 No idea what infection is, Have run combo once already |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jan 10 2009, 06:36 PM
Post
#1
|
|
|
Member  Group: Members Posts: 23 Joined: 10-January 09 Member No.: 280,941  |
DDS (Ver_09-01-07.01) - NTFSx86 Run by Administrator at 15:23:04.82 on Sat 01/10/2009 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.168 [GMT -8:00] AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) FW: Trend Micro Personal Firewall *enabled* ============== Running Processes =============== C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\svchost -k DcomLaunch svchost.exe C:\WINNT\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\ehome\ehSched.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINNT\System32\svchost.exe -k imgsvc C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINNT\explorer.exe C:\WINNT\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.helloworld.com/ mStart Page = hxxp://www.gatewaybiz.com uInternet Connection Wizard,ShellNext = hxxp://www.gateway.net/ uInternet Settings,ProxyOverride = localhost uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\winnt\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe mRun: [ATIModeChange] Ati2mdxx.exe mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\winnt\system32\Shdocvw.dll Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll LSA: Notification Packages = scecli c:\winnt\system32\zebekeli.dll ============= SERVICES / DRIVERS =============== R3 CXAVSAUD;AVerMedia AVerTV AvStream Audio Capture;c:\winnt\system32\drivers\cxavsaud.sys [2003-10-11 8320] R3 HidFP;HID Front Panel Driver Service;c:\winnt\system32\drivers\HidFP.sys [2006-1-23 4128] R3 tmcfw;Trend Micro Common Firewall Service;c:\winnt\system32\drivers\TM_CFW.sys [2007-12-16 333328] R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2008-9-13 488768] R3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-9-13 648456] R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664] R4 CX88XBAR;AVerMedia AVerTV MPEG Crossbar;c:\winnt\system32\drivers\cx88xbar.sys [2003-10-11 6912] R4 tmevtmgr;tmevtmgr;c:\winnt\system32\drivers\tmevtmgr.sys [2008-9-13 52240] R4 tmpreflt;tmpreflt;c:\winnt\system32\drivers\tmpreflt.sys [2007-12-16 36368] =============== Created Last 30 ================ 2009-01-10 14:27 161,792 a------- c:\winnt\SWREG.exe 2009-01-10 14:27 98,816 a------- c:\winnt\sed.exe 2009-01-10 09:49 206 a------- c:\winnt\HPGdiPlus.ini 2009-01-10 09:47 <DIR> --d----- c:\program files\HP 2008-12-22 19:36 73,728 a------- c:\winnt\system32\javacpl.cpl 2008-12-22 19:36 410,984 a------- c:\winnt\system32\deploytk.dll 2008-12-22 19:17 <DIR> a-dshr-- C:\cmdcons 2008-12-20 14:40 <DIR> --d----- c:\program files\Lavasoft 2008-12-20 14:39 <DIR> --d----- c:\program files\common files\Wise Installation Wizard 2008-12-20 14:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCPitstop 2008-12-20 13:48 <DIR> --d----- c:\program files\PCPitstop 2008-12-19 06:01 3,060,224 a------- c:\winnt\system32\SET7F.tmp ==================== Find3M ==================== 2009-01-10 09:30 24,494 a------- c:\docume~1\admini~1\applic~1\wklnhst.dat 2009-01-10 09:27 757,536 ac------ c:\docume~1\admini~1\applic~1\GDIPFONTCACHEV1.DAT 2009-01-09 16:52 6,993 a--sh--- c:\winnt\system32\zakumuno.dll 2009-01-09 16:52 7,061 a--sh--- c:\winnt\system32\nisoresu.dll 2009-01-09 16:52 6,862 a--sh--- c:\winnt\system32\yezilewi.dll 2009-01-08 20:31 7,061 a--sh--- c:\winnt\system32\vadumema.dll 2009-01-08 20:31 6,930 a--sh--- c:\winnt\system32\yunopadi.dll 2009-01-08 20:31 6,816 a--sh--- c:\winnt\system32\noleyelo.dll 2009-01-08 07:49 6,816 a--sh--- c:\winnt\system32\yurugahi.dll 2009-01-08 07:49 7,046 a--sh--- c:\winnt\system32\namagitu.dll 2009-01-08 07:49 6,843 a--sh--- c:\winnt\system32\nevetuva.dll 2009-01-07 18:07 7,041 a--sh--- c:\winnt\system32\niyikaho.dll 2009-01-07 18:07 6,917 a--sh--- c:\winnt\system32\sunumudi.dll 2009-01-07 18:07 6,855 a--sh--- c:\winnt\system32\tomomola.dll 2009-01-07 06:02 7,019 a--sh--- c:\winnt\system32\gihiwake.dll 2009-01-07 06:02 6,983 a--sh--- c:\winnt\system32\zoweruna.dll 2009-01-07 06:02 6,855 a--sh--- c:\winnt\system32\lowavoke.dll 2009-01-06 16:39 7,033 a--sh--- c:\winnt\system32\jadiribe.dll 2009-01-06 16:39 7,006 a--sh--- c:\winnt\system32\nuvakuka.dll 2009-01-06 16:39 6,888 a--sh--- c:\winnt\system32\hevaluya.dll 2009-01-03 05:04 7,043 a--sh--- c:\winnt\system32\zisewato.dll 2009-01-03 05:04 7,042 a--sh--- c:\winnt\system32\dojoboli.dll 2009-01-03 05:04 6,821 a--sh--- c:\winnt\system32\sipizeli.dll 2009-01-02 08:02 7,067 a--sh--- c:\winnt\system32\begozebu.dll 2009-01-02 08:02 6,882 a--sh--- c:\winnt\system32\dilotiri.dll 2009-01-02 08:02 6,840 a--sh--- c:\winnt\system32\mugelide.dll 2009-01-01 19:20 7,051 a--sh--- c:\winnt\system32\kikehana.dll 2009-01-01 19:20 6,972 a--sh--- c:\winnt\system32\jugagabi.dll 2009-01-01 19:20 6,831 a--sh--- c:\winnt\system32\livaleze.dll 2009-01-01 07:11 6,974 a--sh--- c:\winnt\system32\pegenemo.dll 2009-01-01 07:11 6,932 a--sh--- c:\winnt\system32\kayiduri.dll 2009-01-01 07:11 6,832 a--sh--- c:\winnt\system32\saseneda.dll 2008-12-31 19:11 6,961 a--sh--- c:\winnt\system32\benagaya.dll 2008-12-31 19:11 6,937 a--sh--- c:\winnt\system32\nuhenehu.dll 2008-12-31 19:11 6,927 a--sh--- c:\winnt\system32\defadipa.dll 2008-12-31 07:10 6,957 a--sh--- c:\winnt\system32\majisero.dll 2008-12-31 07:10 7,032 a--sh--- c:\winnt\system32\ragutali.dll 2008-12-31 07:10 6,842 a--sh--- c:\winnt\system32\dagewoyo.dll 2008-12-12 09:33 3,060,224 -------- c:\winnt\system32\dllcache\mshtml.dll 2008-10-24 20:00 16,384 a------- c:\winnt\DCEBoot.exe 2008-10-24 03:10 453,632 -------- c:\winnt\system32\dllcache\mrxsmb.sys 2008-10-23 05:01 283,648 a------- c:\winnt\system32\SET54.tmp 2008-10-23 05:01 283,648 -------- c:\winnt\system32\dllcache\gdi32.dll 2008-10-16 14:13 1,809,944 a------- c:\winnt\system32\dllcache\wuaueng.dll 2008-10-16 14:13 202,776 a------- c:\winnt\system32\dllcache\wuweb.dll 2008-10-16 14:12 323,608 a------- c:\winnt\system32\dllcache\wucltui.dll 2008-10-16 14:12 561,688 a------- c:\winnt\system32\dllcache\wuapi.dll 2008-10-16 14:09 92,696 a------- c:\winnt\system32\dllcache\cdm.dll 2008-10-16 14:09 51,224 a------- c:\winnt\system32\dllcache\wuauclt.exe 2008-10-16 14:08 34,328 a------- c:\winnt\system32\dllcache\wups.dll 2008-10-16 14:06 268,648 a------- c:\winnt\system32\mucltui.dll 2008-10-16 14:06 208,744 a------- c:\winnt\system32\muweb.dll 2008-10-15 08:57 332,800 -------- c:\winnt\system32\dllcache\netapi32.dll 2008-10-15 01:45 18,432 -------- c:\winnt\system32\dllcache\iedw.exe 2006-04-24 05:21 3,596 ac------ c:\docume~1\admini~1\applic~1\ViewerApp.dat 0000-00-00 00:00 21,504 a--sh--- c:\winnt\system32\gukejibu.dll 2008-09-27 05:29 74,752 a--sh--- c:\winnt\system32\mirajehi.dll ============= FINISH: 15:23:56.40 ===============
Attached File(s)
-------------------- "The only thing necessary for the the triumph of evil is for good men to do nothing."
-Edmund Burke (1729-1797) |
 |
 
|
|
Jan 12 2009, 02:59 PM
Post
#2
|
|
 Forum Addict Group: HJT Team Posts: 5,949 Joined: 4-December 07 Member No.: 174,482 |
Please download Malwarebytes' Anti-Malware from HERE or HERE
Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan" Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. NEXT Please download RSIT by random/random and save it to your Desktop.
NEXT Please download GMER and unzip it to your Desktop.
