Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Perfect Defender 2009 still causing crashes


  • This topic is locked This topic is locked
11 replies to this topic

#1 Pope

Pope

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 07 December 2008 - 01:18 AM

I was originally infected with the Perfect Defender 2009 virus about 4 days ago. It popped as it is known to in IE rerouting me to it's website trying to convince me to download their software. The virus managed to pass through Symantec Corporate Edition and disable my firewall before before it was noticed, placing backdoor.tideserv!inf in C:\Documents and Setting\Jefff\Local Settings\Temp\TDSS9969.tmp and I was not originally able to remove. After running MBAM in safe mode I was able to remove it and a few other infected items. Here is the MBAM log from removing it:
Malwarebytes' Anti-Malware 1.31
Database version: 1460
Windows 5.1.2600 Service Pack 3

12/4/2008 11:45:48 PM
mbam-log-2008-12-04 (23-45-48).txt

Scan type: Quick Scan
Objects scanned: 57366
Time elapsed: 17 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\perfect defender 2009 (Rogue.PerfectDefender) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Jefff\Local Settings\Temp\TDSS9969.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSwrmbnisx.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSxwqqxtme.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

After that I ran SDFix and my own Symantec, and nothing popped up about malware but I still continue to have the same problems I did after I was originally infected. Anytime I try to use IE it crashes and when I initially start it up I'm still redirected to a screen about insecure browsing that redirects me to Perfect Defender 2009. I am also still receiving Windows security center alerts that reroute me to perfect defender and name the suspicious software as a Sinowal.Trojan. Basically IE seems to be the only affected program. I appreciate the help. This has led to a lot of lost sleep, alot of cursing, and some near throwing of my laptop. Here's the RSIT logs:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Jefff at 2008-12-07 00:45:04
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 25 GB (22%) free of 112 GB
Total RAM: 2038 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:23 AM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\Jefff\Application Data\Google\xtgoj6119471.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Jefff\Application Data\U3\02B14C613203791D\LaunchPad.exe
C:\Documents and Settings\Jefff\Desktop\RSIT.exe
C:\Program Files\trend micro\Jefff.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070920
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070920
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pinnacle Game Profiler] "C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe" -atboottime
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jefff\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.moove.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8783 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-09 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-03 851968]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-05-09 1392640]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-06-06 405504]
"KADxMain"=C:\WINDOWS\system32\KADxMain.exe [2006-11-02 282624]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-12-21 48800]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-05-30 85744]
"XboxStat"=c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"DXM6Patch_981116"=C:\WINDOWS\p_981116.exe [1998-11-30 497376]
"LVCOMS"=C:\WINDOWS\system32\LVCOMS.EXE []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-09 185872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-01-03 50528]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Pinnacle Game Profiler"=C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe -atboottime []
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-11-11 342336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
C:\Dell\E-Center\EULALauncher.exe [2007-05-24 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2007-06-06 162584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-09-26 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2006-11-03 50688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll [2008-02-04 10792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-06 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-05-30 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Nexon\MapleStory\MapleStory.exe"="C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe"="C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\cain\Cain.exe"="C:\Program Files\cain\Cain.exe:*:Enabled:Cain - Password Recovery Utility"
"C:\Program Files\Fighter Ace Anniversary Edition\rsync.exe"="C:\Program Files\Fighter Ace Anniversary Edition\rsync.exe:*:Enabled:rsync Application"
"C:\Program Files\Microprose\Risk II\RISKII.EXE"="C:\Program Files\Microprose\Risk II\RISKII.EXE:*:Enabled:Risk II"
"C:\Program Files\Microsoft Games\FS2002\fs2002.exe"="C:\Program Files\Microsoft Games\FS2002\fs2002.exe:*:Enabled:Microsoft Flight Simulator Module"
"C:\Program Files\SecondLife\SLVoice.exe"="C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\moove\_adv.exe"="C:\moove\_adv.exe:*:Enabled:Roomancer - moove Online World Client"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4422be4-7141-11dc-9141-00197e8f1ae5}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-12-07 00:45:08 ----D---- C:\Program Files\trend micro
2008-12-07 00:45:04 ----D---- C:\rsit
2008-12-07 00:44:27 ----D---- C:\Documents and Settings\Jefff\Application Data\U3
2008-12-05 03:04:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-05 03:03:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-05 00:02:41 ----D---- C:\Documents and Settings\Jefff\Application Data\WinRAR
2008-12-04 23:49:47 ----D---- C:\WINDOWS\ERUNT
2008-12-04 23:20:03 ----D---- C:\SDFix
2008-12-04 21:17:15 ----D---- C:\Documents and Settings\Jefff\Application Data\Malwarebytes
2008-12-04 21:17:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-04 21:17:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-04 20:12:22 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-04 00:35:19 ----D---- C:\WINDOWS\Prefetch
2008-12-04 00:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-04 00:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-04 00:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-04 00:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-04 00:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-04 00:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-04 00:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-04 00:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-04 00:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-04 00:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-04 00:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-04 00:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-04 00:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-04 00:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-04 00:00:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-03 23:59:59 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-03 23:59:45 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-03 23:59:32 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-03 23:53:11 ----A---- C:\WINDOWS\setuplog.txt
2008-12-03 23:50:59 ----D---- C:\WINDOWS\system32\scripting
2008-12-03 23:50:56 ----D---- C:\WINDOWS\l2schemas
2008-12-03 23:50:55 ----D---- C:\WINDOWS\system32\en
2008-12-03 23:50:54 ----D---- C:\WINDOWS\system32\bits
2008-12-03 23:46:21 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-03 23:24:00 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-03 23:23:58 ----D---- C:\WINDOWS\EHome
2008-12-03 05:26:30 ----D---- C:\Documents and Settings\Jefff\Application Data\InstallShield Installation Information
2008-11-25 20:41:16 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-11-19 01:59:53 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-11-17 02:36:37 ----A---- C:\WINDOWS\system32\srkey.exe
2008-11-12 03:05:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-12 03:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$

