Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer was or is very infected, had many password protected files


  • This topic is locked This topic is locked
91 replies to this topic

#1 manyangels

manyangels

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Mexico, USA
  • Local time:04:39 PM

Posted 29 November 2008 - 06:06 PM

I have an HP with an AMD processor. I first discovered big problems when I blindly trusted the Microsoft SP3
update. My HP constantly rebooted, and gave the blue screen of doom. After much discussion, and tools, I now have the HP staying on, but Bitdefender says I have many problems that it cannot clean because they are password protected.
Me thinks me needs Big help, I fear this issue is a big one. Thankyou

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:39 PM

Posted 29 November 2008 - 06:30 PM

Hi manyangels,

Welcome to BC HijackThis forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.


To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Note 1: If you have difficulty finding the logs, the logs are in this folder: C:\rsit

    Note 1: If you have difficulty finding the logs, the logs are in this folder: C:\rsit

    Note 2: The tool takes not more than one minute to scan the system.


You might want to save this page on your favorites, so you can find it again when you return.

#3 manyangels

manyangels
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Mexico, USA
  • Local time:04:39 PM

Posted 29 November 2008 - 07:53 PM

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-11-29 16:50:07
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 110 GB (74%) free of 148 GB
Total RAM: 1023 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:28 PM, on 11/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1227920308546
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 6663 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\McAfee Cleanup.job
C:\WINDOWS\tasks\RegRecall Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll [2003-09-03 98304]

{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2008-11-28 90112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2004-03-31 32881]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-04-01 151597]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
"VTTimer"=VTTimer.exe []
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-11-25 335872]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2003-04-03 50176]
"Reminder"=C:\Windows\Creator\Remind_XP.exe [2003-12-17 118784]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-01-16 88363]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2008-11-28 741376]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2008-11-28 69632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"ATI DeviceDetect"=C:\Program Files\ATI Multimedia\main\ATIDtct.EXE [2005-04-28 53248]
"ATI Remote Control"=C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe [2005-05-10 1482752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\System32\hphmon05.exe [2003-08-21 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [2003-08-21 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe [1998-05-07 52736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2004-01-16 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2003-09-16 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
C:\PROGRA~1\UPDATE~1\137903\Program\BACKWE~1.EXE [2004-04-01 16384]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
IMStart.lnk - C:\Program Files\InterMute\IMStart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-04-14 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69ac7c7a-bcde-11dd-b156-806d6172696f}]
shell\AutoRun\command - D:\Info.exe folder.htt 480 480