Post me these logs in your next reply.. Post each log in separate post.. 1. Malwarebytes' 2. RSIT log.txt 3. RSIT info.txt 4. Attach GMER result.. -------------------- Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson   Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive Away for three months (22 August - 1 December 2009) |
|
|
|
|
Jan 17 2009, 12:31 AM
Post
#3
|
|
|
Member Group: Members Posts: 23 Joined: 10-January 09 Member No.: 280,941 |
 Malwarebytes Log Malwarebytes' Anti-Malware 1.33 Database version: 1659 Windows 5.1.2600 Service Pack 2 1/16/2009 9:03:53 PM mbam-log-2009-01-16 (21-03-53).txt Scan type: Full Scan (C:\|) Objects scanned: 130476 Time elapsed: 49 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 6 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 44 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\solution.solution (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\solution.solution.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{892b2785-b0d0-4aa2-ae6a-0ed60b00a979} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{00476c87-a276-49bf-86bc-ff005732430b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{e81cf86b-f683-422a-b742-3f2427ea9d6a} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Qoobox\Quarantine\C\WINNT\system32\bakivige.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINNT\system32\gipunowe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINNT\system32\hiwelilo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINNT\system32\jupaluze.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINNT\system32\kazovovi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINNT\system32\kenahapu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINNT\system32\kiyuvuna.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINNT\system32\nanujayi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINNT\system32\nuzepema.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINNT\system32\ropenoya.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINNT\system32\samewora.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINNT\system32\visegobu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINNT\system32\wahawiye.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINNT\system32\wideyeri.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINNT\system32\zopatafi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINNT\system32\zurafogu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP2\A0000112.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0000248.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0000249.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0000255.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0000256.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0000257.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0000264.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000663.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000679.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000685.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000693.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000695.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000696.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000698.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000706.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000713.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000717.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000722.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000724.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000734.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000735.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000708.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP8\A0000726.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINNT\system32\mirajehi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINNT\system32\wekinimu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINNT\system32\jisubufo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINNT\system32\samovevu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINNT\system32\kayiduri.dll (Trojan.Vundo) -> Quarantined and deleted successfully. RSIT Logs log.txt Logfile of random's system information tool 1.05 (written by random/random) Run by Administrator at 2009-01-16 21:07:24 Microsoft Windows XP Professional Service Pack 2 System drive C: has 173 GB (90%) free of 191 GB Total RAM: 510 MB (41% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:07:42 PM, on 1/16/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\ehome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\svchost.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator\Desktop\RSIT.exe C:\Program Files\trend micro\Administrator.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.helloworld.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.net/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing) O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {86425144-8E97-41D5-8BCF-302812D44692} (RazorStreamControl.CaptureControl) - http://www.helloworld.com/root.controls/RSControl40.CAB O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 5469 bytes ======Scheduled tasks folder====== C:\WINNT\tasks\AppleSoftwareUpdate.job C:\WINNT\tasks\At1.job C:\WINNT\tasks\At10.job C:\WINNT\tasks\At11.job C:\WINNT\tasks\At12.job C:\WINNT\tasks\At13.job C:\WINNT\tasks\At14.job C:\WINNT\tasks\At15.job C:\WINNT\tasks\At16.job C:\WINNT\tasks\At17.job C:\WINNT\tasks\At18.job C:\WINNT\tasks\At19.job C:\WINNT\tasks\At2.job C:\WINNT\tasks\At20.job C:\WINNT\tasks\At21.job C:\WINNT\tasks\At22.job C:\WINNT\tasks\At23.job C:\WINNT\tasks\At24.job C:\WINNT\tasks\At25.job C:\WINNT\tasks\At26.job C:\WINNT\tasks\At27.job C:\WINNT\tasks\At28.job C:\WINNT\tasks\At29.job C:\WINNT\tasks\At3.job C:\WINNT\tasks\At30.job C:\WINNT\tasks\At31.job C:\WINNT\tasks\At32.job C:\WINNT\tasks\At33.job C:\WINNT\tasks\At34.job C:\WINNT\tasks\At35.job C:\WINNT\tasks\At36.job C:\WINNT\tasks\At37.job C:\WINNT\tasks\At38.job C:\WINNT\tasks\At39.job C:\WINNT\tasks\At4.job C:\WINNT\tasks\At40.job C:\WINNT\tasks\At41.job C:\WINNT\tasks\At42.job C:\WINNT\tasks\At43.job C:\WINNT\tasks\At44.job C:\WINNT\tasks\At45.job C:\WINNT\tasks\At46.job C:\WINNT\tasks\At47.job C:\WINNT\tasks\At48.job C:\WINNT\tasks\At5.job C:\WINNT\tasks\At6.job C:\WINNT\tasks\At7.job C:\WINNT\tasks\At8.job C:\WINNT\tasks\At9.job C:\WINNT\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1090050001.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-14 50376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-22 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-22 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-22 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ATIModeChange"=C:\WINNT\system32\Ati2mdxx.exe [2001-09-04 28672] "UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-07-29 1398024] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-14 399504] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-08-30 139264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINNT\system32\ctfmon.exe [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] C:\WINNT\ehome\ehtray.exe [2004-08-03 50176] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Ink Monitor] C:\Program Files\Gateway Utilities\GWInkMonitor.exe [2003-06-24 303180] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2007-09-14 267064] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-07-25 563984] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-07-25 2027792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StacSysTray] C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe [2003-10-23 962560] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-22 136600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-05-21 180269] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000] C:\WINNT\vVX3000.exe [2007-04-10 709992] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk] C:\PROGRA~1\GREETI~1\GWREMIND.EXE [1997-09-03 50688] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk] C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe [2003-04-06 147456] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe [2003-04-06 28672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk] C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~3\SonyTray.exe [2003-11-21 151552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk] C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE [2003-12-17 106496] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^YourScreen.lnk] C:\PROGRA~1\YOURSC~1\YOURSC~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PassThru"=3 "ose"=3 "nmservice"=2 "nmraapache"=3 "NBService"=3 "MDM"=2 "LVPrcSrv"=2 "LVCOMSer"=2 "iPod Service"=3 "gusvc"=3 "Apple Mobile Device"=2 "PrismXL"=2 "LVSrvLauncher"=2 "aawservice"=2 C:\Documents and Settings\All Users\Start Menu\Programs\Startup Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINNT\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll [2006-08-24 133120] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli C:\WINNT\system32\zebekeli.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager" "C:\Program Files\Combat Arms\CombatArms.exe"="C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe" "C:\Program Files\Combat Arms\Engine.exe"="C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe" "C:\Program Files\Combat Arms\NMService.exe"="C:\Program Files\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core" "C:\Program Files\Trend Micro\Internet Security\TmPfw.exe"="C:\Program Files\Trend Micro\Internet Security\TmPfw.exe:*:Enabled:TmPfw" "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"="C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM" "C:\Program Files\Trend Micro\BM\TMBMSRV.exe"="C:\Program Files\Trend Micro\BM\TMBMSRV.exe:*:Enabled:TMBMSRV" "C:\WINNT\system32\wbem\wmiprvse.exe"="C:\WINNT\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse" "C:\WINNT\system32\userinit.exe"="C:\WINNT\system32\userinit.exe:*:Enabled:userinit" "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe:*:Enabled:UfSeAgnt" "C:\WINNT\system32\sndvol32.exe"="C:\WINNT\system32\sndvol32.exe:*:Enabled:SNDVOL32" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\Program Files\Combat Arms\CombatArms.exe"="C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe" "C:\Program Files\Combat Arms\Engine.exe"="C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{176b2d23-155e-11dc-9245-0040ca6bbb4b}] shell\AutoRun\command - I:\LaunchU3.exe -a ======List of files/folders created in the last 3 months====== 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\zoweruna.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\zisewato.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\zakumuno.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\yurugahi.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\yunopadi.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\yezilewi.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\vadumema.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\tomomola.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\sunumudi.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\sipizeli.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\saseneda.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\ragutali.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\pegenemo.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\nuvakuka.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\nuhenehu.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\noleyelo.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\niyikaho.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\nisoresu.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\nevetuva.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\namagitu.