======List of files/folders modified in the last 1 months======

2008-12-07 00:45:08 ----RD---- C:\Program Files
2008-12-07 00:36:34 ----D---- C:\Documents and Settings\Jefff\Application Data\DNA
2008-12-06 22:46:26 ----D---- C:\WINDOWS\Temp
2008-12-06 22:46:23 ----D---- C:\Program Files\DNA
2008-12-06 22:46:10 ----D---- C:\Program Files\Symantec AntiVirus
2008-12-06 22:45:48 ----D---- C:\WINDOWS\system32\ias
2008-12-06 22:45:46 ----D---- C:\WINDOWS
2008-12-06 22:45:46 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2008-12-06 22:45:45 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-06 22:44:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-06 20:25:58 ----D---- C:\Program Files\Mozilla Firefox
2008-12-05 21:47:33 ----D---- C:\WINDOWS\network diagnostic
2008-12-05 21:32:48 ----RASH---- C:\boot.ini
2008-12-05 21:32:48 ----A---- C:\WINDOWS\win.ini
2008-12-05 21:32:48 ----A---- C:\WINDOWS\system.ini
2008-12-05 21:32:47 ----D---- C:\WINDOWS\pss
2008-12-05 05:43:16 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-05 03:38:52 ----D---- C:\WINDOWS\system32
2008-12-05 03:38:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-05 03:04:42 ----HD---- C:\WINDOWS\inf
2008-12-05 03:04:37 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-05 03:04:15 ----A---- C:\WINDOWS\imsins.BAK
2008-12-04 23:46:47 ----D---- C:\WINDOWS\system32\drivers
2008-12-04 20:13:04 ----D---- C:\Documents and Settings
2008-12-04 17:41:07 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-04 15:51:38 ----SHD---- C:\System Volume Information
2008-12-04 15:51:38 ----D---- C:\WINDOWS\system32\Restore
2008-12-04 14:35:30 ----SHD---- C:\WINDOWS\Installer
2008-12-04 14:35:30 ----SD---- C:\Documents and Settings\Jefff\Application Data\Microsoft
2008-12-04 00:37:34 ----AC---- C:\WINDOWS\OEWABLog.txt
2008-12-04 00:34:40 ----D---- C:\WINDOWS\system32\Setup
2008-12-04 00:34:40 ----D---- C:\WINDOWS\AppPatch
2008-12-04 00:34:32 ----D---- C:\WINDOWS\system32\wbem
2008-12-04 00:34:21 ----RSD---- C:\WINDOWS\Fonts
2008-12-04 00:32:29 ----D---- C:\WINDOWS\security
2008-12-04 00:04:43 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-03 23:59:47 ----D---- C:\Program Files\Messenger
2008-12-03 23:52:17 ----D---- C:\WINDOWS\WinSxS
2008-12-03 23:51:51 ----D---- C:\WINDOWS\ime
2008-12-03 23:51:50 ----D---- C:\WINDOWS\Help
2008-12-03 23:51:01 ----D---- C:\WINDOWS\system32\usmt
2008-12-03 23:51:01 ----D---- C:\WINDOWS\system32\en-US
2008-12-03 23:50:54 ----D---- C:\WINDOWS\PeerNet
2008-12-03 23:50:53 ----D---- C:\Program Files\Movie Maker
2008-12-03 23:45:59 ----D---- C:\WINDOWS\system32\npp
2008-12-03 23:45:52 ----D---- C:\WINDOWS\msagent
2008-12-03 23:45:47 ----D---- C:\WINDOWS\srchasst
2008-12-03 23:45:45 ----D---- C:\Program Files\NetMeeting
2008-12-03 23:45:37 ----D---- C:\WINDOWS\system32\Com
2008-12-03 23:45:21 ----D---- C:\Program Files\Windows Media Player
2008-12-03 23:45:18 ----D---- C:\Program Files\Windows NT
2008-12-03 23:45:18 ----D---- C:\Program Files\Outlook Express
2008-12-03 23:45:05 ----D---- C:\Program Files\Common Files\System
2008-12-03 23:44:03 ----D---- C:\WINDOWS\system32\oobe
2008-12-03 23:43:53 ----D---- C:\WINDOWS\system
2008-12-03 23:32:21 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-03 22:51:36 ----D---- C:\Documents and Settings\Jefff\Application Data\Google
2008-12-03 21:06:27 ----D---- C:\Documents and Settings\Jefff\Application Data\BitTorrent
2008-12-03 06:07:36 ----D---- C:\WINDOWS\system32\DirectX
2008-12-02 04:23:30 ----D---- C:\Documents and Settings\Jefff\Application Data\LimeWire
2008-11-28 06:30:04 ----D---- C:\Documents and Settings\Jefff\Application Data\Winff
2008-11-19 03:12:10 ----D---- C:\Program Files\VstPlugins
2008-11-19 03:12:10 ----D---- C:\Program Files\Image-Line
2008-11-19 03:05:22 ----D---- C:\Program Files\Common Files\Adobe
2008-11-19 03:05:21 ----D---- C:\Program Files\Common Files
2008-11-19 02:59:24 ----D---- C:\Program Files\Adobe
2008-11-19 02:17:12 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-17 02:51:06 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-17 02:51:06 ----D---- C:\Program Files\Real