======List of files/folders created in the last 1 months======

2008-11-29 16:50:07 ----D---- C:\rsit
2008-11-29 16:50:07 ----D---- C:\Program Files\trend micro
2008-11-29 13:47:48 ----D---- C:\Documents and Settings\Owner\Application Data\InterVideo
2008-11-29 12:11:13 ----D---- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-11-29 09:58:25 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-11-29 09:58:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-29 09:58:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-28 17:19:17 ----A---- C:\WINDOWS\system32\un2065.txt
2008-11-28 17:19:17 ----A---- C:\WINDOWS\system32\2065.txt
2008-11-28 16:53:05 ----D---- C:\WINDOWS\system32\PreInstall
2008-11-28 16:51:10 ----N---- C:\WINDOWS\system32\LegitCheckControl.dll
2008-11-28 16:47:45 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-11-28 16:47:45 ----A---- C:\WINDOWS\system32\wups2.dll
2008-11-28 16:47:45 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-11-28 16:47:45 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-11-28 16:47:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-11-28 15:14:41 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-28 15:07:45 ----D---- C:\WINDOWS\system32\logs
2008-11-28 15:07:40 ----D---- C:\Documents and Settings\Owner\Application Data\BitDefender
2008-11-28 15:07:38 ----D---- C:\Binaries
2008-11-28 15:07:07 ----D---- C:\Program Files\BitDefender
2008-11-28 15:07:07 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-11-28 15:05:25 ----D---- C:\Program Files\Common Files\BitDefender
2008-11-28 15:00:50 ----D---- C:\WINDOWS\Prefetch
2008-11-28 14:53:29 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-11-28 14:52:55 ----N---- C:\WINDOWS\system32\proxycfg.exe
2008-11-28 14:52:55 ----N---- C:\WINDOWS\system32\logman.exe
2008-11-28 14:52:48 ----N---- C:\WINDOWS\system32\btpanui.dll
2008-11-28 14:52:48 ----N---- C:\WINDOWS\system32\bthserv.dll
2008-11-28 14:52:48 ----N---- C:\WINDOWS\system32\bthci.dll
2008-11-28 14:52:48 ----N---- C:\WINDOWS\system32\blastcln.exe
2008-11-28 14:52:48 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2008-11-28 14:52:48 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2008-11-28 14:52:48 ----N---- C:\WINDOWS\system32\auditusr.exe
2008-11-28 14:52:48 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-11-28 14:52:48 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-11-28 14:52:47 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-11-28 14:52:47 ----N---- C:\WINDOWS\system32\fwcfg.dll
2008-11-28 14:52:47 ----N---- C:\WINDOWS\system32\fsquirt.exe
2008-11-28 14:52:47 ----N---- C:\WINDOWS\system32\fltmc.exe
2008-11-28 14:52:47 ----N---- C:\WINDOWS\system32\fltlib.dll
2008-11-28 14:52:47 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-11-28 14:52:47 ----N---- C:\WINDOWS\system32\cmsetacl.dll
2008-11-28 14:52:46 ----N---- C:\WINDOWS\system32\kbdmlt48.dll
2008-11-28 14:52:46 ----N---- C:\WINDOWS\system32\kbdmlt47.dll
2008-11-28 14:52:46 ----N---- C:\WINDOWS\system32\kbdmaori.dll
2008-11-28 14:52:46 ----N---- C:\WINDOWS\system32\kbdinmal.dll
2008-11-28 14:52:46 ----N---- C:\WINDOWS\system32\kbdinben.dll
2008-11-28 14:52:46 ----N---- C:\WINDOWS\system32\kbdinbe1.dll
2008-11-28 14:52:46 ----N---- C:\WINDOWS\system32\kbdfi1.dll
2008-11-28 14:52:46 ----N---- C:\WINDOWS\system32\ieencode.dll
2008-11-28 14:52:46 ----N---- C:\WINDOWS\system32\httpapi.dll
2008-11-28 14:52:45 ----N---- C:\WINDOWS\system32\msdadiag.dll
2008-11-28 14:52:45 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-11-28 14:52:45 ----N---- C:\WINDOWS\system32\kbdukx.dll
2008-11-28 14:52:45 ----N---- C:\WINDOWS\system32\kbdsmsno.dll
2008-11-28 14:52:45 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll
2008-11-28 14:52:45 ----N---- C:\WINDOWS\system32\kbdno1.dll
2008-11-28 14:52:44 ----N---- C:\WINDOWS\system32\powercfg.exe
2008-11-28 14:52:44 ----N---- C:\WINDOWS\system32\pnrpnsp.dll
2008-11-28 14:52:44 ----N---- C:\WINDOWS\system32\p2psvc.dll
2008-11-28 14:52:44 ----N---- C:\WINDOWS\system32\p2pnetsh.dll
2008-11-28 14:52:44 ----N---- C:\WINDOWS\system32\p2pgraph.dll
2008-11-28 14:52:44 ----N---- C:\WINDOWS\system32\p2pgasvc.dll
2008-11-28 14:52:44 ----N---- C:\WINDOWS\system32\p2p.dll
2008-11-28 14:52:44 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-11-28 14:52:44 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-11-28 14:52:43 ----N---- C:\WINDOWS\system32\w3ssl.dll
2008-11-28 14:52:43 ----N---- C:\WINDOWS\system32\twext.dll
2008-11-28 14:52:43 ----N---- C:\WINDOWS\system32\strmfilt.dll
2008-11-28 14:52:43 ----N---- C:\WINDOWS\system32\smbinst.exe
2008-11-28 14:52:43 ----N---- C:\WINDOWS\system32\slserv.exe
2008-11-28 14:52:43 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-11-28 14:52:43 ----N---- C:\WINDOWS\system32\slgen.dll
2008-11-28 14:52:43 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-11-28 14:52:43 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-11-28 14:52:43 ----N---- C:\WINDOWS\system32\sdhcinst.dll
2008-11-28 14:52:43 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-11-28 14:52:42 ----N---- C:\WINDOWS\system32\winshfhc.dll
2008-11-28 14:52:41 ----N---- C:\WINDOWS\system32\wuauclt1.exe
2008-11-28 14:52:41 ----N---- C:\WINDOWS\system32\wshbth.dll
2008-11-28 14:52:41 ----N---- C:\WINDOWS\system32\wscsvc.dll
2008-11-28 14:52:41 ----N---- C:\WINDOWS\system32\wscntfy.exe
2008-11-28 14:52:41 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-11-28 14:52:40 ----N---- C:\WINDOWS\system32\xpob2res.dll
2008-11-28 14:52:40 ----N---- C:\WINDOWS\system32\xmlprovi.dll
2008-11-28 14:52:40 ----N---- C:\WINDOWS\system32\xmlprov.dll
2008-11-28 14:52:40 ----N---- C:\WINDOWS\system32\wuaueng1.dll
2008-11-28 14:52:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-11-28 14:52:40 ----A---- C:\WINDOWS\system32\wups.dll
2008-11-28 14:52:40 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-11-28 14:49:26 ----A---- C:\WINDOWS\004891_.tmp
2008-11-28 14:49:16 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-11-27 17:40:35 ----D---- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-11-27 17:19:12 ----D---- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-11-27 17:12:51 ----D---- C:\Documents and Settings\Owner\Application Data\MSNInstaller
2008-11-27 17:08:15 ----D---- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-11-27 16:49:31 ----D---- C:\Documents and Settings\Owner\Application Data\ATI
2008-11-27 16:49:27 ----RSHD---- C:\cmdcons
2008-11-27 16:49:14 ----D---- C:\Documents and Settings\Owner\Application Data\Help
2008-11-27 16:47:56 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-11-27 16:42:52 ----D---- C:\WINDOWS\system32\IOSUBSYS
2008-11-27 16:36:49 ----D---- C:\WINDOWS\system32\windows media
2008-11-27 16:36:47 ----A---- C:\WINDOWS\system32\wmvdmod.dll
2008-11-27 16:36:47 ----A---- C:\WINDOWS\system32\mpg4dmod.dll
2008-11-27 16:36:46 ----A---- C:\WINDOWS\system32\wmsdmod.dll
2008-11-27 16:36:46 ----A---- C:\WINDOWS\system32\wmadmod.dll
2008-11-27 16:36:45 ----A---- C:\WINDOWS\system32\wmadmoe.dll
2008-11-27 16:36:44 ----A---- C:\WINDOWS\system32\wmnetmgr.dll
2008-11-27 16:36:44 ----A---- C:\WINDOWS\system32\qasf.dll
2008-11-27 16:36:44 ----A---- C:\WINDOWS\system32\logagent.exe
2008-11-27 16:36:44 ----A---- C:\WINDOWS\system32\laprxy.dll
2008-11-27 16:36:43 ----A---- C:\WINDOWS\system32\wmvcore.dll
2008-11-27 16:36:43 ----A---- C:\WINDOWS\system32\wmasf.dll
2008-11-27 16:36:41 ----A---- C:\WINDOWS\system32\msnetobj.dll
2008-11-27 16:36:41 ----A---- C:\WINDOWS\system32\drmv2clt.dll
2008-11-27 16:36:41 ----A---- C:\WINDOWS\system32\drmstor.dll
2008-11-27 16:36:41 ----A---- C:\WINDOWS\system32\drmclien.dll
2008-11-27 16:36:41 ----A---- C:\WINDOWS\system32\blackbox.dll
2008-11-27 16:35:21 ----A---- C:\WINDOWS\system32\dsound.dll
2008-11-27 16:35:21 ----A---- C:\WINDOWS\system32\ddraw.dll
2008-11-27 16:34:05 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2008-11-27 16:34:01 ----RA---- C:\WINDOWS\system32\atiiiexx.dll
2008-11-27 16:15:57 ----A---- C:\WINDOWS\system32\wstdecod.dll
2008-11-27 16:15:57 ----A---- C:\WINDOWS\system32\psisdecd.dll
2008-11-27 16:15:57 ----A---- C:\WINDOWS\system32\msyuv.dll
2008-11-27 16:15:57 ----A---- C:\WINDOWS\system32\msvidctl.dll
2008-11-27 16:15:56 ----A---- C:\WINDOWS\system32\qdvd.dll
2008-11-27 16:15:56 ----A---- C:\WINDOWS\system32\qdv.dll
2008-11-27 16:15:56 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2008-11-27 16:15:56 ----A---- C:\WINDOWS\system32\dxdiag.exe
2008-11-27 16:15:56 ----A---- C:\WINDOWS\system32\dmusic.dll
2008-11-27 16:15:56 ----A---- C:\WINDOWS\system32\dmime.dll
2008-11-27 16:15:56 ----A---- C:\WINDOWS\system32\d3d9.dll
2008-11-27 16:15:56 ----A---- C:\WINDOWS\system32\d3d8.dll
2008-11-27 16:15:55 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2008-11-27 16:15:54 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2008-11-27 16:15:54 ----A---- C:\WINDOWS\system32\dplayx.dll
2008-11-27 16:03:49 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2008-11-27 16:03:49 ----A---- C:\WINDOWS\system32\mf3216.dll
2008-11-27 16:03:48 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-11-27 16:03:48 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2008-11-27 16:03:48 ----A---- C:\WINDOWS\system32\h323msp.dll
2008-11-27 16:03:35 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-11-27 16:03:35 ----A---- C:\WINDOWS\system32\mtxclu.dll
2008-11-27 16:03:35 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-11-27 16:03:35 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-11-27 16:03:35 ----A---- C:\WINDOWS\system32\comuid.dll
2008-11-27 16:03:34 ----A---- C:\WINDOWS\system32\txflog.dll
2008-11-27 16:03:34 ----A---- C:\WINDOWS\system32\rpcss.dll
2008-11-27 16:03:34 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2008-11-27 16:03:34 ----A---- C:\WINDOWS\system32\ole32.dll
2008-11-27 16:03:34 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-11-27 16:03:34 ----A---- C:\WINDOWS\system32\colbact.dll
2008-11-27 16:03:33 ----A---- C:\WINDOWS\system32\es.dll
2008-11-27 16:03:33 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-11-27 16:03:33 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-11-27 16:03:33 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-11-27 16:03:33 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-11-27 16:03:33 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-11-27 16:03:11 ----A---- C:\WINDOWS\system32\IVIresizeW7.dll
2008-11-27 16:03:11 ----A---- C:\WINDOWS\system32\IVIresizePX.dll
2008-11-27 16:03:11 ----A---- C:\WINDOWS\system32\IVIresizeP6.dll
2008-11-27 16:03:11 ----A---- C:\WINDOWS\system32\IVIresizeM6.dll
2008-11-27 16:03:11 ----A---- C:\WINDOWS\system32\IVIresizeA6.dll
2008-11-27 16:03:11 ----A---- C:\WINDOWS\system32\IVIresize.dll
2008-11-27 14:36:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-27 13:19:53 ----D---- C:\Program Files\WinISO
2008-11-26 17:55:43 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2008-11-26 17:55:22 ----D---- C:\Program Files\NortonInstaller
2008-11-26 17:41:50 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2008-11-26 17:41:04 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2008-11-26 17:40:16 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2008-11-26 17:39:32 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-11-26 17:38:45 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2008-11-26 17:37:52 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2008-11-26 17:36:59 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2008-11-26 17:36:13 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2008-11-26 17:34:52 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-11-26 17:34:10 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-11-26 17:32:55 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2008-11-26 17:32:04 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2008-11-26 17:30:53 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2008-11-26 17:30:12 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2008-11-26 17:28:51 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-11-26 17:28:02 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-11-26 17:26:48 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2008-11-26 17:26:04 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-11-26 17:24:50 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-11-26 17:24:04 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-11-26 17:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2008-11-26 17:22:00 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-11-26 17:20:45 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-11-26 17:20:01 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-11-26 17:19:17 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-11-26 17:18:34 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-11-26 17:17:45 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2008-11-26 17:16:56 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-11-26 17:16:08 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-11-26 17:15:22 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-11-26 17:14:34 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-11-26 17:13:43 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-11-26 17:12:58 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-11-26 17:12:07 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-11-26 17:11:23 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-11-26 17:10:32 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-11-26 16:42:47 ----HDC---- C:\WINDOWS\$NtUninstallKB917734_WMP9$
2008-11-26 16:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$
2008-11-26 16:31:26 ----HDC---- C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$
2008-11-26 16:29:28 ----HDC---- C:\WINDOWS\$NtUninstallKB905495$
2008-11-26 15:19:35 ----A---- C:\WINDOWS\005899_.tmp
2008-11-26 14:07:32 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller

======List of files/folders modified in the last 1 months======

2008-11-29 16:50:07 ----D---- C:\Program Files
2008-11-29 16:39:02 ----D---- C:\WINDOWS
2008-11-29 13:55:45 ----D---- C:\WINDOWS\TEMP
2008-11-29 12:25:24 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-11-29 12:20:34 ----D---- C:\Program Files\The Great Tree
2008-11-29 12:18:26 ----D---- C:\Program Files\Ricochet Xtreme
2008-11-29 12:15:02 ----D---- C:\Program Files\Pacific Heroes
2008-11-29 12:14:33 ----D---- C:\Program Files\Jam XM
2008-11-29 12:13:55 ----D---- C:\Program Files\Mah Jomino
2008-11-29 12:13:42 ----D---- C:\Program Files\Mahjong Holidays 2005
2008-11-29 12:13:30 ----D---- C:\Program Files\Mahjong Medley
2008-11-29 12:12:58 ----D---- C:\Program Files\Mah Jong Quest
2008-11-29 12:12:38 ----D---- C:\Program Files\Mah Jong Adventures
2008-11-29 12:09:58 ----AC---- C:\WINDOWS\disney.ini
2008-11-29 11:41:06 ----D---- C:\Program Files\Nero
2008-11-29 09:58:22 ----D---- C:\WINDOWS\system32\drivers
2008-11-29 08:48:30 ----D---- C:\WINDOWS\system32
2008-11-29 08:46:22 ----HD---- C:\WINDOWS\inf
2008-11-29 08:46:19 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-28 21:13:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-28 21:12:16 ----SD---- C:\WINDOWS\Tasks
2008-11-28 19:02:43 ----RASH---- C:\boot.ini
2008-11-28 19:02:43 ----A---- C:\WINDOWS\win.ini
2008-11-28 19:02:43 ----A---- C:\WINDOWS\system.ini
2008-11-28 17:35:36 ----D---- C:\WINDOWS\Help
2008-11-28 17:20:56 ----HD---- C:\Config.Msi
2008-11-28 17:17:42 ----SHD---- C:\WINDOWS\Installer
2008-11-28 17:17:31 ----D---- C:\WINDOWS\WinSxS
2008-11-28 16:58:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-28 16:58:38 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-28 16:53:04 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-11-28 16:51:53 ----A---- C:\WINDOWS\imsins.BAK
2008-11-28 16:51:47 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-11-28 15:55:02 ----D---- C:\Program Files\MagicISO
2008-11-28 15:28:00 ----A---- C:\WINDOWS\system32\txmlutil.dll
2008-11-28 15:14:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-28 15:10:36 ----D---- C:\WINDOWS\Debug
2008-11-28 15:05:25 ----D---- C:\Program Files\Common Files
2008-11-28 15:01:50 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-28 15:01:20 ----A---- C:\WINDOWS\setuplog.txt
2008-11-28 15:00:58 ----D---- C:\WINDOWS\system32\wbem
2008-11-28 15:00:10 ----D---- C:\WINDOWS\AppPatch
2008-11-28 15:00:08 ----RSD---- C:\WINDOWS\Fonts
2008-11-28 14:56:14 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-28 14:52:56 ----D---- C:\Program Files\Messenger
2008-11-28 14:52:54 ----D---- C:\WINDOWS\system32\Setup
2008-11-28 14:52:54 ----D---- C:\WINDOWS\system32\oobe
2008-11-28 14:52:54 ----D---- C:\WINDOWS\system32\mui
2008-11-28 14:52:54 ----D---- C:\WINDOWS\ime
2008-11-28 14:52:40 ----D---- C:\Program Files\Windows Media Player
2008-11-28 14:52:39 ----D---- C:\Program Files\Movie Maker
2008-11-28 14:52:29 ----D---- C:\Program Files\Internet Explorer
2008-11-28 14:52:28 ----D---- C:\WINDOWS\system32\Restore
2008-11-28 14:52:28 ----D---- C:\WINDOWS\system32\npp
2008-11-28 14:52:28 ----D---- C:\WINDOWS\msagent
2008-11-28 14:52:26 ----D---- C:\WINDOWS\srchasst
2008-11-28 14:52:25 ----D---- C:\Program Files\NetMeeting
2008-11-28 14:52:23 ----D---- C:\WINDOWS\system32\Com
2008-11-28 14:52:20 ----D---- C:\Program Files\Windows NT
2008-11-28 14:52:20 ----D---- C:\Program Files\Outlook Express
2008-11-28 14:52:15 ----D---- C:\Program Files\Common Files\System
2008-11-28 14:52:04 ----D---- C:\WINDOWS\system32\usmt
2008-11-28 14:52:03 ----D---- C:\WINDOWS\system
2008-11-28 14:50:37 ----RD---- C:\WINDOWS\Web
2008-11-28 14:50:21 ----RASH---- C:\NTDETECT.COM
2008-11-28 14:49:31 ----D---- C:\WINDOWS\security
2008-11-28 14:48:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-28 14:46:10 ----D---- C:\WINDOWS\EHome
2008-11-28 10:09:13 ----D---- C:\Program Files\Qwest
2008-11-28 10:06:52 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803$
2008-11-28 09:56:27 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-28 09:52:03 ----A---- C:\WINDOWS\QUICKEN.INI
2008-11-28 09:52:02 ----D---- C:\Program Files\Quicken
2008-11-28 09:04:26 ----D---- C:\Program Files\InterMute
2008-11-27 17:44:41 ----D---- C:\Program Files\Easy Internet signup
2008-11-27 17:33:03 ----D---- C:\Program Files\WinRAR
2008-11-27 17:03:35 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-27 16:49:27 ----AC---- C:\WINDOWS\UPGRADE.TXT
2008-11-27 16:41:53 ----D---- C:\Program Files\ATI Multimedia
2008-11-27 16:36:50 ----HD---- C:\WINDOWS\msdownld.tmp
2008-11-27 16:35:19 ----D---- C:\WINDOWS\system32\DirectX
2008-11-27 16:08:43 ----SHD---- C:\RECYCLER
2008-11-27 16:04:16 ----SHD---- C:\System Volume Information
2008-11-27 16:04:03 ----D---- C:\sysprep
2008-11-27 16:03:55 ----HDC---- C:\WINDOWS\$NtUninstallKB835732$
2008-11-27 16:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB828741$
2008-11-27 16:02:31 ----HDC---- C:\WINDOWS\$NtUninstallQ331958$
2008-11-27 16:01:12 ----RASH---- C:\BOOT.BAK
2008-11-27 16:01:09 ----D---- C:\WINDOWS\Registration
2008-11-27 15:29:29 ----D---- C:\WINDOWS\Minidump
2008-11-27 15:19:08 ----AC---- C:\WINDOWS\ntbtlog.txt
2008-11-27 14:51:39 ----HD---- C:\hp
2008-11-27 14:49:08 ----D---- C:\Program Files\Common Files\Services
2008-11-27 14:48:56 ----D---- C:\WINDOWS\system32\ras
2008-11-27 14:48:38 ----D---- C:\WINDOWS\system32\icsxml
2008-11-27 14:48:38 ----D---- C:\WINDOWS\system32\ias
2008-11-27 14:47:32 ----D---- C:\WINDOWS\addins
2008-11-27 14:47:29 ----D---- C:\WINDOWS\Media
2008-11-27 14:47:16 ----D---- C:\WINDOWS\Cursors
2008-11-27 14:47:12 ----HDC---- C:\WINDOWS\$NtUninstallQ817357$
2008-11-27 14:47:12 ----HDC---- C:\WINDOWS\$NtUninstallQ814995$
2008-11-27 14:47:12 ----HDC---- C:\WINDOWS\$NtUninstallQ329112$
2008-11-27 14:47:12 ----HDC---- C:\WINDOWS\$NtUninstallKB828028$
2008-11-27 14:47:11 ----HDC---- C:\WINDOWS\$NtUninstallKB824105$
2008-11-27 14:47:11 ----HDC---- C:\WINDOWS\$NtUninstallKB823182$
2008-11-27 14:46:41 ----RD---- C:\WINDOWS\Offline Web Pages
2008-11-27 14:46:39 ----RSD---- C:\WINDOWS\assembly
2008-11-27 13:19:54 ----D---- C:\Program Files\Treasure Island
2008-11-27 13:19:52 ----D---- C:\Program Files\Rally Racers
2008-11-27 13:19:50 ----D---- C:\Program Files\Santas Super Friends
2008-11-27 13:19:45 ----D---- C:\Program Files\Saints & Sinners Bowling
2008-11-27 13:19:43 ----D---- C:\Program Files\Golf Adventure Galaxy
2008-11-27 08:31:47 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-26 17:04:48 ----D---- C:\WINDOWS\peernet
2008-11-26 16:48:18 ----HDC---- C:\WINDOWS\$NtUninstallKB899587_0$
2008-11-26 16:47:31 ----HDC---- C:\WINDOWS\$NtUninstallKB924191_0$
2008-11-26 16:46:46 ----HDC---- C:\WINDOWS\$NtUninstallKB922819_0$
2008-11-26 16:45:44 ----HDC---- C:\WINDOWS\$NtUninstallKB885835_0$
2008-11-26 16:44:57 ----HDC---- C:\WINDOWS\$NtUninstallKB885836_0$
2008-11-26 16:44:12 ----HDC---- C:\WINDOWS\$NtUninstallKB923414_0$
2008-11-26 16:43:29 ----HDC---- C:\WINDOWS\$NtUninstallKB921883_0$
2008-11-26 16:42:17 ----HDC---- C:\WINDOWS\$NtUninstallKB911927_0$
2008-11-26 16:41:33 ----HDC---- C:\WINDOWS\$NtUninstallKB922616_0$
2008-11-26 16:40:50 ----HDC---- C:\WINDOWS\$NtUninstallKB901017_0$
2008-11-26 16:40:05 ----HDC---- C:\WINDOWS\$NtUninstallKB899591_0$
2008-11-26 16:39:19 ----HDC---- C:\WINDOWS\$NtUninstallKB920685_0$
2008-11-26 16:38:32 ----HDC---- C:\WINDOWS\$NtUninstallKB896424_0$
2008-11-26 16:37:45 ----HDC---- C:\WINDOWS\$NtUninstallKB893756_0$
2008-11-26 16:36:51 ----HDC---- C:\WINDOWS\$NtUninstallKB911280_0$
2008-11-26 16:36:01 ----HDC---- C:\WINDOWS\$NtUninstallKB911562_0$
2008-11-26 16:35:18 ----HDC---- C:\WINDOWS\$NtUninstallKB896423_0$
2008-11-26 16:34:35 ----HDC---- C:\WINDOWS\$NtUninstallKB873339_0$
2008-11-26 16:33:08 ----HDC---- C:\WINDOWS\$NtUninstallKB924496_0$
2008-11-26 16:32:11 ----HDC---- C:\WINDOWS\$NtUninstallKB921398_0$
2008-11-26 16:31:13 ----HDC---- C:\WINDOWS\$NtUninstallKB896358_0$
2008-11-26 16:30:23 ----HDC---- C:\WINDOWS\$NtUninstallKB910437_0$
2008-11-26 16:29:44 ----HDC---- C:\WINDOWS\$NtUninstallKB898458$
2008-11-26 16:28:43 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2008-11-26 16:28:14 ----HDC---- C:\WINDOWS\$NtUninstallKB902400_0$
2008-11-26 16:27:30 ----HDC---- C:\WINDOWS\$NtUninstallKB920670_0$
2008-11-26 16:26:49 ----HDC---- C:\WINDOWS\$NtUninstallKB891781_0$
2008-11-26 16:26:08 ----HDC---- C:\WINDOWS\$NtUninstallKB890046_0$
2008-11-26 16:25:26 ----HDC---- C:\WINDOWS\$NtUninstallKB919007_0$
2008-11-26 16:24:40 ----HDC---- C:\WINDOWS\$NtUninstallKB914388_0$
2008-11-26 16:23:58 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2008-11-26 16:23:30 ----HDC---- C:\WINDOWS\$NtUninstallKB917344_0$
2008-11-26 16:22:47 ----HDC---- C:\WINDOWS\$NtUninstallKB905414_0$
2008-11-26 16:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB917953_0$
2008-11-26 16:21:26 ----HDC---- C:\WINDOWS\$NtUninstallKB901214_0$
2008-11-26 16:20:47 ----HDC---- C:\WINDOWS\$NtUninstallKB923191_0$
2008-11-26 16:20:04 ----HDC---- C:\WINDOWS\$NtUninstallKB917422_0$
2008-11-26 16:19:25 ----HDC---- C:\WINDOWS\$NtUninstallKB888302_0$
2008-11-26 16:18:45 ----HDC---- C:\WINDOWS\$NtUninstallKB900725_0$
2008-11-26 16:17:56 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2008-11-26 16:17:16 ----HDC---- C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$
2008-11-26 16:16:59 ----HDC---- C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$
2008-11-26 16:16:44 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-11-26 16:16:06 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-11-26 16:15:30 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-11-26 16:14:52 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-11-26 15:44:11 ----HDC---- C:\WINDOWS\$NtUninstallKB835409$
2008-11-26 15:43:35 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-11-26 15:42:58 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-11-26 15:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-11-26 15:41:33 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-11-26 14:45:37 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2008-11-26 10:26:00 ----AC---- C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
2008-11-25 08:35:31 ----D---- C:\WINDOWS\setup.pss
2008-11-25 08:35:27 ----D---- C:\cmdcons(2)