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\mugelide.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\majisero.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\lowavoke.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\livaleze.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\kikehana.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\jugagabi.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\jadiribe.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\hevaluya.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\gukejibu.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\gihiwake.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\dojoboli.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\dilotiri.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\defadipa.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\dagewoyo.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\benagaya.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINNT\system32\begozebu.dll 2009-01-16 21:07:24 ----D---- C:\rsit 2009-01-16 20:27:26 ----SHD---- C:\RECYCLER 2009-01-16 20:11:36 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2009-01-16 20:11:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-01-16 20:11:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-01-10 15:05:31 ----A---- C:\1-10-09ComboRprt.txt 2009-01-10 14:57:57 ----A---- C:\ComboFix.txt 2009-01-10 14:31:28 ----D---- C:\WINNT\temp 2009-01-10 14:27:29 ----A---- C:\WINNT\zip.exe 2009-01-10 14:27:29 ----A---- C:\WINNT\VFIND.exe 2009-01-10 14:27:29 ----A---- C:\WINNT\SWXCACLS.exe 2009-01-10 14:27:29 ----A---- C:\WINNT\SWSC.exe 2009-01-10 14:27:29 ----A---- C:\WINNT\SWREG.exe 2009-01-10 14:27:29 ----A---- C:\WINNT\sed.exe 2009-01-10 14:27:29 ----A---- C:\WINNT\NIRCMD.exe 2009-01-10 14:27:29 ----A---- C:\WINNT\grep.exe 2009-01-10 14:27:29 ----A---- C:\WINNT\fdsv.exe 2009-01-10 14:26:54 ----D---- C:\Qoobox 2009-01-10 09:49:59 ----A---- C:\WINNT\HPGdiPlus.ini 2009-01-10 09:47:17 ----D---- C:\Program Files\HP 2008-12-22 19:36:49 ----A---- C:\WINNT\system32\javaws.exe 2008-12-22 19:36:49 ----A---- C:\WINNT\system32\javaw.exe 2008-12-22 19:36:49 ----A---- C:\WINNT\system32\java.exe 2008-12-22 19:36:49 ----A---- C:\WINNT\system32\deploytk.dll 2008-12-22 19:17:20 ----A---- C:\Boot.bak 2008-12-22 19:17:03 ----RASHD---- C:\cmdcons 2008-12-22 19:16:03 ----D---- C:\WINNT\ERDNT 2008-12-20 14:40:40 ----D---- C:\Program Files\Lavasoft 2008-12-20 14:40:38 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-12-20 14:39:49 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-12-20 14:26:07 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop 2008-12-20 13:48:55 ----HDC---- C:\WINNT\$NtUninstallKB955839$ 2008-12-20 13:48:36 ----D---- C:\Program Files\PCPitstop 2008-12-20 13:40:15 ----HDC---- C:\WINNT\$NtUninstallKB958215$ 2008-12-20 13:29:55 ----HDC---- C:\WINNT\$NtUninstallKB960714$ 2008-12-20 13:26:19 ----HDC---- C:\WINNT\$NtUninstallKB954600$ 2008-12-20 13:22:17 ----HDC---- C:\WINNT\$NtUninstallKB956802$ 2008-12-19 06:01:44 ----A---- C:\WINNT\system32\SET7F.tmp 2008-11-11 19:06:11 ----HDC---- C:\WINNT\$NtUninstallKB957097$ 2008-11-11 19:04:46 ----HDC---- C:\WINNT\$NtUninstallKB955069$ 2008-11-01 12:31:28 ----D---- C:\Program Files\Combat Arms 2008-11-01 12:31:27 ----D---- C:\Documents and Settings\All Users\Application Data\NexonUS 2008-10-24 20:00:27 ----A---- C:\WINNT\DCEBoot.exe 2008-10-24 04:55:34 ----HDC---- C:\WINNT\$NtUninstallKB958644$ 2008-10-23 05:01:36 ----A---- C:\WINNT\system32\SET54.tmp ======List of files/folders modified in the last 3 months====== 2009-01-16 21:07:42 ----D---- C:\Program Files\Trend Micro 2009-01-16 21:07:23 ----D---- C:\WINNT\Prefetch 2009-01-16 21:03:52 ----AD---- C:\WINNT\system32 2009-01-16 20:11:30 ----D---- C:\WINNT\system32\drivers 2009-01-16 20:11:25 ----D---- C:\Program Files 2009-01-14 06:02:08 ----A---- C:\WINNT\ModemLog_Conexant SoftK56 Data Fax Modem.txt 2009-01-13 19:52:01 ----A---- C:\WINNT\system32\PerfStringBackup.INI 2009-01-13 19:49:24 ----D---- C:\WINNT\system32\CatRoot2 2009-01-13 19:47:53 ----D---- C:\WINNT 2009-01-13 19:46:16 ----A---- C:\WINNT\SchedLgU.Txt 2009-01-10 15:32:41 ----RASH---- C:\boot.ini 2009-01-10 15:32:41 ----A---- C:\WINNT\win.ini 2009-01-10 15:32:41 ----A---- C:\WINNT\system.ini 2009-01-10 14:51:57 ----D---- C:\WINNT\system32\config 2009-01-10 14:30:34 ----D---- C:\WINNT\AppPatch 2009-01-10 14:30:34 ----D---- C:\Program Files\Common Files 2009-01-10 14:29:00 ----SD---- C:\WINNT\Downloaded Program Files 2009-01-10 09:52:43 ----HD---- C:\WINNT\inf 2009-01-10 09:52:42 ----D---- C:\Program Files\Hewlett-Packard 2009-01-10 09:47:23 ----SHD---- C:\WINNT\Installer 2009-01-10 09:47:04 ----D---- C:\WINNT\Downloaded Installations 2009-01-10 08:26:58 ----D---- C:\WINNT\system32\CatRoot 2009-01-10 08:17:08 ----AC---- C:\WINNT\ntbtlog.txt 2009-01-09 19:46:12 ----A---- C:\WINNT\NeroDigital.ini 2009-01-09 19:23:00 ----D---- C:\WINNT\system32\wbem 2009-01-02 18:17:32 ----D---- C:\Program Files\Greetings Workshop 2008-12-22 23:22:38 ----SHD---- C:\System Volume Information 2008-12-22 23:22:38 ----D---- C:\WINNT\system32\Restore 2008-12-22 19:36:33 ----D---- C:\Program Files\Java 2008-12-20 13:41:18 ----A---- C:\WINNT\imsins.BAK 2008-12-20 13:40:44 ----RSHD---- C:\WINNT\system32\dllcache 2008-12-20 13:40:38 ----D---- C:\Program Files\Internet Explorer 2008-12-20 13:38:49 ----HD---- C:\WINNT\$hf_mig$ 2008-12-02 16:58:19 ----D---- C:\WINNT\Help 2008-11-11 19:03:50 ----D---- C:\WINNT\WinSxS 2008-10-22 01:47:07 ----N---- C:\WINNT\system32\tzchange.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINNT\system32\drivers\AFS2K.sys [2004-10-07 35840] R1 cdrbsvsd;cdrbsvsd; C:\WINNT\system32\drivers\cdrbsvsd.sys [2003-12-03 13566] R1 intelppm;Intel Processor Driver; C:\WINNT\System32\DRIVERS\intelppm.sys [2004-08-03 36096] R1 kbdhid;Keyboard HID Driver; C:\WINNT\System32\DRIVERS\kbdhid.sys [2004-08-03 14848] R1 PCLEPCI;PCLEPCI; \??\C:\WINNT\System32\drivers\pclepci.sys [] R1 tmtdi;Trend Micro TDI Driver; C:\WINNT\system32\DRIVERS\tmtdi.sys [2008-02-15 65936] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINNT\System32\drivers\ws2ifsl.sys [2003-03-31 12032] R2 CX23880;AVerMedia AVerTV MPEG Video Capture (!); C:\WINNT\system32\drivers\cx88vid.sys [2003-10-21 246272] R2 CX88ENC;AVerMedia AVerTV MPEG Encoder; C:\WINNT\system32\drivers\cx88enc.sys [2003-10-21 294912] R2 CX88XBAR;AVerMedia AVerTV MPEG Crossbar; C:\WINNT\system32\drivers\CX88XBAR.sys [2003-10-21 6912] R2 CXTUNE;AVerMedia AVerTV Tuner; C:\WINNT\system32\drivers\CX88TUNE.sys [2003-10-21 30848] R2 mdmxsdk;mdmxsdk; C:\WINNT\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043] R2 tmactmon;tmactmon; \??\C:\WINNT\system32\drivers\tmactmon.sys [] R2 tmcomm;tmcomm; \??\C:\WINNT\system32\drivers\tmcomm.sys [] R2 tmevtmgr;tmevtmgr; \??\C:\WINNT\system32\drivers\tmevtmgr.sys [] R2 tmpreflt;tmpreflt; C:\WINNT\system32\DRIVERS\tmpreflt.sys [2008-11-26 36368] R2 tmxpflt;tmxpflt; C:\WINNT\system32\DRIVERS\tmxpflt.sys [2008-11-26 205328] R2 vsapint;vsapint; C:\WINNT\system32\DRIVERS\vsapint.sys [2008-11-26 1195384] R3 ASAPIW2k;ASAPIW2K; C:\WINNT\system32\drivers\ASAPIW2k.sys [2004-03-10 11264] R3 ati2mtag;ati2mtag; C:\WINNT\System32\DRIVERS\ati2mtag.sys [2003-08-12 594432] R3 CXAVSAUD;AVerMedia AVerTV AvStream Audio Capture; C:\WINNT\system32\drivers\cxavsaud.sys [2003-10-21 8320] R3 E100B;Intel® PRO Network Connection Driver; C:\WINNT\System32\DRIVERS\e100b325.sys [2007-03-14 165760] R3 GEARAspiWDM;GEARAspiWDM; C:\WINNT\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 HidFP;HID Front Panel Driver Service; C:\WINNT\System32\DRIVERS\HidFP.sys [2006-01-23 4128] R3 HidIr;Microsoft Infrared HID Driver; C:\WINNT\System32\DRIVERS\hidir.sys [2004-08-03 15104] R3 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 HSF_DP;HSF_DP; C:\WINNT\System32\DRIVERS\HSF_DP.sys [2003-07-28 1064448] R3 HSFHWICH;HSFHWICH; C:\WINNT\System32\DRIVERS\HSFHWICH.sys [2003-07-28 190848] R3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINNT\System32\DRIVERS\IrBus.sys [2004-08-03 40832] R3 MarvinBus;Pinnacle Marvin Bus; C:\WINNT\System32\DRIVERS\MarvinBus.sys [2004-03-29 90464] R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 MxlW2k;MxlW2k; C:\WINNT\system32\drivers\MxlW2k.sys [2004-07-17 28352] R3 pfc;Padus ASPI Shell; C:\WINNT\system32\drivers\pfc.sys [2003-08-01 9856] R3 STAC97;SigmaTel C-Major Audio; C:\WINNT\system32\drivers\STAC97.sys [2003-10-17 252144] R3 tmcfw;Trend Micro Common Firewall Service; C:\WINNT\system32\DRIVERS\TM_CFW.sys [2008-02-15 333328] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\System32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;USB2 Enabled Hub; C:\WINNT\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 winachsf;winachsf; C:\WINNT\System32\DRIVERS\HSF_CNXT.sys [2003-07-28 672256] S3 61883;61883 Unit Device; C:\WINNT\System32\DRIVERS\61883.sys [2004-08-03 48128] S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINNT\system32\drivers\ac97intc.sys [2001-08-17 96256] S3 Arp1394;1394 ARP Client Protocol; C:\WINNT\System32\DRIVERS\arp1394.sys [2004-08-03 60800] S3 Avc;AVC Device; C:\WINNT\System32\DRIVERS\avc.sys [2004-08-03 38912] S3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINNT\System32\DRIVERS\bcmwl5.sys [2003-06-13 254208] S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINNT\System32\DRIVERS\Camdrl.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINNT\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 EagleNT;EagleNT; \??\C:\WINNT\system32\drivers\EagleNT.sys [] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINNT\System32\DRIVERS\HPZid412.sys [2003-03-09 51024] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINNT\System32\DRIVERS\HPZipr12.sys [2003-03-09 16080] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINNT\System32\DRIVERS\HPZius12.sys [2003-03-09 21456] S3 LVcKap;Logitech AEC Driver; C:\WINNT\system32\DRIVERS\LVcKap.sys [2007-07-20 2109592] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINNT\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2142488] S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINNT\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINNT\system32\drivers\LVUSBSta.sys [2007-07-18 41752] S3 MSDV;Microsoft DV Camera and VCR; C:\WINNT\System32\DRIVERS\msdv.sys [2004-08-03 51328] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Microsoft TV/Video Connection; C:\WINNT\System32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 NIC1394;1394 Net Driver; C:\WINNT\System32\DRIVERS\nic1394.sys [2004-08-03 61824] S3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 pepifilter;Volume Adapter; C:\WINNT\system32\DRIVERS\lv302af.sys [2007-07-18 13848] S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINNT\system32\DRIVERS\LV302V32.SYS [2007-07-18 1278104] S3 SLIP;BDA Slip De-Framer; C:\WINNT\System32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 streamip;BDA IPSink; C:\WINNT\System32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 usbaudio;USB Audio Driver (WDM); C:\WINNT\system32\drivers\usbaudio.sys [2004-08-03 59264] S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 VX3000;VX-3000; C:\WINNT\system32\DRIVERS\VX3000.sys [2007-04-10 1966696] S3 wanatw;WAN Miniport (ATW); C:\WINNT\System32\DRIVERS\wanatw4.sys [] S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINNT\System32\Ati2evxx.exe [2003-08-12 319488] R2 ehSched;Media Center Scheduler Service; C:\WINNT\ehome\ehSched.exe [2004-08-03 84992] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-22 152984] R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 698888] R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2007-12-24 333064] R3 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2008-02-15 488768] R3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-02-15 648456] S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINNT\System32\HPZipm12.exe [2003-03-09 65795] S4 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664] S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592] S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-14 503608] S4 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-20 186904] S4 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-20 137752] S4 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-20 141848] S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-08-22 724992] S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S4 PrismXL;PrismXL; C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS [2006-01-23 57344] -----------------EOF----------------- Info.txt info.txt logfile of random's system information tool 1.05 2009-01-16 21:07:52 ======Uninstall list====== -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINNT\IsUninst.exe -fC:\WINNT\orun32.isu -->C:\WINNT\UNNeroBackItUp.exe /UNINSTALL -->C:\WINNT\UNNeroMediaHome.exe /UNINSTALL -->C:\WINNT\UNNeroShowTime.exe /UNINSTALL -->C:\WINNT\UNNeroVision.exe /UNINSTALL -->C:\WINNT\UNRecode.exe /UNINSTALL -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Encore DVD 1.0-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2CF483C-7EEE-4B64-A730-14F83CD5AFFE}\setup.exe" Adobe Flash Player 10 ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001} Adventures in Typing-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC1D8269-A50C-4C1E-88D6-1B6E1320FEE8}\setup.exe" -l0x9 Ahead Nero BurnRights-->C:\WINNT\UNNeroBurnRights.exe /UNINSTALL Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217} Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver-->rundll32 C:\WINNT\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean C-Major Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 Combat Arms-->"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US DoMore-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5B26C1E-4751-4F03-BC18-634F41F31EC6}\setup.exe" -l0x9 DVD-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL FirstClass® Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B35C417-2649-11D6-83D1-0050FC01225C}\Setup.exe" -l0x9 -uninst Gateway Drivers and Applications Recovery-->C:\Program Files\Gateway\HPA\GWMenu.exe UNINSTALL Gateway IE Customizations-->C:\Program Files\\Gateway\IECustom\IEProj.exe UNINSTALL Gateway Ink Monitor-->MsiExec.exe /X{F10082FE-BACB-4E58-A423-DAD6BFC8B3A2} Gateway User's Guide-->"C:\Program Files\SIFXINST\SIFXINST.EXE" /UnapplyFile 0755407D-BE9E-4D24-8FE4-39C2FBED6FA8 /Prompt Greetings Workshop-->C:\Program Files\Greetings Workshop\SETUP\setup.exe HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hollywood FX 5.5 Additional Effects-->C:\WINNT\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\unextralog Hotfix for Windows XP (KB952287)-->"C:\WINNT\$NtUninstallKB952287$\spuninst\spuninst.exe" HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70} HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B} HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1} HP Photo and Imaging 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE} HP PSC 1100/1200/1300 series Cartridge Compatibility Utility-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\CartridgeCompatibilityUtility\Uninst.isu" hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5} hp psc 1200 series-->rundll32 hpzcon07.dll,VendorJettison hp psc 1200 series Intel® PRO Network Connections 12.1.12.0-->MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1 iTunes-->MsiExec.exe /I{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF} Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000} Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL Logitech QuickCam-->MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0} Logitech® Camera Driver-->"C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT Luxor - Amun Rising-->"C:\Program Files\MSN Games\Luxor - Amun Rising\Uninstall.exe" "C:\Program Files\MSN Games\Luxor - Amun Rising\install.log" Macromedia Flash Player-->MsiExec.exe /X{4ecaf021-478c-40c1-b777-3368a15f9966} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.0 Hotfix (KB887998)-->"C:\WINNT\$NtUninstallKB887998$\spuninst\spuninst.exe" Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINNT\$NtUninstallKB930494$\spuninst\spuninst.exe" Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft Encarta Encyclopedia Standard 2004-->MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Streets and Trips 2004-->MsiExec.exe /I{8704D51E-25B7-4F23-81E7-AA4F54790210} Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9} Microsoft Works 2004 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe d:\ Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{33BEE6F3-9987-4F98-A069-97A64EC8321A} Microsoft Works-->MsiExec.exe /I{B9966F27-9678-4620-9579-925E3084647E} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93} Mystery Case Files - Prime Suspects-->"C:\Program Files\MSN Games\Mystery Case Files - Prime Suspects\Uninstall.exe" "C:\Program Files\MSN Games\Mystery Case Files - Prime Suspects\install.log" Nero 7 Ultra Edition-->MsiExec.exe /I{E57D365C-BB31-4288-83EC-5F4EF2D11033} PCFriendly-->C:\Program Files\PCFriendly\inuninst.exe Picture Package-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL Pinnacle Hollywood FX-->C:\WINNT\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log Quicken 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINNT\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINNT\$NtUninstallKB923723$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB911564)-->"C:\WINNT\$NtUninstallKB911564$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINNT\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINNT\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Security Update for Windows XP (KB890046)-->"C:\WINNT\$NtUninstallKB890046$\spuninst\spuninst.exe" Security Update for Windows XP (KB893756)-->"C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe" Security Update for Windows XP (KB896358)-->"C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe" Security Update for Windows XP (KB896422)-->"C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe" Security Update for Windows XP (KB896423)-->"C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe" Security Update for Windows XP (KB896424)-->"C:\WINNT\$NtUninstallKB896424$\spuninst\spuninst.exe" Security Update for Windows XP (KB896428)-->"C:\WINNT\$NtUninstallKB896428$\spuninst\spuninst.exe" Security Update for Windows XP (KB899587)-->"C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe" Security Update for Windows XP (KB899589)-->"C:\WINNT\$NtUninstallKB899589$\spuninst\spuninst.exe" Security Update for Windows XP (KB899591)-->"C:\WINNT\$NtUninstallKB899591$\spuninst\spuninst.exe" Security Update for Windows XP (KB900725)-->"C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe" Security Update for Windows XP (KB901017)-->"C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe" Security Update for Windows XP (KB901214)-->"C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe" Security Update for Windows XP (KB902400)-->"C:\WINNT\$NtUninstallKB902400$\spuninst\spuninst.exe" Security Update for Windows XP (KB904706)-->"C:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe" Security Update for Windows XP (KB905414)-->"C:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe" Security Update for Windows XP (KB905749)-->"C:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe" Security Update for Windows XP (KB908519)-->"C:\WINNT\$NtUninstallKB908519$\spuninst\spuninst.exe" Security Update for Windows XP (KB911562)-->"C:\WINNT\$NtUninstallKB911562$\spuninst\spuninst.exe" Security Update for Windows XP (KB911567)-->"C:\WINNT\$NtUninstallKB911567$\spuninst\spuninst.exe" Security Update for Windows XP (KB911927)-->"C:\WINNT\$NtUninstallKB911927$\spuninst\spuninst.exe" Security Update for Windows XP (KB912919)-->"C:\WINNT\$NtUninstallKB912919$\spuninst\spuninst.exe" Security Update for Windows XP (KB913580)-->"C:\WINNT\$NtUninstallKB913580$\spuninst\spuninst.exe" Security Update for Windows XP (KB914388)-->"C:\WINNT\$NtUninstallKB914388$\spuninst\spuninst.exe" Security Update for Windows XP (KB914389)-->"C:\WINNT\$NtUninstallKB914389$\spuninst\spuninst.exe" Security Update for Windows XP (KB916281)-->"C:\WINNT\$NtUninstallKB916281$\spuninst\spuninst.exe" Security Update for Windows XP (KB917159)-->"C:\WINNT\$NtUninstallKB917159$\spuninst\spuninst.exe" Security Update for Windows XP (KB917344)-->"C:\WINNT\$NtUninstallKB917344$\spuninst\spuninst.exe" Security Update for Windows XP (KB917422)-->"C:\WINNT\$NtUninstallKB917422$\spuninst\spuninst.exe" Security Update for Windows XP (KB917953)-->"C:\WINNT\$NtUninstallKB917953$\spuninst\spuninst.exe" Security Update for Windows XP (KB918118)-->"C:\WINNT\$NtUninstallKB918118$\spuninst\spuninst.exe" Security Update for Windows XP (KB918899)-->"C:\WINNT\$NtUninstallKB918899$\spuninst\spuninst.exe" Security Update for Windows XP (KB919007)-->"C:\WINNT\$NtUninstallKB919007$\spuninst\spuninst.exe" Security Update for Windows XP (KB920213)-->"C:\WINNT\$NtUninstallKB920213$\spuninst\spuninst.exe" Security Update for Windows XP (KB920214)-->"C:\WINNT\$NtUninstallKB920214$\spuninst\spuninst.exe" Security Update for Windows XP (KB920670)-->"C:\WINNT\$NtUninstallKB920670$\spuninst\spuninst.exe" Security Update for Windows XP (KB920683)-->"C:\WINNT\$NtUninstallKB920683$\spuninst\spuninst.exe" Security Update for Windows XP (KB920685)-->"C:\WINNT\$NtUninstallKB920685$\spuninst\spuninst.exe" Security Update for Windows XP (KB921398)-->"C:\WINNT\$NtUninstallKB921398$\spuninst\spuninst.exe" Security Update for Windows XP (KB921503)-->"C:\WINNT\$NtUninstallKB921503$\spuninst\spuninst.exe" Security Update for Windows XP (KB921883)-->"C:\WINNT\$NtUninstallKB921883$\spuninst\spuninst.exe" Security Update for Windows XP (KB922616)-->"C:\WINNT\$NtUninstallKB922616$\spuninst\spuninst.exe" Security Update for Windows XP (KB922760)-->"C:\WINNT\$NtUninstallKB922760$\spuninst\spuninst.exe" Security Update for Windows XP (KB922819)-->"C:\WINNT\$NtUninstallKB922819$\spuninst\spuninst.exe" Security Update for Windows XP (KB923191)-->"C:\WINNT\$NtUninstallKB923191$\spuninst\spuninst.exe" Security Update for Windows XP (KB923414)-->"C:\WINNT\$NtUninstallKB923414$\spuninst\spuninst.exe" Security Update for Windows XP (KB923689)-->"C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe" Security Update for Windows XP (KB923694)-->"C:\WINNT\$NtUninstallKB923694$\spuninst\spuninst.exe" Security Update for Windows XP (KB923980)-->"C:\WINNT\$NtUninstallKB923980$\spuninst\spuninst.exe" Security Update for Windows XP (KB924191)-->"C:\WINNT\$NtUninstallKB924191$\spuninst\spuninst.exe" Security Update for Windows XP (KB924270)-->"C:\WINNT\$NtUninstallKB924270$\spuninst\spuninst.exe" Security Update for Windows XP (KB924496)-->"C:\WINNT\$NtUninstallKB924496$\spuninst\spuninst.exe" Security Update for Windows XP (KB924667)-->"C:\WINNT\$NtUninstallKB924667$\spuninst\spuninst.exe" Security Update for Windows XP (KB925454)-->"C:\WINNT\$NtUninstallKB925454$\spuninst\spuninst.exe" Security Update for Windows XP (KB925486)-->"C:\WINNT\$NtUninstallKB925486$\spuninst\spuninst.exe" Security Update for Windows XP (KB925902)-->"C:\WINNT\$NtUninstallKB925902$\spuninst\spuninst.exe" Security Update for Windows XP (KB926255)-->"C:\WINNT\$NtUninstallKB926255$\spuninst\spuninst.exe" Security Update for Windows XP (KB926436)-->"C:\WINNT\$NtUninstallKB926436$\spuninst\spuninst.exe" Security Update for Windows XP (KB927779)-->"C:\WINNT\$NtUninstallKB927779$\spuninst\spuninst.exe" Security Update for Windows XP (KB927802)-->"C:\WINNT\$NtUninstallKB927802$\spuninst\spuninst.exe" Security Update for Windows XP (KB928090)-->"C:\WINNT\$NtUninstallKB928090$\spuninst\spuninst.exe" Security Update for Windows XP (KB928255)-->"C:\WINNT\$NtUninstallKB928255$\spuninst\spuninst.exe" Security