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-22 267192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-04-23 12672]
R2 Packet;Auto Internet Protocol; C:\WINDOWS\system32\DRIVERS\packet.sys [2006-12-18 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-05-08 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-05-08 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-05-08 37376]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-05-09 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2007-05-08 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DXEC02;DXEC02; C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 103168]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-04-23 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-04-23 209152]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-06 5707744]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081204.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081204.003\navex15.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-06-06 1222840]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-22 17976]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-06-03 202912]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-04-23 730112]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\Jefff\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EraserUtilDrvI7;EraserUtilDrvI7; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys []
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver; C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2008-04-13 59136]
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver; C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd32.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver; C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 3968]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbcm;USB Cable Modem 351000 NDIS Driver; C:\WINDOWS\system32\DRIVERS\usbcm.sys [2002-04-11 13335]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-12-21 186016]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-12-21 177824]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-05-30 19696]
R2 hnmsvc;Advanced Networking Service; C:\Program Files\Dell Network Assistant\hnm_svc.exe [2007-05-25 112176]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-22 206552]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-05-30 1752816]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-05-09 20480]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-12-21 83616]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe [2008-02-04 16936]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-05-30 124656]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-12-07 00:45:26

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
A-4M VMA311-->C:\PROGRAM FILES\MICROSOFT GAMES\FS2002\AIRCRAFT\A4M_VMA311_uninst.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
Dell DataSafe Online-->MsiExec.exe /I{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}
Dell Network Assistant-->MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}
Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Fighter Ace Anniversary Edition-->C:\PROGRA~1\FIGHTE~1\FAUNIN~1.EXE
GoToAssist 8.0.0.480-->C:\Program Files\Citrix\GoToAssist\480\G2AUninstaller.exe /uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IntelliSonic Speech Enhancement-->MsiExec.exe /X{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
K-Lite Codec Pack 4.2.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire 4.16.6-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft Xbox 360 Accessories 1.1-->MsiExec.exe /X{66F0AC35-4805-44BC-A3D4-347D4196F9B3}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (2.0.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mpegable DS decoder-->C:\WINDOWS\AKDeInstall.exe "/C:\Program Files\mpegable\"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Risk - Classic Risk Board Game Clone 0.5.2-->C:\Program Files\Risk - Classic Risk Board Game Clone\Uninstall.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Symantec AntiVirus-->MsiExec.exe /I{3248E093-5288-4CA9-B3AB-11A675FEA1F9}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8F7C1E5-0150-11D6-A96C-00D05908F85D}\Setup.exe" -l0x9
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinFF 0.33-->"C:\Program Files\WinFF\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xbox 360 Controller for Windows-->"C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Symantec AntiVirus Corporate Edition
FW: Norton Internet Worm Protection (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