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-04-01 43488]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-03 37376]
R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2004-01-02 11520]
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2004-01-16 1252940]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-02-14 611836]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2005-04-14 1130496]
R3 atinevxx;ATI WDM Rage Theater Video NSP; C:\WINDOWS\System32\DRIVERS\atinevxx.sys [2005-04-13 165888]
R3 ATITUNEP;ATI WDM TV Tuner; C:\WINDOWS\System32\DRIVERS\atineuxx.sys [2005-04-13 56320]
R3 ativraxx;ATI WDM Rage Theater Audio; C:\WINDOWS\System32\DRIVERS\atinraxx.sys [2005-04-13 55808]
R3 ATIXSAudio;ATI WDM TV Audio Crossbar; C:\WINDOWS\System32\DRIVERS\atinesxx.sys [2005-04-13 75776]
R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-11-28 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-11-28 104328]
R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-11-28 230920]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys []
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-11-12 41984]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2003-11-03 9760]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-08-29 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2005-04-13 15360]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 PCDCODEC;ATI WDM Specialized PCD Codec; C:\WINDOWS\System32\DRIVERS\atinpdxx.sys [2005-04-13 14848]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
S3 ATI Remote Wonder II;ATI Remote Wonder II; C:\WINDOWS\system32\drivers\ATIRWVD.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2004-01-02 432000]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 12672]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2004-02-04 134144]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2005-04-14 364544]
R2 GEARSecurity;Gear Security Service; C:\WINDOWS\System32\gearsec.exe [2003-11-03 53248]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-11-28 401408]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2008-11-28 1572864]
R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-01-16 417792]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-04-14 516096]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-21 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [2007-11-29 3946

#4 manyangels

manyangels
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Mexico, USA
  • Local time:04:39 PM