Update for Windows XP (KB928843)-->"C:\WINNT\$NtUninstallKB928843$\spuninst\spuninst.exe" Security Update for Windows XP (KB929123)-->"C:\WINNT\$NtUninstallKB929123$\spuninst\spuninst.exe" Security Update for Windows XP (KB929969)-->"C:\WINNT\$NtUninstallKB929969$\spuninst\spuninst.exe" Security Update for Windows XP (KB930178)-->"C:\WINNT\$NtUninstallKB930178$\spuninst\spuninst.exe" Security Update for Windows XP (KB931261)-->"C:\WINNT\$NtUninstallKB931261$\spuninst\spuninst.exe" Security Update for Windows XP (KB931768)-->"C:\WINNT\$NtUninstallKB931768$\spuninst\spuninst.exe" Security Update for Windows XP (KB931784)-->"C:\WINNT\$NtUninstallKB931784$\spuninst\spuninst.exe" Security Update for Windows XP (KB932168)-->"C:\WINNT\$NtUninstallKB932168$\spuninst\spuninst.exe" Security Update for Windows XP (KB933566)-->"C:\WINNT\$NtUninstallKB933566$\spuninst\spuninst.exe" Security Update for Windows XP (KB933729)-->"C:\WINNT\$NtUninstallKB933729$\spuninst\spuninst.exe" Security Update for Windows XP (KB935839)-->"C:\WINNT\$NtUninstallKB935839$\spuninst\spuninst.exe" Security Update for Windows XP (KB935840)-->"C:\WINNT\$NtUninstallKB935840$\spuninst\spuninst.exe" Security Update for Windows XP (KB936021)-->"C:\WINNT\$NtUninstallKB936021$\spuninst\spuninst.exe" Security Update for Windows XP (KB937143)-->"C:\WINNT\$NtUninstallKB937143$\spuninst\spuninst.exe" Security Update for Windows XP (KB937894)-->"C:\WINNT\$NtUninstallKB937894$\spuninst\spuninst.exe" Security Update for Windows XP (KB938127)-->"C:\WINNT\$NtUninstallKB938127$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINNT\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB938829)-->"C:\WINNT\$NtUninstallKB938829$\spuninst\spuninst.exe" Security Update for Windows XP (KB939653)-->"C:\WINNT\$NtUninstallKB939653$\spuninst\spuninst.exe" Security Update for Windows XP (KB941202)-->"C:\WINNT\$NtUninstallKB941202$\spuninst\spuninst.exe" Security Update for Windows XP (KB941568)-->"C:\WINNT\$NtUninstallKB941568$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB941644)-->"C:\WINNT\$NtUninstallKB941644$\spuninst\spuninst.exe" Security Update for Windows XP (KB941693)-->"C:\WINNT\$NtUninstallKB941693$\spuninst\spuninst.exe" Security Update for Windows XP (KB942615)-->"C:\WINNT\$NtUninstallKB942615$\spuninst\spuninst.exe" Security Update for Windows XP (KB943055)-->"C:\WINNT\$NtUninstallKB943055$\spuninst\spuninst.exe" Security Update for Windows XP (KB943460)-->"C:\WINNT\$NtUninstallKB943460$\spuninst\spuninst.exe" Security Update for Windows XP (KB943485)-->"C:\WINNT\$NtUninstallKB943485$\spuninst\spuninst.exe" Security Update for Windows XP (KB944338)-->"C:\WINNT\$NtUninstallKB944338$\spuninst\spuninst.exe" Security Update for Windows XP (KB944533)-->"C:\WINNT\$NtUninstallKB944533$\spuninst\spuninst.exe" Security Update for Windows XP (KB944653)-->"C:\WINNT\$NtUninstallKB944653$\spuninst\spuninst.exe" Security Update for Windows XP (KB945553)-->"C:\WINNT\$NtUninstallKB945553$\spuninst\spuninst.exe" Security Update for Windows XP (KB946026)-->"C:\WINNT\$NtUninstallKB946026$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINNT\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB947864)-->"C:\WINNT\$NtUninstallKB947864$\spuninst\spuninst.exe" Security Update for Windows XP (KB948590)-->"C:\WINNT\$NtUninstallKB948590$\spuninst\spuninst.exe" Security Update for Windows XP (KB948881)-->"C:\WINNT\$NtUninstallKB948881$\spuninst\spuninst.exe" Security Update for Windows XP (KB950749)-->"C:\WINNT\$NtUninstallKB950749$\spuninst\spuninst.exe" Security Update for Windows XP (KB950759)-->"C:\WINNT\$NtUninstallKB950759$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINNT\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINNT\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINNT\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINNT\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINNT\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINNT\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953838)-->"C:\WINNT\$NtUninstallKB953838$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINNT\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINNT\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINNT\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINNT\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956390)-->"C:\WINNT\$NtUninstallKB956390$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINNT\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINNT\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINNT\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINNT\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINNT\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINNT\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958215)-->"C:\WINNT\$NtUninstallKB958215$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINNT\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB960714)-->"C:\WINNT\$NtUninstallKB960714$\spuninst\spuninst.exe" Shockwave-->C:\WINNT\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\System32\Macromed\SHOCKW~1\Install.log SoftK56 Data Fax Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24D6&SUBSYS_3009107B\HXFSETUP.EXE -U -Iask20305.inf Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL Studio 9 Content CD/DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B67624DE-75CE-4FAD-9F29-5C115773CE61}\Setup.exe" -l0x9 UNINSTALL Studio 9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x9 UNINSTALL Trend Micro Internet Security-->C:\Program Files\Trend Micro\Internet Security\remove.exe Trend Micro Internet Security-->MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E} Update for Windows XP (KB898461)-->"C:\WINNT\$NtUninstallKB898461$\spuninst\spuninst.exe" Update for Windows XP (KB900485)-->"C:\WINNT\$NtUninstallKB900485$\spuninst\spuninst.exe" Update for Windows XP (KB908531)-->"C:\WINNT\$NtUninstallKB908531$\spuninst\spuninst.exe" Update for Windows XP (KB910437)-->"C:\WINNT\$NtUninstallKB910437$\spuninst\spuninst.exe" Update for Windows XP (KB911280)-->"C:\WINNT\$NtUninstallKB911280$\spuninst\spuninst.exe" Update for Windows XP (KB916595)-->"C:\WINNT\$NtUninstallKB916595$\spuninst\spuninst.exe" Update for Windows XP (KB920872)-->"C:\WINNT\$NtUninstallKB920872$\spuninst\spuninst.exe" Update for Windows XP (KB922582)-->"C:\WINNT\$NtUninstallKB922582$\spuninst\spuninst.exe" Update for Windows XP (KB927891)-->"C:\WINNT\$NtUninstallKB927891$\spuninst\spuninst.exe" Update for Windows XP (KB929338)-->"C:\WINNT\$NtUninstallKB929338$\spuninst\spuninst.exe" Update for Windows XP (KB930916)-->"C:\WINNT\$NtUninstallKB930916$\spuninst\spuninst.exe" Update for Windows XP (KB931836)-->"C:\WINNT\$NtUninstallKB931836$\spuninst\spuninst.exe" Update for Windows XP (KB933360)-->"C:\WINNT\$NtUninstallKB933360$\spuninst\spuninst.exe" Update for Windows XP (KB936357)-->"C:\WINNT\$NtUninstallKB936357$\spuninst\spuninst.exe" Update for Windows XP (KB938828)-->"C:\WINNT\$NtUninstallKB938828$\spuninst\spuninst.exe" Update for Windows XP (KB942763)-->"C:\WINNT\$NtUninstallKB942763$\spuninst\spuninst.exe" Update for Windows XP (KB942840)-->"C:\WINNT\$NtUninstallKB942840$\spuninst\spuninst.exe" Update for Windows XP (KB946627)-->"C:\WINNT\$NtUninstallKB946627$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINNT\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINNT\$NtUninstallKB955839$\spuninst\spuninst.exe" Wheel of Fortune 2 (remove only)-->"C:\Program Files\Sony Online Entertainment\Wheel of Fortune 2\Uninstall Wheel of Fortune 2.exe" Windows Installer 3.1 (KB893803)-->"C:\WINNT\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINNT\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows XP Hotfix - KB873339-->C:\WINNT\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP Hotfix - KB885835-->C:\WINNT\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP Hotfix - KB885836-->C:\WINNT\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP Hotfix - KB885884-->C:\WINNT\$NtUninstallKB885884$\spuninst\spuninst.exe Windows XP Hotfix - KB886185-->C:\WINNT\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP Hotfix - KB887472-->C:\WINNT\$NtUninstallKB887472$\spuninst\spuninst.exe Windows XP Hotfix - KB888113-->C:\WINNT\$NtUninstallKB888113$\spuninst\spuninst.exe Windows XP Hotfix - KB888302-->C:\WINNT\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP Hotfix - KB890859-->"C:\WINNT\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP Hotfix - KB891781-->C:\WINNT\$NtUninstallKB891781$\spuninst\spuninst.exe Windows XP Service Pack 2-->C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe Zuma Deluxe 1.0-->C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log" ======Security center information====== AV: Trend Micro Internet Security FW: Trend Micro Personal Firewall System event log Computer Name: S1098537242 Event Code: 7035 Message: The Remote Access Connection Manager service was successfully sent a start control. Record Number: 58859 Source Name: Service Control Manager Time Written: 20081002060730.000000-420 Event Type: information User: S1098537242\Administrator Computer Name: S1098537242 Event Code: 7036 Message: The Telephony service entered the running state. Record Number: 58858 Source Name: Service Control Manager Time Written: 20081002060730.000000-420 Event Type: information User: Computer Name: S1098537242 Event Code: 7036 Message: The Network Location Awareness (NLA) service entered the running state. Record Number: 58857 Source Name: Service Control Manager Time Written: 20081002060730.000000-420 Event Type: information User: Computer Name: S1098537242 Event Code: 7035 Message: The Network Location Awareness (NLA) service was successfully sent a start control. Record Number: 58856 Source Name: Service Control Manager Time Written: 20081002060730.000000-420 Event Type: information User: NT AUTHORITY\SYSTEM Computer Name: S1098537242 Event Code: 7035 Message: The SSDP Discovery Service service was successfully sent a start control. Record Number: 58855 Source Name: Service Control Manager Time Written: 20081002060730.000000-420 Event Type: information User: NT AUTHORITY\SYSTEM Application event log Computer Name: S1098537242 Event Code: 11 Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: 0x800b0101 Record Number: 2008 Source Name: crypt32 Time Written: 20060414081914.000000-420 Event Type: error User: Computer Name: S1098537242 Event Code: 2 Message: Successful auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> Record Number: 2007 Source Name: crypt32 Time Written: 20060414081914.000000-420 Event Type: information User: Computer Name: S1098537242 Event Code: 7 Message: Successful auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> Record Number: 2006 Source Name: crypt32 Time Written: 20060414081914.000000-420 Event Type: information User: Computer Name: S1098537242 Event Code: 11 Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: 0x800b0101 Record Number: 2005 Source Name: crypt32 Time Written: 20060414081914.000000-420 Event Type: error User: Computer Name: S1098537242 Event Code: 11 Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: 0x800b0101 Record Number: 2004 Source Name: crypt32 Time Written: 20060414081914.000000-420 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Sonic Shared;C:\Program Files\Intel\DMIX "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel "PROCESSOR_REVISION"=0209 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO -----------------EOF----------------- TY!
Attached File(s)
-------------------- "The only thing necessary for the the triumph of evil is for good men to do nothing."
-Edmund Burke (1729-1797) |
|
|
|
|
Jan 17 2009, 02:38 AM
Post
#4
|
|
|
Forum Addict Group: HJT Team Posts: 5,949 Joined: 4-December 07 Member No.: 174,482 |
IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..