Edited by Pope, 07 December 2008 - 01:21 AM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:47 AM

Posted 12 December 2008 - 11:55 AM

Hi Pope,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Tell me if you have done anything since previous post. Or you have run any other tools. Also tell me how is the current condition of your computer.

  • Please run RSIT, set the list of Files/Folders created to 2 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).

You might want to save this page on your favorites, so you can find it again when you return.

#3 Pope

Pope
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 13 December 2008 - 12:22 AM

Computer is still showing most of the same signs. False security alert is still popping up with Sinowal.trojan that tries to redirect to Perfect Defender 2009 page. I ran MBAM again the other day but it did not show anything. Basically all the same problems. Thanks for the help.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Jefff at 2008-12-13 00:12:05
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 25 GB (22%) free of 112 GB
Total RAM: 2038 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:23 AM, on 12/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\Jefff\Application Data\Google\xtgoj6119471.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUALL.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Jefff\Desktop\RSIT.exe
C:\Program Files\trend micro\Jefff.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070920
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070920
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pinnacle Game Profiler] "C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe" -atboottime
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jefff\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.moove.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8943 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-09 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-03 851968]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-05-09 1392640]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-06-06 405504]
"KADxMain"=C:\WINDOWS\system32\KADxMain.exe [2006-11-02 282624]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-12-21 48800]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-05-30 85744]
"XboxStat"=c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"DXM6Patch_981116"=C:\WINDOWS\p_981116.exe [1998-11-30 497376]
"LVCOMS"=C:\WINDOWS\system32\LVCOMS.EXE []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-09 185872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-01-03 50528]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Pinnacle Game Profiler"=C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe -atboottime []
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-11-11 342336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
C:\Dell\E-Center\EULALauncher.exe [2007-05-24 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2007-06-06 162584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-09-26 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2006-11-03 50688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll [2008-02-04 10792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-06 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-05-30 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Nexon\MapleStory\MapleStory.exe"="C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe"="C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\cain\Cain.exe"="C:\Program Files\cain\Cain.exe:*:Enabled:Cain - Password Recovery Utility"
"C:\Program Files\Fighter Ace Anniversary Edition\rsync.exe"="C:\Program Files\Fighter Ace Anniversary Edition\rsync.exe:*:Enabled:rsync Application"
"C:\Program Files\Microprose\Risk II\RISKII.EXE"="C:\Program Files\Microprose\Risk II\RISKII.EXE:*:Enabled:Risk II"
"C:\Program Files\Microsoft Games\FS2002\fs2002.exe"="C:\Program Files\Microsoft Games\FS2002\fs2002.exe:*:Enabled:Microsoft Flight Simulator Module"
"C:\Program Files\SecondLife\SLVoice.exe"="C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\moove\_adv.exe"="C:\moove\_adv.exe:*:Enabled:Roomancer - moove Online World Client"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