Posted 29 November 2008 - 07:55 PM

Here is the little one,,, TY farbar!!!! :thumbsup:

info.txt logfile of random's system information tool 1.04 2008-11-29 16:50:31

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Actiontec Gateway-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9692FD03-6662-4E62-B08C-30DFF51651E1}\setup.exe" -l0x9
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{685A56F8-75B6-44AD-B3DA-FB0A3266B47C}
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Agere Systems PCI Soft Modem-->agrsmdel
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Decoder-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7FA4C99A-5B8A-4AF2-9F2B-BC9CE7386947} /l1033
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Multimedia Center 9.061-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{66F4C25D-B1FE-4316-BC63-79AD4E6724BF} /l1033
AuthorScript Engine 1.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{752CA503-E29F-4610-A1A4-B21CDC58EF8D} /l1033
BitDefender Total Security 2009-->MsiExec.exe /X{8ACF317C-CA66-4363-AEBF-A073B124AA1A}
Blackhawk Striker from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E28167F1-3F42-40C7-9119-1D5A97444F10\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\8C4E79CC-03E1-43AA-9910-9A5113F24603\Uninstall.exe"
Bounce Symphony from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\D11F7128-8CBD-408B-8BF8-034604DEDD42\Uninstall.exe"
Crystal Maze from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292\Uninstall.exe"
DAO-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
Five Card Frenzy from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\DA44615A-C243-46A4-8E47-184CFF33CD38\Uninstall.exe"
GUIDE PLUS+™ for Windows® System - ATI-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}\setup.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 3.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 3.5-->C:\Program Files\HP\Digital Imaging\{C6C44651-7C66-4b11-92E8-17565D3D22DD}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Instant Support-->C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Photo & Imaging 3.5 - HP Devices-->C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 3.5-->"C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update-->MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
HPIZ350-->MsiExec.exe /X{F247869D-3643-4A9F-821B-3534145928E3}
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9705A7E1-3DD1-4BAC-8CA9-FE7B1473BEC9}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition-->MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MSN-->C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
Orbital from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\62067F4C-84A9-45B9-8573-B90468B0A3EF\Uninstall.exe"
Otto from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\BFBCBAE3-8293-4215-9C4F-C2402C118EDB\Uninstall.exe"
Overball from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\6723E59E-322A-417A-8E03-27A61E18253C\Uninstall.exe"
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Polar Bowler from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\36317AE4-57EC-4F3E-B828-009A3DD96BE8\Uninstall.exe"
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickConnect-->C:\Program Files\InstallShield Installation Information\{4998FF95-709A-430A-B104-92A009ABB848}\setup.exe -runfromtemp -l0x0009 -removeonly
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealOne Player-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
Slyder from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A\Uninstall.exe"
Toolkit View(HP)-->c:\Windows\HPTK\unhptkit.exe
Tradewinds from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\F5215F01-DFC0-475D-A910-6F1AF94E807E\Uninstall.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Updates from HP-->C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Word Symphony from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B8610D19-E576-4F91-8A2F-07898D9CA301\Uninstall.exe"

======Security center information======

AV: BitDefender Antivirus
FW: BitDefender Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:39 PM

Posted 29 November 2008 - 08:59 PM

  • Your logs shows that computer, besides other infection, has a flash drive infection. This type of infection get usually carried over through removable storage devices (flash drive/ USB drive/ thumb drive/ ipod/ memory stick/ memory card/ photo camera memory card/ external hard drive, etc) and networks. Tell me if you have and use these type of media, then we can disinfect them at the next step.

  • Open notepad (start-all programs-accessories-notepad). Copy and paste the text in the code box into the notepad.

    @ECHO OFF
    cd\
    attrib -h -r -s C:\WINDOWS\tasks\At*.job
    attrib -h -r -s "C:\WINDOWS\tasks\McAfee Cleanup.job"
    attrib -h -r -s "C:\WINDOWS\tasks\RegRecall Scheduled Scan.job"
    del C:\WINDOWS\tasks\At*.job
    del "C:\WINDOWS\tasks\McAfee Cleanup.job"
    del "C:\WINDOWS\tasks\RegRecall Scheduled Scan.job"
    reg delete "HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{69ac7c7a-bcde-11dd-b156-806d6172696f}"
    • Select save in:desktop
    • Fill in File name: remove.bat
    • Save as type: All file types (*.*)
    • Click Save and close the Notepad.
    • Double-click remove.bat on the desktop.
  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image



    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Edited by farbar, 30 November 2008 - 02:29 PM.


#6 manyangels

manyangels
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Mexico, USA
  • Local time:04:39 PM

Posted 30 November 2008 - 11:14 AM

farbar,,,
on the fiorst instruction,,, I downloaded the file,, saved to desktop, named it remove.bat, saved as all files,,,, and this is what came up

File not found - C:\WINDOWS\tasks\At*.job
Parameter format not correct -
Parameter format not correct -
Could Not Find C:\WINDOWS\tasks\At*.job
Could Not Find C:\WINDOWS\tasks\McAfee
Could Not Find C:\Cleanup.job
The filename, directory name, or volume label

Permanently delete the registry key software\
{69ac7c7a-bcde-11dd-b156-806d6172696f} (Y/N)?

not knowing what to do here????

#7 manyangels

manyangels
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Mexico, USA
  • Local time:04:39 PM

Posted 30 November 2008 - 11:18 AM

sorry,, not downloaded,,, copied and pasted to notepad

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:39 PM

Posted 30 November 2008 - 12:30 PM

I'm sorry I was way over my bedtime, I'm living in another time zone.
  • Please don't forget to give me feedback about the step 1 question.

  • Download and run the attached file. To do that:
    • Right-click the attached file.
    • Select Save Target As
    • Select Desktop and click Save.
    • Double-click the file to run it. It will disappears after removing the files.
  • Please proceed with the step 3.


#9 manyangels

manyangels
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Mexico, USA
  • Local time:04:39 PM

Posted 30 November 2008 - 12:42 PM

Please don't forget to give me feedback about the step 1 question.

with this question,, I do not use a flash drive, my Grandson has to do work for school,, I believe it goes from school computers to mine. I dont think he has the flash drive any more.


Download and run the attached file. To do that:
Right-click the attached file.

I do not see an attatched file for step 2, in step 2 I was to copy and paste to a notepad and then double click,,, I did that and the above post by me, is what it does when I start it,,,, If I missed something, I'm sorry,, but I'm still confused??
No need to appologize, as your instructions werent read by me till this morning! My bedtime, LOL Right now, it is 9:42 am here.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:39 PM

Posted 30 November 2008 - 12:44 PM

I'm very sorry, thought this time everything was right.

Edited by farbar, 30 November 2008 - 01:45 PM.


#11 manyangels

manyangels
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Mexico, USA
  • Local time:04:39 PM

Posted 30 November 2008 - 01:03 PM

ComboFix 08-11-29.03 - Owner 2008-11-30 9:50:26.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.641 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-30 )))))))))))))))))))))))))))))))
.