1. Lavasoft Ad-Aware 2. Spybot - Search & Destroy 3. Viewpoint (all of them..) Please download the OTMoveIt3 by OldTimer
Run RSIT and DDS again... Post these logs in your next reply.. 1. OTMoveIt3 2. RSIT log.txt 3. DDS.txt -------------------- Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive Away for three months (22 August - 1 December 2009) |
|
|
|
 Jan 17 2009, 10:53 AM
Post
#5
|
|
|
Member Group: Members Posts: 23 Joined: 10-January 09 Member No.: 280,941 |
OTMove3 Log
========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== FILES ========== C:\WINNT\tasks\At1.job moved successfully. C:\WINNT\tasks\At10.job moved successfully. C:\WINNT\tasks\At11.job moved successfully. C:\WINNT\tasks\At12.job moved successfully. C:\WINNT\tasks\At13.job moved successfully. C:\WINNT\tasks\At14.job moved successfully. C:\WINNT\tasks\At15.job moved successfully. C:\WINNT\tasks\At16.job moved successfully. C:\WINNT\tasks\At17.job moved successfully. C:\WINNT\tasks\At18.job moved successfully. C:\WINNT\tasks\At19.job moved successfully. C:\WINNT\tasks\At2.job moved successfully. C:\WINNT\tasks\At20.job moved successfully. C:\WINNT\tasks\At21.job moved successfully. C:\WINNT\tasks\At22.job moved successfully. C:\WINNT\tasks\At23.job moved successfully. C:\WINNT\tasks\At24.job moved successfully. C:\WINNT\tasks\At25.job moved successfully. C:\WINNT\tasks\At26.job moved successfully. C:\WINNT\tasks\At27.job moved successfully. C:\WINNT\tasks\At28.job moved successfully. C:\WINNT\tasks\At29.job moved successfully. C:\WINNT\tasks\At3.job moved successfully. C:\WINNT\tasks\At30.job moved successfully. C:\WINNT\tasks\At31.job moved successfully. C:\WINNT\tasks\At32.job moved successfully. C:\WINNT\tasks\At33.job moved successfully. C:\WINNT\tasks\At34.job moved successfully. C:\WINNT\tasks\At35.job moved successfully. C:\WINNT\tasks\At36.job moved successfully. C:\WINNT\tasks\At37.job moved successfully. C:\WINNT\tasks\At38.job moved successfully. C:\WINNT\tasks\At39.job moved successfully. C:\WINNT\tasks\At4.job moved successfully. C:\WINNT\tasks\At40.job moved successfully. C:\WINNT\tasks\At41.job moved successfully. C:\WINNT\tasks\At42.job moved successfully. C:\WINNT\tasks\At43.job moved successfully. C:\WINNT\tasks\At44.job moved successfully. C:\WINNT\tasks\At45.job moved successfully. C:\WINNT\tasks\At46.job moved successfully. C:\WINNT\tasks\At47.job moved successfully. C:\WINNT\tasks\At48.job moved successfully. C:\WINNT\tasks\At5.job moved successfully. C:\WINNT\tasks\At6.job moved successfully. C:\WINNT\tasks\At7.job moved successfully. C:\WINNT\tasks\At8.job moved successfully. C:\WINNT\tasks\At9.job moved successfully. File/Folder C:\WINNT\system32\zebekeli.dll not found. LoadLibrary failed for C:\WINNT\system32\zoweruna.dll C:\WINNT\system32\zoweruna.dll NOT unregistered. C:\WINNT\system32\zoweruna.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\zisewato.dll C:\WINNT\system32\zisewato.dll NOT unregistered. C:\WINNT\system32\zisewato.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\zakumuno.dll C:\WINNT\system32\zakumuno.dll NOT unregistered. C:\WINNT\system32\zakumuno.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\yurugahi.dll C:\WINNT\system32\yurugahi.dll NOT unregistered. C:\WINNT\system32\yurugahi.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\yunopadi.dll C:\WINNT\system32\yunopadi.dll NOT unregistered. C:\WINNT\system32\yunopadi.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\yezilewi.dll C:\WINNT\system32\yezilewi.dll NOT unregistered. C:\WINNT\system32\yezilewi.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\vadumema.dll C:\WINNT\system32\vadumema.dll NOT unregistered. C:\WINNT\system32\vadumema.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\tomomola.dll C:\WINNT\system32\tomomola.dll NOT unregistered. C:\WINNT\system32\tomomola.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\sunumudi.dll C:\WINNT\system32\sunumudi.dll NOT unregistered. C:\WINNT\system32\sunumudi.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\sipizeli.dll C:\WINNT\system32\sipizeli.dll NOT unregistered. C:\WINNT\system32\sipizeli.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\saseneda.dll C:\WINNT\system32\saseneda.dll NOT unregistered. C:\WINNT\system32\saseneda.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\ragutali.dll C:\WINNT\system32\ragutali.dll NOT unregistered. C:\WINNT\system32\ragutali.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\pegenemo.dll C:\WINNT\system32\pegenemo.dll NOT unregistered. C:\WINNT\system32\pegenemo.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\nuvakuka.dll C:\WINNT\system32\nuvakuka.dll NOT unregistered. C:\WINNT\system32\nuvakuka.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\nuhenehu.dll C:\WINNT\system32\nuhenehu.dll NOT unregistered. C:\WINNT\system32\nuhenehu.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\noleyelo.dll C:\WINNT\system32\noleyelo.dll NOT unregistered. C:\WINNT\system32\noleyelo.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\niyikaho.dll C:\WINNT\system32\niyikaho.dll NOT unregistered. C:\WINNT\system32\niyikaho.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\nisoresu.dll C:\WINNT\system32\nisoresu.dll NOT unregistered. C:\WINNT\system32\nisoresu.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\nevetuva.dll C:\WINNT\system32\nevetuva.dll NOT unregistered. C:\WINNT\system32\nevetuva.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\namagitu.dll C:\WINNT\system32\namagitu.dll NOT unregistered. C:\WINNT\system32\namagitu.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\mugelide.dll C:\WINNT\system32\mugelide.dll NOT unregistered. C:\WINNT\system32\mugelide.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\majisero.dll C:\WINNT\system32\majisero.dll NOT unregistered. C:\WINNT\system32\majisero.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\lowavoke.dll C:\WINNT\system32\lowavoke.dll NOT unregistered. C:\WINNT\system32\lowavoke.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\livaleze.dll C:\WINNT\system32\livaleze.dll NOT unregistered. C:\WINNT\system32\livaleze.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\kikehana.dll C:\WINNT\system32\kikehana.dll NOT unregistered. C:\WINNT\system32\kikehana.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\jugagabi.dll C:\WINNT\system32\jugagabi.dll NOT unregistered. C:\WINNT\system32\jugagabi.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\jadiribe.dll C:\WINNT\system32\jadiribe.dll NOT unregistered. C:\WINNT\system32\jadiribe.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\hevaluya.dll C:\WINNT\system32\hevaluya.dll NOT unregistered. C:\WINNT\system32\hevaluya.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\gukejibu.dll C:\WINNT\system32\gukejibu.dll NOT unregistered. C:\WINNT\system32\gukejibu.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\gihiwake.dll C:\WINNT\system32\gihiwake.dll NOT unregistered. C:\WINNT\system32\gihiwake.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\dojoboli.dll C:\WINNT\system32\dojoboli.dll NOT unregistered. C:\WINNT\system32\dojoboli.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\dilotiri.dll C:\WINNT\system32\dilotiri.dll NOT unregistered. C:\WINNT\system32\dilotiri.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\defadipa.dll C:\WINNT\system32\defadipa.dll NOT unregistered. C:\WINNT\system32\defadipa.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\dagewoyo.dll C:\WINNT\system32\dagewoyo.dll NOT unregistered. C:\WINNT\system32\dagewoyo.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\benagaya.dll C:\WINNT\system32\benagaya.dll NOT unregistered. C:\WINNT\system32\benagaya.dll moved successfully. LoadLibrary failed for C:\WINNT\system32\begozebu.dll C:\WINNT\system32\begozebu.dll NOT unregistered. C:\WINNT\system32\begozebu.dll moved successfully. File/Folder c:\winnt\system32\gukejibu.dll not found. File/Folder c:\winnt\system32\mirajehi.dll not found. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully! ========== COMMANDS ========== User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINNT\temp\Perflib_Perfdata_cc.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01172009_072942 Files moved on Reboot... File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File C:\WINNT\temp\Perflib_Perfdata_cc.dat not found! RSIT Log Logfile of random's system information tool 1.05 (written by random/random) Run by Administrator at 2009-01-17 07:43:04 Microsoft Windows XP Professional Service Pack 2 System drive C: has 173 GB (90%) free of 191 GB Total RAM: 510 MB (42% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:43:16 AM, on 1/17/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\ehome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Administrator\Desktop\RSIT.exe C:\Program Files\trend micro\Administrator.exe C:\WINNT\system32\wscntfy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.helloworld.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.net/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing) O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {86425144-8E97-41D5-8BCF-302812D44692} (RazorStreamControl.CaptureControl) - http://www.helloworld.com/root.controls/RSControl40.CAB O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 5168 bytes ======Scheduled tasks folder====== C:\WINNT\tasks\AppleSoftwareUpdate.job C:\WINNT\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1090050001.