======List of files/folders created in the last 2 months======

2008-12-10 19:36:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-07 00:45:08 ----D---- C:\Program Files\trend micro
2008-12-07 00:45:04 ----D---- C:\rsit
2008-12-07 00:44:27 ----D---- C:\Documents and Settings\Jefff\Application Data\U3
2008-12-05 03:04:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-05 03:03:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-05 00:02:41 ----D---- C:\Documents and Settings\Jefff\Application Data\WinRAR
2008-12-04 23:49:47 ----D---- C:\WINDOWS\ERUNT
2008-12-04 23:20:03 ----D---- C:\SDFix
2008-12-04 21:17:15 ----D---- C:\Documents and Settings\Jefff\Application Data\Malwarebytes
2008-12-04 21:17:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-04 21:17:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-04 20:12:22 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-04 00:35:19 ----D---- C:\WINDOWS\Prefetch
2008-12-04 00:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-04 00:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-04 00:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-04 00:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-04 00:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-04 00:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-04 00:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-04 00:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-04 00:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-04 00:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-04 00:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-04 00:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-04 00:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-04 00:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-04 00:00:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-03 23:59:59 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-03 23:59:45 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-03 23:59:32 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-03 23:53:11 ----A---- C:\WINDOWS\setuplog.txt
2008-12-03 23:50:59 ----D---- C:\WINDOWS\system32\scripting
2008-12-03 23:50:56 ----D---- C:\WINDOWS\l2schemas
2008-12-03 23:50:55 ----D---- C:\WINDOWS\system32\en
2008-12-03 23:50:54 ----D---- C:\WINDOWS\system32\bits
2008-12-03 23:46:21 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-03 23:24:00 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-03 23:23:58 ----D---- C:\WINDOWS\EHome
2008-12-03 05:26:30 ----D---- C:\Documents and Settings\Jefff\Application Data\InstallShield Installation Information
2008-11-25 20:41:16 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-11-19 01:59:53 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-11-17 02:36:37 ----A---- C:\WINDOWS\system32\srkey.exe
2008-11-12 03:05:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-12 03:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-11-06 21:15:43 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-11-05 15:27:33 ----D---- C:\Documents and Settings\Jefff\Application Data\Disney Mix It Plug-in
2008-11-03 16:57:12 ----A---- C:\WINDOWS\Cinema Tycoon 2 Movie Mania Uninstall Log.txt
2008-11-01 21:13:27 ----A---- C:\WINDOWS\binkw32.dll
2008-11-01 20:45:28 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2008-10-25 22:11:05 ----A---- C:\SetUp-Log-mpegable DS decoder.txt
2008-10-25 22:11:02 ----N---- C:\WINDOWS\AKDeInstall.exe
2008-10-25 22:11:01 ----D---- C:\Program Files\mpegable
2008-10-25 22:05:17 ----A---- C:\WINDOWS\eSellerateEngine.dll
2008-10-25 21:15:08 ----D---- C:\Program Files\AviSynth 2.5
2008-10-25 12:15:22 ----A---- C:\WINDOWS\system32\unrar.dll
2008-10-25 12:15:22 ----A---- C:\WINDOWS\avisplitter.ini
2008-10-25 12:15:19 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-10-25 12:15:19 ----A---- C:\WINDOWS\system32\x264vfw.dll
2008-10-25 12:15:19 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2008-10-25 12:15:19 ----A---- C:\WINDOWS\system32\vp6vfw.dll
2008-10-25 12:15:19 ----A---- C:\WINDOWS\system32\huffyuv.dll
2008-10-25 12:15:18 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-10-25 12:15:17 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-10-25 12:15:15 ----D---- C:\Program Files\K-Lite Codec Pack
2008-10-25 03:27:57 ----D---- C:\Documents and Settings\Jefff\Application Data\BitTorrent
2008-10-25 03:26:37 ----D---- C:\Program Files\DNA
2008-10-25 03:26:37 ----D---- C:\Documents and Settings\Jefff\Application Data\DNA
2008-10-25 03:26:36 ----D---- C:\Program Files\BitTorrent
2008-10-24 04:25:01 ----N---- C:\WINDOWS\system32\RoseCo2.dll
2008-10-24 04:25:01 ----N---- C:\WINDOWS\system32\KickCom2.dll
2008-10-24 04:25:01 ----A---- C:\WINDOWS\system32\demoover.exe
2008-10-24 03:27:33 ----A---- C:\WINDOWS\PControl.ini
2008-10-24 02:02:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-23 01:46:15 ----D---- C:\Program Files\Invasion Interactive Ltd
2008-10-22 17:25:50 ----D---- C:\Nexon
2008-10-22 17:25:48 ----D---- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-10-22 08:31:23 ----D---- C:\Program Files\Common Files\INCA Shared
2008-10-21 20:58:17 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-10-21 20:58:17 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-10-21 20:58:15 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-10-21 20:58:14 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-10-21 20:58:14 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-10-21 20:58:13 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-10-21 20:58:11 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-10-21 20:58:11 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-10-21 20:58:10 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-10-21 20:58:09 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-10-21 20:58:08 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-10-21 20:58:08 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-10-21 20:58:06 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-10-21 20:58:05 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-10-21 20:58:04 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-10-21 20:58:02 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-10-21 20:58:01 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-10-21 20:58:01 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-10-21 20:58:00 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-10-21 20:57:59 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-10-21 20:57:56 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-10-21 20:57:56 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-10-21 20:57:55 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-10-21 20:57:53 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-10-21 20:57:51 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-10-21 20:57:51 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-10-21 20:57:50 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-10-21 20:57:48 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-10-21 20:57:48 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-10-21 20:57:46 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-10-21 20:57:46 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-10-21 20:57:45 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-10-21 20:57:43 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-10-21 20:57:40 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-10-21 20:57:40 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-10-21 20:57:37 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-10-21 20:57:36 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-10-21 20:57:35 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-10-21 20:57:35 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-10-21 20:57:34 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-10-21 20:57:34 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-10-21 20:57:33 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-10-21 20:57:32 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-10-21 20:57:31 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-10-21 20:57:30 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-10-21 20:57:29 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-10-21 20:57:28 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-10-21 20:57:17 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-10-21 20:57:16 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-10-21 20:57:16 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-10-21 20:57:16 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-10-21 20:57:15 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-10-21 20:57:14 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-10-21 20:57:08 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-10-21 20:41:55 ----D---- C:\WINDOWS\Logs
2008-10-21 20:41:51 ----HD---- C:\WINDOWS\msdownld.tmp
2008-10-21 16:33:19 ----D---- C:\Documents and Settings\Jefff\Application Data\SecondLife
2008-10-21 11:59:03 ----D---- C:\Program Files\SD EnterNET
2008-10-20 03:52:30 ----N---- C:\WINDOWS\Setup1.exe
2008-10-20 03:52:26 ----A---- C:\WINDOWS\ST6UNST.EXE
2008-10-19 02:12:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-19 02:12:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-19 02:12:08 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-19 02:08:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-19 02:08:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-17 23:20:24 ----A---- C:\WINDOWS\Cinema Tycoon 2 Movie Mania Setup Log.txt
2008-10-17 17:45:20 ----D---- C:\Program Files\Microsoft Games
2008-10-17 16:33:51 ----A---- C:\WINDOWS\system32\swpdflt2.dll
2008-10-14 21:31:08 ----A---- C:\WINDOWS\SIERRA.INI