2008-11-29 16:50 . 2008-11-29 16:50 <DIR> d-------- C:\rsit
2008-11-29 16:50 . 2008-11-29 16:50 <DIR> d-------- c:\program files\trend micro
2008-11-29 13:47 . 2008-11-29 13:47 <DIR> d-------- c:\documents and settings\Owner\Application Data\InterVideo
2008-11-29 12:11 . 2008-11-29 12:11 <DIR> d-------- c:\documents and settings\Owner\Application Data\Apple Computer
2008-11-29 09:58 . 2008-11-29 09:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-29 09:58 . 2008-11-29 09:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-11-29 09:58 . 2008-11-29 09:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-29 09:58 . 2008-10-22 16:27 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-29 09:58 . 2008-10-22 16:27 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-28 16:47 . 2008-07-18 22:10 45,768 --a------ c:\windows\system32\wups2.dll
2008-11-28 16:47 . 2008-07-18 22:10 33,992 --a------ c:\windows\system32\wucltui.dll.mui
2008-11-28 16:47 . 2008-07-18 22:09 25,800 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-11-28 16:47 . 2008-07-18 22:09 25,800 --a------ c:\windows\system32\wuapi.dll.mui
2008-11-28 16:47 . 2008-07-18 22:08 20,680 --a------ c:\windows\system32\wuaueng.dll.mui
2008-11-28 15:14 . 2008-11-28 15:14 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-28 15:11 . 2008-11-28 15:11 850 --a------ c:\windows\system32\ProductTweaks.xml
2008-11-28 15:11 . 2008-11-28 15:11 385 --a------ c:\windows\system32\user_gensett.xml
2008-11-28 15:07 . 2008-11-28 15:07 <DIR> d-------- c:\windows\system32\logs
2008-11-28 15:07 . 2008-11-28 15:07 <DIR> d-------- c:\program files\BitDefender
2008-11-28 15:07 . 2008-11-28 15:07 <DIR> d-------- c:\documents and settings\Owner\Application Data\BitDefender
2008-11-28 15:07 . 2008-11-28 15:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2008-11-28 15:07 . 2008-11-28 15:07 <DIR> d-------- C:\Binaries
2008-11-28 15:05 . 2008-11-28 15:07 <DIR> d-------- c:\program files\Common Files\BitDefender
2008-11-28 14:53 . 2004-08-04 00:56 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-28 14:49 . 2005-02-24 19:35 22,752 --a------ c:\windows\system32\spupdsvc.exe
2008-11-28 14:49 . 2004-07-17 11:40 19,528 --a------ c:\windows\004891_.tmp
2008-11-28 10:50 . 2008-11-28 10:50 <DIR> d---s---- c:\documents and settings\Owner\UserData
2008-11-28 09:13 . 2008-11-28 09:13 22 --a------ c:\windows\system32\ati64hlp.stb
2008-11-27 17:12 . 2008-11-27 17:12 <DIR> d-------- c:\documents and settings\Owner\Application Data\MSNInstaller
2008-11-27 17:08 . 2008-11-27 17:08 <DIR> d-------- c:\documents and settings\Owner\Application Data\InstallShield
2008-11-27 16:49 . 2008-11-27 16:49 <DIR> d-------- c:\documents and settings\Owner\Application Data\ATI
2008-11-27 16:49 . 2008-11-29 08:47 22 --a------ c:\windows\system32\ati64hl2.stb
2008-11-27 16:47 . 2004-08-04 00:56 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2008-11-27 16:42 . 2008-11-27 16:42 <DIR> d-------- c:\windows\system32\IOSUBSYS
2008-11-27 16:35 . 2004-08-04 00:56 367,616 --a------ c:\windows\system32\dsound.dll
2008-11-27 16:35 . 2004-08-04 00:56 266,240 --a------ c:\windows\system32\ddraw.dll
2008-11-27 16:34 . 2005-04-14 21:05 516,096 --------- c:\windows\system32\ati2sgag.exe
2008-11-27 16:34 . 2005-04-14 20:39 299,008 -ra------ c:\windows\system32\atiiiexx.dll
2008-11-27 16:33 . 2005-04-08 12:42 87,540 -ra------ c:\windows\system32\atiicdxx.dat
2008-11-27 16:33 . 2005-01-28 09:12 9,684 -ra------ c:\windows\system32\atifglpf.xml
2008-11-27 16:19 . 1999-11-12 05:11 183,808 --a------ c:\windows\system32\bdeadmin.cpl
2008-11-27 16:06 . 2008-11-27 16:06 3,888 -rahs---- c:\windows\system32\drivers\HP_PC028A-ABA A620N_YC_Pavi_QMXK425_E43NAheBLU3_4_IKelut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH1_L409_M1024_J160_7AMD_8Athlon XP 3200+_92.2_111063044_N_P_Z_K_A11063059_U11063038_G10024150.MRK
2008-11-27 16:04 . 2004-04-01 01:03 <DIR> d-------- c:\windows\system32\config\systemprofile\WINDOWS
2008-11-27 16:02 . 2004-08-03 23:15 145,792 --a------ c:\windows\system32\drivers\portcls.sys
2008-11-27 16:02 . 2004-08-03 23:08 60,288 --a------ c:\windows\system32\drivers\drmk.sys
2008-11-27 16:01 . 2004-08-03 23:14 52,736 --a------ c:\windows\system32\drivers\i8042prt.sys
2008-11-27 16:01 . 2004-08-03 22:58 24,576 --a------ c:\windows\system32\drivers\kbdclass.sys
2008-11-27 15:59 . 2004-08-03 23:07 171,776 --a------ c:\windows\system32\drivers\kmixer.sys
2008-11-27 15:59 . 2004-08-03 22:39 142,464 --a------ c:\windows\system32\drivers\aec.sys
2008-11-27 15:59 . 2004-08-03 23:15 82,944 --a------ c:\windows\system32\drivers\wdmaud.sys
2008-11-27 15:59 . 2004-08-03 23:15 60,800 --a------ c:\windows\system32\drivers\sysaudio.sys
2008-11-27 15:59 . 2001-08-17 14:00 54,272 --a------ c:\windows\system32\drivers\swmidi.sys
2008-11-27 15:59 . 2004-08-03 23:07 52,864 --a------ c:\windows\system32\drivers\dmusic.sys
2008-11-27 15:59 . 2004-08-03 23:07 6,400 --a------ c:\windows\system32\drivers\splitter.sys
2008-11-27 15:59 . 2004-08-03 23:07 2,944 --a------ c:\windows\system32\drivers\drmkaud.sys
2008-11-27 15:58 . 2004-08-03 23:10 61,056 --a------ c:\windows\system32\drivers\ohci1394.sys
2008-11-27 15:58 . 2001-08-17 13:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2008-11-27 14:36 . 2008-11-28 16:58 <DIR> dr-hsc--- c:\windows\system32\dllcache
2008-11-27 13:19 . 2008-11-27 13:19 <DIR> d-------- c:\program files\WinISO
2008-11-27 11:41 . 2008-11-27 13:19 <DIR> d---s---- c:\documents and settings\Administrator.YOUR-VP7X3S9CTM.000
2008-11-26 17:55 . 2008-11-26 17:55 <DIR> d-------- c:\program files\NortonInstaller
2008-11-26 17:55 . 2008-11-26 17:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2008-11-26 15:19 . 2004-07-17 10:40 19,528 --a------ c:\windows\005899_.tmp
2008-11-26 14:07 . 2008-11-26 14:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-10-10 11:56 . 2008-11-25 08:35 <DIR> d-------- C:\cmdcons(2)
2008-10-06 06:52 . 2008-10-06 06:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 20:20 --------- d-----w c:\program files\The Great Tree
2008-11-29 20:18 --------- d-----w c:\program files\Ricochet Xtreme
2008-11-29 20:15 --------- d-----w c:\program files\Pacific Heroes
2008-11-29 20:14 --------- d-----w c:\program files\Jam XM
2008-11-29 20:13 --------- d-----w c:\program files\Mahjong Medley
2008-11-29 20:13 --------- d-----w c:\program files\Mahjong Holidays 2005
2008-11-29 20:13 --------- d-----w c:\program files\Mah Jomino
2008-11-29 20:12 --------- d-----w c:\program files\Mah Jong Quest
2008-11-29 20:12 --------- d-----w c:\program files\Mah Jong Adventures
2008-11-29 19:41 --------- d-----w c:\program files\Nero
2008-11-28 23:55 --------- d-----w c:\program files\MagicISO
2008-11-28 23:28 192,512 ----a-w c:\windows\system32\txmlutil.dll
2008-11-28 23:27 82,440 ----a-w c:\windows\system32\drivers\BDVEDISK.sys
2008-11-28 23:27 104,328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2008-11-28 23:25 230,920 ----a-w c:\windows\system32\drivers\bdfsfltr.sys
2008-11-28 23:25 111,112 ----a-w c:\windows\system32\drivers\bdfm.sys
2008-11-28 18:09 --------- d-----w c:\program files\Qwest
2008-11-28 17:52 --------- d-----w c:\program files\Quicken
2008-11-28 17:04 --------- d-----w c:\program files\InterMute
2008-11-28 01:44 --------- d-----w c:\program files\Easy Internet signup
2008-11-28 01:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-28 00:41 --------- d-----w c:\program files\ATI Multimedia
2008-11-27 21:19 --------- d-----w c:\program files\Treasure Island
2008-11-27 21:19 --------- d-----w c:\program files\Santas Super Friends
2008-11-27 21:19 --------- d-----w c:\program files\Saints & Sinners Bowling
2008-11-27 21:19 --------- d-----w c:\program files\Rally Racers
2008-11-27 21:19 --------- d-----w c:\program files\Golf Adventure Galaxy
2008-09-29 14:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2007-07-05 19:27 774,144 ----a-w c:\program files\RngInterstitial.dll
2006-10-29 22:12 23,970,177 ----a-w c:\program files\Mystery Case Files Huntsville.zip
2005-10-21 23:17 30,815,417 ----a-w c:\program files\Bejeweled 2 Deluxe.zip
2005-10-04 19:07 320,064 ----a-w c:\program files\Image Resizer Powertoy for Windows XP.msi
2005-03-15 17:31 439,483 ----a-w c:\program files\Soccer 021 (1600 x 1200).jpg.jpg
2004-10-19 00:24 127,097 -c--a-w c:\program files\Alien Skin.zip
2004-10-19 00:23 138 -c--a-w c:\program files\321Studios.zip
1999-06-25 16:55 149,504 ----a-w c:\program files\UNWISE.EXE
2005-08-17 19:45 5,229,088 -csha-w c:\windows\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2005-04-28 53248]
"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2005-05-10 1482752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-03-31 32881]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-04-01 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2003-12-17 118784]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2008-11-28 741376]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-11-28 69632]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 c:\windows\ALCXMNTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-01-16 c:\windows\AGRSMMSG.exe]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
IMStart.lnk - c:\program files\InterMute\IMStart.exe [2004-04-01 57344]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 15:38 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a------ 2003-08-21 03:15 483328 c:\windows\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
--a------ 2003-08-21 03:23 49152 c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 16:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2004-01-16 19:16 229376 c:\program files\iTunes\iTunesHelper.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 BDVEDISK;BDVEDISK;\??\c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82440]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-08-12 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2008-08-14 104328]
S3 Arrakis3;BitDefender Arrakis Server;"c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe" [2008-07-17 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2004\SystemOptimizer.exe []
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 09:54:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-11-30 9:58:11
ComboFix-quarantined-files.txt 2008-11-30 17:57:47
ComboFix2.txt 2008-11-30 16:01:02