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-14 50376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-22 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-22 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-22 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ATIModeChange"=C:\WINNT\system32\Ati2mdxx.exe [2001-09-04 28672] "UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-07-29 1398024] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-08-30 139264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINNT\system32\ctfmon.exe [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] C:\WINNT\ehome\ehtray.exe [2004-08-03 50176] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Ink Monitor] C:\Program Files\Gateway Utilities\GWInkMonitor.exe [2003-06-24 303180] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2007-09-14 267064] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-07-25 563984] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-07-25 2027792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StacSysTray] C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe [2003-10-23 962560] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-22 136600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-05-21 180269] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000] C:\WINNT\vVX3000.exe [2007-04-10 709992] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk] C:\PROGRA~1\GREETI~1\GWREMIND.EXE [1997-09-03 50688] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk] C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe [2003-04-06 147456] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe [2003-04-06 28672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk] C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~3\SonyTray.exe [2003-11-21 151552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk] C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE [2003-12-17 106496] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^YourScreen.lnk] C:\PROGRA~1\YOURSC~1\YOURSC~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PassThru"=3 "ose"=3 "nmservice"=2 "nmraapache"=3 "NBService"=3 "MDM"=2 "LVPrcSrv"=2 "LVCOMSer"=2 "iPod Service"=3 "gusvc"=3 "Apple Mobile Device"=2 "PrismXL"=2 "LVSrvLauncher"=2 "aawservice"=2 C:\Documents and Settings\All Users\Start Menu\Programs\Startup Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINNT\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll [2006-08-24 133120] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager" "C:\Program Files\Combat Arms\CombatArms.exe"="C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe" "C:\Program Files\Combat Arms\Engine.exe"="C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe" "C:\Program Files\Combat Arms\NMService.exe"="C:\Program Files\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core" "C:\Program Files\Trend Micro\Internet Security\TmPfw.exe"="C:\Program Files\Trend Micro\Internet Security\TmPfw.exe:*:Enabled:TmPfw" "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"="C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM" "C:\Program Files\Trend Micro\BM\TMBMSRV.exe"="C:\Program Files\Trend Micro\BM\TMBMSRV.exe:*:Enabled:TMBMSRV" "C:\WINNT\system32\wbem\wmiprvse.exe"="C:\WINNT\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse" "C:\WINNT\system32\userinit.exe"="C:\WINNT\system32\userinit.exe:*:Enabled:userinit" "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe:*:Enabled:UfSeAgnt" "C:\WINNT\system32\sndvol32.exe"="C:\WINNT\system32\sndvol32.exe:*:Enabled:SNDVOL32" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\Program Files\Combat Arms\CombatArms.exe"="C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe" "C:\Program Files\Combat Arms\Engine.exe"="C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{176b2d23-155e-11dc-9245-0040ca6bbb4b}] shell\AutoRun\command - I:\LaunchU3.exe -a ======List of files/folders created in the last 3 months====== 2009-01-17 07:29:42 ----D---- C:\_OTMoveIt 2009-01-16 21:12:40 ----A---- C:\WINNT\gmer.ini 2009-01-16 21:12:39 ----A---- C:\WINNT\gmer_uninstall.cmd 2009-01-16 21:12:39 ----A---- C:\WINNT\gmer.dll 2009-01-16 21:12:38 ----RA---- C:\WINNT\gmer.exe 2009-01-16 21:07:24 ----D---- C:\rsit 2009-01-16 20:27:26 ----SHD---- C:\RECYCLER 2009-01-16 20:11:36 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2009-01-16 20:11:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-01-16 20:11:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-01-10 15:05:31 ----A---- C:\1-10-09ComboRprt.txt 2009-01-10 14:57:57 ----A---- C:\ComboFix.txt 2009-01-10 14:31:28 ----D---- C:\WINNT\temp 2009-01-10 14:27:29 ----A---- C:\WINNT\zip.exe 2009-01-10 14:27:29 ----A---- C:\WINNT\VFIND.exe 2009-01-10 14:27:29 ----A---- C:\WINNT\SWXCACLS.exe 2009-01-10 14:27:29 ----A---- C:\WINNT\SWSC.exe 2009-01-10 14:27:29 ----A---- C:\WINNT\SWREG.exe 2009-01-10 14:27:29 ----A---- C:\WINNT\sed.exe 2009-01-10 14:27:29 ----A---- C:\WINNT\NIRCMD.exe 2009-01-10 14:27:29 ----A---- C:\WINNT\grep.exe 2009-01-10 14:27:29 ----A---- C:\WINNT\fdsv.exe 2009-01-10 14:26:54 ----D---- C:\Qoobox 2009-01-10 09:49:59 ----A---- C:\WINNT\HPGdiPlus.ini 2009-01-10 09:47:17 ----D---- C:\Program Files\HP 2008-12-22 19:36:49 ----A---- C:\WINNT\system32\javaws.exe 2008-12-22 19:36:49 ----A---- C:\WINNT\system32\javaw.exe 2008-12-22 19:36:49 ----A---- C:\WINNT\system32\java.exe 2008-12-22 19:36:49 ----A---- C:\WINNT\system32\deploytk.dll 2008-12-22 19:17:20 ----A---- C:\Boot.bak 2008-12-22 19:17:03 ----RASHD---- C:\cmdcons 2008-12-22 19:16:03 ----D---- C:\WINNT\ERDNT 2008-12-20 14:40:40 ----D---- C:\Program Files\Lavasoft 2008-12-20 14:40:38 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-12-20 14:26:07 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop 2008-12-20 13:48:55 ----HDC---- C:\WINNT\$NtUninstallKB955839$ 2008-12-20 13:48:36 ----D---- C:\Program Files\PCPitstop 2008-12-20 13:40:15 ----HDC---- C:\WINNT\$NtUninstallKB958215$ 2008-12-20 13:29:55 ----HDC---- C:\WINNT\$NtUninstallKB960714$ 2008-12-20 13:26:19 ----HDC---- C:\WINNT\$NtUninstallKB954600$ 2008-12-20 13:22:17 ----HDC---- C:\WINNT\$NtUninstallKB956802$ 2008-12-19 06:01:44 ----A---- C:\WINNT\system32\SET7F.tmp 2008-11-11 19:06:11 ----HDC---- C:\WINNT\$NtUninstallKB957097$ 2008-11-11 19:04:46 ----HDC---- C:\WINNT\$NtUninstallKB955069$ 2008-11-01 12:31:28 ----D---- C:\Program Files\Combat Arms 2008-11-01 12:31:27 ----D---- C:\Documents and Settings\All Users\Application Data\NexonUS 2008-10-24 20:00:27 ----A---- C:\WINNT\DCEBoot.exe 2008-10-24 04:55:34 ----HDC---- C:\WINNT\$NtUninstallKB958644$ 2008-10-23 05:01:36 ----A---- C:\WINNT\system32\SET54.tmp ======List of files/folders modified in the last 3 months====== 2009-01-17 07:43:07 ----D---- C:\Program Files\Trend Micro 2009-01-17 07:36:09 ----AD---- C:\WINNT\system32 2009-01-17 07:36:09 ----A---- C:\WINNT\system32\PerfStringBackup.INI 2009-01-17 07:35:50 ----D---- C:\WINNT\system32\CatRoot2 2009-01-17 07:35:33 ----D---- C:\WINNT\Prefetch 2009-01-17 07:32:03 ----D---- C:\WINNT 2009-01-17 07:30:44 ----A---- C:\WINNT\SchedLgU.Txt 2009-01-17 07:29:42 ----SD---- C:\WINNT\Tasks 2009-01-17 07:22:50 ----SHD---- C:\WINNT\Installer 2009-01-17 07:22:50 ----D---- C:\Program Files\Common Files 2009-01-17 07:22:46 ----D---- C:\WINNT\system32\drivers 2009-01-16 22:02:58 ----A---- C:\WINNT\ModemLog_Conexant SoftK56 Data Fax Modem.txt 2009-01-16 21:44:32 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2009-01-16 20:11:25 ----D---- C:\Program Files 2009-01-10 15:32:41 ----RASH---- C:\boot.ini 2009-01-10 15:32:41 ----A---- C:\WINNT\win.ini 2009-01-10 15:32:41 ----A---- C:\WINNT\system.ini 2009-01-10 14:51:57 ----D---- C:\WINNT\system32\config 2009-01-10 14:30:34 ----D---- C:\WINNT\AppPatch 2009-01-10 14:29:00 ----SD---- C:\WINNT\Downloaded Program Files 2009-01-10 09:52:43 ----HD---- C:\WINNT\inf 2009-01-10 09:52:42 ----D---- C:\Program Files\Hewlett-Packard 2009-01-10 09:47:04 ----D---- C:\WINNT\Downloaded Installations 2009-01-10 08:26:58 ----D---- C:\WINNT\system32\CatRoot 2009-01-10 08:17:08 ----AC---- C:\WINNT\ntbtlog.txt 2009-01-09 19:46:12 ----A---- C:\WINNT\NeroDigital.ini 2009-01-09 19:23:00 ----D---- C:\WINNT\system32\wbem 2009-01-02 18:17:32 ----D---- C:\Program Files\Greetings Workshop 2008-12-22 23:22:38 ----SHD---- C:\System Volume Information 2008-12-22 23:22:38 ----D---- C:\WINNT\system32\Restore 2008-12-22 19:36:33 ----D---- C:\Program Files\Java 2008-12-20 13:41:18 ----A---- C:\WINNT\imsins.BAK 2008-12-20 13:40:44 ----RSHD---- C:\WINNT\system32\dllcache 2008-12-20 13:40:38 ----D---- C:\Program Files\Internet Explorer 2008-12-20 13:38:49 ----HD---- C:\WINNT\$hf_mig$ 2008-12-02 16:58:19 ----D---- C:\WINNT\Help 2008-11-11 19:03:50 ----D---- C:\WINNT\WinSxS 2008-10-22 01:47:07 ----N---- C:\WINNT\system32\tzchange.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINNT\system32\drivers\AFS2K.sys [2004-10-07 35840] R1 cdrbsvsd;cdrbsvsd; C:\WINNT\system32\drivers\cdrbsvsd.sys [2003-12-03 13566] R1 intelppm;Intel Processor Driver; C:\WINNT\System32\DRIVERS\intelppm.sys [2004-08-03 36096] R1 kbdhid;Keyboard HID Driver; C:\WINNT\System32\DRIVERS\kbdhid.sys [2004-08-03 14848] R1 PCLEPCI;PCLEPCI; \??\C:\WINNT\System32\drivers\pclepci.sys [] R1 tmtdi;Trend Micro TDI Driver; C:\WINNT\system32\DRIVERS\tmtdi.sys [2008-02-15 65936] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINNT\System32\drivers\ws2ifsl.sys [2003-03-31 12032] R2 CX23880;AVerMedia AVerTV MPEG Video Capture (!); C:\WINNT\system32\drivers\cx88vid.sys [2003-10-21 246272] R2 CX88ENC;AVerMedia AVerTV MPEG Encoder; C:\WINNT\system32\drivers\cx88enc.sys [2003-10-21 294912] R2 CX88XBAR;AVerMedia AVerTV MPEG Crossbar; C:\WINNT\system32\drivers\CX88XBAR.sys [2003-10-21 6912] R2 CXTUNE;AVerMedia AVerTV Tuner; C:\WINNT\system32\drivers\CX88TUNE.sys [2003-10-21 30848] R2 mdmxsdk;mdmxsdk; C:\WINNT\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043] R2 tmcomm;tmcomm; \??\C:\WINNT\system32\drivers\tmcomm.sys [] R2 tmpreflt;tmpreflt; C:\WINNT\system32\DRIVERS\tmpreflt.sys [2008-11-26 36368] R2 tmxpflt;tmxpflt; C:\WINNT\system32\DRIVERS\tmxpflt.sys [2008-11-26 205328] R2 vsapint;vsapint; C:\WINNT\system32\DRIVERS\vsapint.sys [2008-11-26 1195384] R3 ASAPIW2k;ASAPIW2K; C:\WINNT\system32\drivers\ASAPIW2k.sys [2004-03-10 11264] R3 ati2mtag;ati2mtag; C:\WINNT\System32\DRIVERS\ati2mtag.sys [2003-08-12 594432] R3 CXAVSAUD;AVerMedia AVerTV AvStream Audio Capture; C:\WINNT\system32\drivers\cxavsaud.sys [2003-10-21 8320] R3 E100B;Intel® PRO Network Connection Driver; C:\WINNT\System32\DRIVERS\e100b325.sys [2007-03-14 165760] R3 GEARAspiWDM;GEARAspiWDM; C:\WINNT\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 HidFP;HID Front Panel Driver Service; C:\WINNT\System32\DRIVERS\HidFP.sys [2006-01-23 4128] R3 HidIr;Microsoft Infrared HID Driver; C:\WINNT\System32\DRIVERS\hidir.sys [2004-08-03 15104] R3 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 HSF_DP;HSF_DP; C:\WINNT\System32\DRIVERS\HSF_DP.sys [2003-07-28 1064448] R3 HSFHWICH;HSFHWICH; C:\WINNT\System32\DRIVERS\HSFHWICH.sys [2003-07-28 190848] R3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINNT\System32\DRIVERS\IrBus.sys [2004-08-03 40832] R3 MarvinBus;Pinnacle Marvin Bus; C:\WINNT\System32\DRIVERS\MarvinBus.sys [2004-03-29 90464] R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 MxlW2k;MxlW2k; C:\WINNT\system32\drivers\MxlW2k.sys [2004-07-17 28352] R3 pfc;Padus ASPI Shell; C:\WINNT\system32\drivers\pfc.sys [2003-08-01 9856] R3 STAC97;SigmaTel C-Major Audio; C:\WINNT\system32\drivers\STAC97.sys [2003-10-17 252144] R3 tmcfw;Trend Micro Common Firewall Service; C:\WINNT\system32\DRIVERS\TM_CFW.sys [2008-02-15 333328] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\System32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;USB2 Enabled Hub; C:\WINNT\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 winachsf;winachsf; C:\WINNT\System32\DRIVERS\HSF_CNXT.sys [2003-07-28 672256] S2 tmactmon;tmactmon; \??\C:\WINNT\system32\drivers\tmactmon.sys [] S2 tmevtmgr;tmevtmgr; \??