.exe)
Record Number: 5021
Source Name: Desktop Window Manager
Time Written: 20090102162141.000000-000
Event Type: Information
User:

Computer Name: BOSS
Event Code: 9013
Message: The Desktop Window Manager was unable to start because composition was disabled by a running application
Record Number: 5022
Source Name: Desktop Window Manager
Time Written: 20090102162141.000000-000
Event Type: Information
User:

Computer Name: BOSS
Event Code: 9010
Message: A request to disable the Desktop Window Manager was made by process (iw3mp.exe)
Record Number: 5023
Source Name: Desktop Window Manager
Time Written: 20090102162234.000000-000
Event Type: Information
User:

Computer Name: BOSS
Event Code: 9013
Message: The Desktop Window Manager was unable to start because composition was disabled by a running application
Record Number: 5024
Source Name: Desktop Window Manager
Time Written: 20090102162234.000000-000
Event Type: Information
User:

Security event log

Computer Name: BOSS
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 4468
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090102152234.406107-000
Event Type: Audit Success
User:

Computer Name: BOSS
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: BOSS$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: Administrator
Account Domain: BOSS
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x384
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Network Address: 127.0.0.1
Port: 0

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 4469
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090102161319.154107-000
Event Type: Audit Success
User:

Computer Name: BOSS
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: BOSS$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 7

New Logon:
Security ID: S-1-5-21-2785716086-541246975-1423078941-500
Account Name: Administrator
Account Domain: BOSS
Logon ID: 0x6eb2f3
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x384
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: BOSS
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 4470
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090102161319.154107-000
Event Type: Audit Success
User:

Computer Name: BOSS
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-21-2785716086-541246975-1423078941-500
Account Name: Administrator
Account Domain: BOSS
Logon ID: 0x6eb2f3

Privileges: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 4471
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090102161319.154107-000
Event Type: Audit Success
User:

Computer Name: BOSS
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-2785716086-541246975-1423078941-500
Account Name: Administrator
Account Domain: BOSS
Logon ID: 0x6eb2f3

Logon Type: 7

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 4472
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090102161319.155107-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemR oot%\System32\Wbem;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.m icrosoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"RGSCLauncher"=C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club
"RGSC"=C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\1_0_0_0

-----------------EOF-----------------

**evilfantasy** · #5 2nd Jan 2009, 10:49

I'm working on a fix but I need you to scan a few files before I can finish.

Suspicious files to scan

Please go to VirSCAN.org FREE on-line scan service
(If more than one file needs scanned they must be done separately and logs posted for each one)

1. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.

Code:

C:\Windows\bwUnin-6.1.4.36-8876480L.exe

2. At the upload site, click once inside the window next to Browse.
3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
4. Click on the Upload button.
This will perform a scan across multiple different virus scanning engines.
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
Important: Wait for all of the scanning engines to complete.
5. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
6. Paste the contents of the Clipboard in your next reply.

Also scan this file and include the results to it.

Code:

C:\Windows\system32\4c5d764.dll

----------

Also let me know why you are not running an antivirus?

**eslfish** · #6 2nd Jan 2009, 11:00

C:\Windows\bwUnin-6.1.4.36-8876480L.exe

Thats all I got when I hit copy to clip board

**evilfantasy** · #7 2nd Jan 2009, 11:07

OK instead of using the Copy to clipboard please scan the file and then post the link to the page back here. Be sure to let all of the scanners finish before copying the link.

Also scan the other file as well and post the link to it.