Pre-Run: 118,921,007,104 bytes free
Post-Run: 118,910,328,832 bytes free

189

#12 manyangels

manyangels
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Mexico, USA
  • Local time:04:39 PM

Posted 30 November 2008 - 01:06 PM

Hoping I did everything right this time :thumbsup:

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:39 PM

Posted 30 November 2008 - 01:41 PM

with this question,, I do not use a flash drive, my Grandson has to do work for school,, I believe it goes from school computers to mine. I dont think he has the flash drive any more.


Good, because many time I've seen infections carry over from a school through a flash drive to home computers.

You did a good job. :thumbsup:

But you have run Combofix twice. I need to see the first log. It is located here: C:\Qoobox\ComboFix2.txt

when you open Ooobox folder located on the C drive open ComboFix2.txt and copy/paste the log please.

Edited by farbar, 30 November 2008 - 01:45 PM.


#14 manyangels

manyangels
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Mexico, USA
  • Local time:04:39 PM

Posted 30 November 2008 - 01:49 PM

ComboFix 08-11-29.03 - Owner 2008-11-30 7:53:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.676 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Gene6 FTP Server
c:\program files\Gene6 FTP Server\Accounts\settings.ini
c:\program files\Gene6 FTP Server\Backup\Administrator.reg
c:\program files\Gene6 FTP Server\Backup\RemoteAdmin\Remote.ini
c:\program files\Gene6 FTP Server\Plugins\g6_webadmin\www\config.dws
c:\program files\Gene6 FTP Server\registration-key.dat
c:\program files\Gene6 FTP Server\RemoteAdmin\Log\Admin-05-02-15.log
c:\program files\Gene6 FTP Server\RemoteAdmin\Remote.ini
c:\program files\Gene6 FTP Server\RemoteAdmin\RemoteAdmin.crt
c:\program files\Gene6 FTP Server\RemoteAdmin\RemoteAdmin.key
c:\program files\INSTALL.LOG
c:\windows\IE4 Error Log.txt
c:\windows\Readme.txt
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-30 )))))))))))))))))))))))))))))))
.