\C:\WINNT\system32\drivers\tmevtmgr.sys [] S3 61883;61883 Unit Device; C:\WINNT\System32\DRIVERS\61883.sys [2004-08-03 48128] S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINNT\system32\drivers\ac97intc.sys [2001-08-17 96256] S3 Arp1394;1394 ARP Client Protocol; C:\WINNT\System32\DRIVERS\arp1394.sys [2004-08-03 60800] S3 Avc;AVC Device; C:\WINNT\System32\DRIVERS\avc.sys [2004-08-03 38912] S3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINNT\System32\DRIVERS\bcmwl5.sys [2003-06-13 254208] S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINNT\System32\DRIVERS\Camdrl.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINNT\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 EagleNT;EagleNT; \??\C:\WINNT\system32\drivers\EagleNT.sys [] S3 gmer;gmer; C:\WINNT\System32\DRIVERS\gmer.sys [2009-01-16 85969] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINNT\System32\DRIVERS\HPZid412.sys [2003-03-09 51024] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINNT\System32\DRIVERS\HPZipr12.sys [2003-03-09 16080] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINNT\System32\DRIVERS\HPZius12.sys [2003-03-09 21456] S3 LVcKap;Logitech AEC Driver; C:\WINNT\system32\DRIVERS\LVcKap.sys [2007-07-20 2109592] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINNT\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2142488] S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINNT\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINNT\system32\drivers\LVUSBSta.sys [2007-07-18 41752] S3 MSDV;Microsoft DV Camera and VCR; C:\WINNT\System32\DRIVERS\msdv.sys [2004-08-03 51328] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Microsoft TV/Video Connection; C:\WINNT\System32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 NIC1394;1394 Net Driver; C:\WINNT\System32\DRIVERS\nic1394.sys [2004-08-03 61824] S3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 pepifilter;Volume Adapter; C:\WINNT\system32\DRIVERS\lv302af.sys [2007-07-18 13848] S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINNT\system32\DRIVERS\LV302V32.SYS [2007-07-18 1278104] S3 SLIP;BDA Slip De-Framer; C:\WINNT\System32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 streamip;BDA IPSink; C:\WINNT\System32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 usbaudio;USB Audio Driver (WDM); C:\WINNT\system32\drivers\usbaudio.sys [2004-08-03 59264] S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 VX3000;VX-3000; C:\WINNT\system32\DRIVERS\VX3000.sys [2007-04-10 1966696] S3 wanatw;WAN Miniport (ATW); C:\WINNT\System32\DRIVERS\wanatw4.sys [] S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINNT\System32\Ati2evxx.exe [2003-08-12 319488] R2 ehSched;Media Center Scheduler Service; C:\WINNT\ehome\ehSched.exe [2004-08-03 84992] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-22 152984] S2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 698888] S2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2007-12-24 333064] S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINNT\System32\HPZipm12.exe [2003-03-09 65795] S3 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2008-02-15 488768] S3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-02-15 648456] S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592] S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-14 503608] S4 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-20 186904] S4 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-20 137752] S4 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-20 141848] S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-08-22 724992] S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S4 PrismXL;PrismXL; C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS [2006-01-23 57344] -----------------EOF----------------- DDS.txt Log DDS (Ver_09-01-07.01) - NTFSx86 Run by Administrator at 7:46:14.48 on Sat 01/17/2009 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.264 [GMT -8:00] AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) FW: Trend Micro Personal Firewall *disabled* ============== Running Processes =============== C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\svchost -k DcomLaunch svchost.exe C:\WINNT\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\ehome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINNT\System32\svchost.exe -k imgsvc C:\WINNT\Explorer.EXE C:\WINNT\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINNT\system32\wscntfy.exe C:\Documents and Settings\Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.helloworld.com/ mStart Page = hxxp://www.gatewaybiz.com uInternet Connection Wizard,ShellNext = hxxp://www.gateway.net/ uInternet Settings,ProxyOverride = localhost uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\winnt\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe mRun: [ATIModeChange] Ati2mdxx.exe mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe" dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\winnt\system32\Shdocvw.dll Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R3 CXAVSAUD;AVerMedia AVerTV AvStream Audio Capture;c:\winnt\system32\drivers\cxavsaud.sys [2003-10-11 8320] R3 HidFP;HID Front Panel Driver Service;c:\winnt\system32\drivers\HidFP.sys [2006-1-23 4128] R3 tmcfw;Trend Micro Common Firewall Service;c:\winnt\system32\drivers\TM_CFW.sys [2007-12-16 333328] R4 CX88XBAR;AVerMedia AVerTV MPEG Crossbar;c:\winnt\system32\drivers\cx88xbar.sys [2003-10-11 6912] R4 tmpreflt;tmpreflt;c:\winnt\system32\drivers\tmpreflt.sys [2007-12-16 36368] S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2008-9-13 488768] S3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-9-13 648456] S4 tmevtmgr;tmevtmgr;c:\winnt\system32\drivers\tmevtmgr.sys [2008-9-13 52240] =============== Created Last 30 ================ 2009-01-17 07:29 <DIR> --d----- C:\_OTMoveIt 2009-01-16 21:12 250 a------- c:\winnt\gmer.ini 2009-01-16 20:11 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-01-16 20:11 15,504 a------- c:\winnt\system32\drivers\mbam.sys 2009-01-16 20:11 38,496 a------- c:\winnt\system32\drivers\mbamswissarmy.sys 2009-01-16 20:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-01-16 20:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-01-10 14:27 161,792 a------- c:\winnt\SWREG.exe 2009-01-10 14:27 98,816 a------- c:\winnt\sed.exe 2009-01-10 09:49 206 a------- c:\winnt\HPGdiPlus.ini 2009-01-10 09:47 <DIR> --d----- c:\program files\HP 2008-12-22 19:36 73,728 a------- c:\winnt\system32\javacpl.cpl 2008-12-22 19:36 410,984 a------- c:\winnt\system32\deploytk.dll 2008-12-22 19:17 <DIR> a-dshr-- C:\cmdcons 2008-12-20 14:40 <DIR> --d----- c:\program files\Lavasoft 2008-12-20 14:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCPitstop 2008-12-20 13:48 <DIR> --d----- c:\program files\PCPitstop 2008-12-19 06:01 3,060,224 a------- c:\winnt\system32\SET7F.tmp ==================== Find3M ==================== 2009-01-16 20:32 24,494 a------- c:\docume~1\admini~1\applic~1\wklnhst.dat 2009-01-10 09:27 757,536 ac------ c:\docume~1\admini~1\applic~1\GDIPFONTCACHEV1.DAT 2008-12-12 09:33 3,060,224 -------- c:\winnt\system32\dllcache\mshtml.dll 2008-11-26 17:42 205,328 a------- c:\winnt\system32\drivers\tmxpflt.sys 2008-11-26 17:42 36,368 a------- c:\winnt\system32\drivers\tmpreflt.sys 2008-11-26 17:39 1,195,384 a------- c:\winnt\system32\drivers\vsapint.sys 2008-10-24 20:00 16,384 a------- c:\winnt\DCEBoot.exe 2008-10-24 03:10 453,632 -------- c:\winnt\system32\dllcache\mrxsmb.sys 2008-10-23 05:01 283,648 a------- c:\winnt\system32\SET54.tmp 2008-10-23 05:01 283,648 -------- c:\winnt\system32\dllcache\gdi32.dll 2006-04-24 05:21 3,596 ac------ c:\docume~1\admini~1\applic~1\ViewerApp.dat ============= FINISH: 7:46:43.37 =============== 
Attached File(s)
-------------------- "The only thing necessary for the the triumph of evil is for good men to do nothing."
-Edmund Burke (1729-1797) |
|
|
|
|
Jan 17 2009, 03:10 PM
Post
#6
|
|
|
Forum Addict Group: HJT Team Posts: 5,949 Joined: 4-December 07 Member No.: 174,482 |
Nice.. Lets do an online scan to see what might left...
Please run a free online scan with the ESET Online Scanner Note: You will need to use Internet Explorer for this scan.
How's the computer now? 
-------------------- Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive Away for three months (22 August - 1 December 2009) |
|
|
|
|
Jan 17 2009, 05:15 PM
Post
#7
|
|
|
Member Group: Members Posts: 23 Joined: 10-January 09 Member No.: 280,941 |
# version=4
# OnlineScanner.ocx=1.0.0.56 # OnlineScannerDLLA.dll=1, 0, 0, 51 # OnlineScannerDLLW.dll=1, 0, 0, 51 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3773 (20090117) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=599d65ebd1437d49826a235aa2d5c1bd # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2009-01-17 09:41:21 # local_time=2009-01-17 01:41:21 (-0800, Pacific Standard Time) # country="United States" # osver=5.1.2600 NT Service Pack 2 # scanned=308263 # found=0 # scan_time=2106 Computer is crisp and clean now. TY!  -------------------- "The only thing necessary for the the triumph of evil is for good men to do nothing."
-Edmund Burke (1729-1797) |
|
|
|
|
Jan 17 2009, 05:19 PM
Post
#8
|
|
|
Forum Addict Group: HJT Team Posts: 5,949 Joined: 4-December 07 Member No.: 174,482 |
Looks good to me.. Lets do some cleanup...
Please download OTCleanIt and save it to Desktop.
Please read these excellent articles by miekiemoes : Help! My computer is slow! How to prevent Malware Please reply to this thread once more and tell us about the computer behaviour before we can close this thread Have a safe and happy computing day! Regards fenzodahl512 -------------------- Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive Away for three months (22 August - 1 December 2009) |
|
|
|
|
Jan 17 2009, 07:02 PM
Post
#9
|
|
|
Member Group: Members Posts: 23 Joined: 10-January 09 Member No.: 280,941 |
Very smooth, Thank you very much. I will be sure to hit the Paypal botton.
-------------------- "The only thing necessary for the the triumph of evil is for good men to do nothing."
-Edmund Burke (1729-1797) |
|
|
|
|
Jan 18 2009, 02:37 AM
Post
#10
|
|
|
Forum Addict Group: HJT Team Posts: 5,949 Joined: 4-December 07 Member No.: 174,482 |
You are very welcome, I'm glad that we could help.
I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter.. If you have any new malware related questions or issues in the future please start a new topic. Cheers and Happy Computing ! fenzodahl512 -------------------- Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive Away for three months (22 August - 1 December 2009) |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2009 - 05:14 PM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.