2008-11-29 16:50 . 2008-11-29 16:50 <DIR> d-------- C:\rsit
2008-11-29 16:50 . 2008-11-29 16:50 <DIR> d-------- c:\program files\trend micro
2008-11-29 13:47 . 2008-11-29 13:47 <DIR> d-------- c:\documents and settings\Owner\Application Data\InterVideo
2008-11-29 12:11 . 2008-11-29 12:11 <DIR> d-------- c:\documents and settings\Owner\Application Data\Apple Computer
2008-11-29 09:58 . 2008-11-29 09:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-29 09:58 . 2008-11-29 09:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-11-29 09:58 . 2008-11-29 09:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-29 09:58 . 2008-10-22 16:27 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-29 09:58 . 2008-10-22 16:27 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-28 16:47 . 2008-07-18 22:10 45,768 --a------ c:\windows\system32\wups2.dll
2008-11-28 16:47 . 2008-07-18 22:10 33,992 --a------ c:\windows\system32\wucltui.dll.mui
2008-11-28 16:47 . 2008-07-18 22:09 25,800 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-11-28 16:47 . 2008-07-18 22:09 25,800 --a------ c:\windows\system32\wuapi.dll.mui
2008-11-28 16:47 . 2008-07-18 22:08 20,680 --a------ c:\windows\system32\wuaueng.dll.mui
2008-11-28 15:14 . 2008-11-28 15:14 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-28 15:11 . 2008-11-28 15:11 850 --a------ c:\windows\system32\ProductTweaks.xml
2008-11-28 15:11 . 2008-11-28 15:11 385 --a------ c:\windows\system32\user_gensett.xml
2008-11-28 15:07 . 2008-11-28 15:07 <DIR> d-------- c:\windows\system32\logs
2008-11-28 15:07 . 2008-11-28 15:07 <DIR> d-------- c:\program files\BitDefender
2008-11-28 15:07 . 2008-11-28 15:07 <DIR> d-------- c:\documents and settings\Owner\Application Data\BitDefender
2008-11-28 15:07 . 2008-11-28 15:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2008-11-28 15:07 . 2008-11-28 15:07 <DIR> d-------- C:\Binaries
2008-11-28 15:05 . 2008-11-28 15:07 <DIR> d-------- c:\program files\Common Files\BitDefender
2008-11-28 14:53 . 2004-08-04 00:56 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-28 14:49 . 2005-02-24 19:35 22,752 --a------ c:\windows\system32\spupdsvc.exe
2008-11-28 14:49 . 2004-07-17 11:40 19,528 --a------ c:\windows\004891_.tmp
2008-11-28 10:50 . 2008-11-28 10:50 <DIR> d---s---- c:\documents and settings\Owner\UserData
2008-11-28 09:13 . 2008-11-28 09:13 22 --a------ c:\windows\system32\ati64hlp.stb
2008-11-27 17:12 . 2008-11-27 17:12 <DIR> d-------- c:\documents and settings\Owner\Application Data\MSNInstaller
2008-11-27 17:08 . 2008-11-27 17:08 <DIR> d-------- c:\documents and settings\Owner\Application Data\InstallShield
2008-11-27 16:49 . 2008-11-27 16:49 <DIR> d-------- c:\documents and settings\Owner\Application Data\ATI
2008-11-27 16:49 . 2008-11-29 08:47 22 --a------ c:\windows\system32\ati64hl2.stb
2008-11-27 16:47 . 2004-08-04 00:56 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2008-11-27 16:42 . 2008-11-27 16:42 <DIR> d-------- c:\windows\system32\IOSUBSYS
2008-11-27 16:35 . 2004-08-04 00:56 367,616 --a------ c:\windows\system32\dsound.dll
2008-11-27 16:35 . 2004-08-04 00:56 266,240 --a------ c:\windows\system32\ddraw.dll
2008-11-27 16:34 . 2005-04-14 21:05 516,096 --------- c:\windows\system32\ati2sgag.exe
2008-11-27 16:34 . 2005-04-14 20:39 299,008 -ra------ c:\windows\system32\atiiiexx.dll
2008-11-27 16:33 . 2005-04-08 12:42 87,540 -ra------ c:\windows\system32\atiicdxx.dat
2008-11-27 16:33 . 2005-01-28 09:12 9,684 -ra------ c:\windows\system32\atifglpf.xml
2008-11-27 16:19 . 1999-11-12 05:11 183,808 --a------ c:\windows\system32\bdeadmin.cpl
2008-11-27 16:06 . 2008-11-27 16:06 3,888 -rahs---- c:\windows\system32\drivers\HP_PC028A-ABA A620N_YC_Pavi_QMXK425_E43NAheBLU3_4_IKelut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH1_L409_M1024_J160_7AMD_8Athlon XP 3200+_92.2_111063044_N_P_Z_K_A11063059_U11063038_G10024150.MRK
2008-11-27 16:04 . 2004-04-01 01:03 <DIR> d-------- c:\windows\system32\config\systemprofile\WINDOWS
2008-11-27 16:02 . 2004-08-03 23:15 145,792 --a------ c:\windows\system32\drivers\portcls.sys
2008-11-27 16:02 . 2004-08-03 23:08 60,288 --a------ c:\windows\system32\drivers\drmk.sys
2008-11-27 16:01 . 2004-08-03 23:14 52,736 --a------ c:\windows\system32\drivers\i8042prt.sys
2008-11-27 16:01 . 2004-08-03 22:58 24,576 --a------ c:\windows\system32\drivers\kbdclass.sys
2008-11-27 15:59 . 2004-08-03 23:07 171,776 --a------ c:\windows\system32\drivers\kmixer.sys
2008-11-27 15:59 . 2004-08-03 22:39 142,464 --a------ c:\windows\system32\drivers\aec.sys
2008-11-27 15:59 . 2004-08-03 23:15 82,944 --a------ c:\windows\system32\drivers\wdmaud.sys
2008-11-27 15:59 . 2004-08-03 23:15 60,800 --a------ c:\windows\system32\drivers\sysaudio.sys
2008-11-27 15:59 . 2001-08-17 14:00 54,272 --a------ c:\windows\system32\drivers\swmidi.sys
2008-11-27 15:59 . 2004-08-03 23:07 52,864 --a------ c:\windows\system32\drivers\dmusic.sys
2008-11-27 15:59 . 2004-08-03 23:07 6,400 --a------ c:\windows\system32\drivers\splitter.sys
2008-11-27 15:59 . 2004-08-03 23:07 2,944 --a------ c:\windows\system32\drivers\drmkaud.sys
2008-11-27 15:58 . 2004-08-03 23:10 61,056 --a------ c:\windows\system32\drivers\ohci1394.sys
2008-11-27 15:58 . 2001-08-17 13:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2008-11-27 14:36 . 2008-11-28 16:58 <DIR> dr-hsc--- c:\windows\system32\dllcache
2008-11-27 13:19 . 2008-11-27 13:19 <DIR> d-------- c:\program files\WinISO
2008-11-27 11:41 . 2008-11-27 13:19 <DIR> d---s---- c:\documents and settings\Administrator.YOUR-VP7X3S9CTM.000
2008-11-26 17:55 . 2008-11-26 17:55 <DIR> d-------- c:\program files\NortonInstaller
2008-11-26 17:55 . 2008-11-26 17:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2008-11-26 15:19 . 2004-07-17 10:40 19,528 --a------ c:\windows\005899_.tmp
2008-11-26 14:07 . 2008-11-26 14:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-10-10 11:56 . 2008-11-25 08:35 <DIR> d-------- C:\cmdcons(2)
2008-10-06 06:52 . 2008-10-06 06:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 20:20 --------- d-----w c:\program files\The Great Tree
2008-11-29 20:18 --------- d-----w c:\program files\Ricochet Xtreme
2008-11-29 20:15 --------- d-----w c:\program files\Pacific Heroes
2008-11-29 20:14 --------- d-----w c:\program files\Jam XM
2008-11-29 20:13 --------- d-----w c:\program files\Mahjong Medley
2008-11-29 20:13 --------- d-----w c:\program files\Mahjong Holidays 2005
2008-11-29 20:13 --------- d-----w c:\program files\Mah Jomino
2008-11-29 20:12 --------- d-----w c:\program files\Mah Jong Quest
2008-11-29 20:12 --------- d-----w c:\program files\Mah Jong Adventures
2008-11-29 19:41 --------- d-----w c:\program files\Nero
2008-11-28 23:55 --------- d-----w c:\program files\MagicISO
2008-11-28 23:28 192,512 ----a-w c:\windows\system32\txmlutil.dll
2008-11-28 23:27 82,440 ----a-w c:\windows\system32\drivers\BDVEDISK.sys
2008-11-28 23:27 104,328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2008-11-28 23:25 230,920 ----a-w c:\windows\system32\drivers\bdfsfltr.sys
2008-11-28 23:25 111,112 ----a-w c:\windows\system32\drivers\bdfm.sys
2008-11-28 18:09 --------- d-----w c:\program files\Qwest
2008-11-28 17:52 --------- d-----w c:\program files\Quicken
2008-11-28 17:04 --------- d-----w c:\program files\InterMute
2008-11-28 01:44 --------- d-----w c:\program files\Easy Internet signup
2008-11-28 01:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-28 00:41 --------- d-----w c:\program files\ATI Multimedia
2008-11-27 21:19 --------- d-----w c:\program files\Treasure Island
2008-11-27 21:19 --------- d-----w c:\program files\Santas Super Friends
2008-11-27 21:19 --------- d-----w c:\program files\Saints & Sinners Bowling
2008-11-27 21:19 --------- d-----w c:\program files\Rally Racers
2008-11-27 21:19 --------- d-----w c:\program files\Golf Adventure Galaxy
2008-09-29 14:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2007-07-05 19:27 774,144 ----a-w c:\program files\RngInterstitial.dll
2006-10-29 22:12 23,970,177 ----a-w c:\program files\Mystery Case Files Huntsville.zip
2005-10-21 23:17 30,815,417 ----a-w c:\program files\Bejeweled 2 Deluxe.zip
2005-10-04 19:07 320,064 ----a-w c:\program files\Image Resizer Powertoy for Windows XP.msi
2005-03-15 17:31 439,483 ----a-w c:\program files\Soccer 021 (1600 x 1200).jpg.jpg
2004-10-19 00:24 127,097 -c--a-w c:\program files\Alien Skin.zip
2004-10-19 00:23 138 -c--a-w c:\program files\321Studios.zip
1999-06-25 16:55 149,504 ----a-w c:\program files\UNWISE.EXE
2005-08-17 19:45 5,229,088 -csha-w c:\windows\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2005-04-28 53248]
"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2005-05-10 1482752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-03-31 32881]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-04-01 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2003-12-17 118784]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2008-11-28 741376]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-11-28 69632]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 c:\windows\ALCXMNTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-01-16 c:\windows\AGRSMMSG.exe]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
IMStart.lnk - c:\program files\InterMute\IMStart.exe [2004-04-01 57344]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 15:38 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a------ 2003-08-21 03:15 483328 c:\windows\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
--a------ 2003-08-21 03:23 49152 c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 16:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2004-01-16 19:16 229376 c:\program files\iTunes\iTunesHelper.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 BDVEDISK;BDVEDISK;\??\c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82440]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-08-12 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2008-08-14 104328]
S3 Arrakis3;BitDefender Arrakis Server;"c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe" [2008-07-17 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2004\SystemOptimizer.exe []

2008-11-29 c:\windows\Tasks\McAfee Cleanup.job
- c:\docume~1\Owner\LOCALS~1\Temp\MCPR.tmp\mccleanup.exe []

2008-09-12 c:\windows\Tasks\RegRecall Scheduled Scan.job
- c:\program files\RegRecall\RegRecall.exe []

2008-09-12 c:\windows\Tasks\RegRecall Scheduled Scan.job
- c:\program files\RegRecall [2008-02-09 18:23]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-VTTimer - VTTimer.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 07:57:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-11-30 8:00:59
ComboFix-quarantined-files.txt 2008-11-30 16:00:33

Pre-Run: 116,938,833,920 bytes free
Post-Run: 116,979,417,088 bytes free

213

#15 manyangels

manyangels
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Mexico, USA
  • Local time:04:39 PM

Posted 30 November 2008 - 01:50 PM

Hope this is it,, it says ComboFix2




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users