======List of files/folders modified in the last 2 months======

2008-12-13 00:12:05 ----D---- C:\WINDOWS\Temp
2008-12-13 00:10:38 ----D---- C:\Program Files\Symantec AntiVirus
2008-12-13 00:10:23 ----D---- C:\WINDOWS
2008-12-13 00:10:18 ----D---- C:\WINDOWS\system32\ias
2008-12-13 00:10:15 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-13 00:10:14 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2008-12-10 19:37:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-10 19:37:02 ----SHD---- C:\WINDOWS\Installer
2008-12-10 19:36:58 ----HD---- C:\WINDOWS\inf
2008-12-10 19:36:05 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-10 19:36:05 ----D---- C:\WINDOWS\system32
2008-12-10 19:34:10 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-10 06:39:07 ----D---- C:\WINDOWS\system32\drivers
2008-12-10 06:39:06 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-10 06:25:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-10 06:23:22 ----RD---- C:\Program Files
2008-12-06 20:25:58 ----D---- C:\Program Files\Mozilla Firefox
2008-12-05 21:47:33 ----D---- C:\WINDOWS\network diagnostic
2008-12-05 21:32:48 ----RASH---- C:\boot.ini
2008-12-05 21:32:48 ----A---- C:\WINDOWS\win.ini
2008-12-05 21:32:48 ----A---- C:\WINDOWS\system.ini
2008-12-05 21:32:47 ----D---- C:\WINDOWS\pss
2008-12-05 03:04:43 ----A---- C:\WINDOWS\imsins.BAK
2008-12-04 20:13:04 ----D---- C:\Documents and Settings
2008-12-04 15:51:38 ----SHD---- C:\System Volume Information
2008-12-04 15:51:38 ----D---- C:\WINDOWS\system32\Restore
2008-12-04 14:35:30 ----SD---- C:\Documents and Settings\Jefff\Application Data\Microsoft
2008-12-04 00:37:34 ----AC---- C:\WINDOWS\OEWABLog.txt
2008-12-04 00:34:40 ----D---- C:\WINDOWS\system32\Setup
2008-12-04 00:34:40 ----D---- C:\WINDOWS\AppPatch
2008-12-04 00:34:32 ----D---- C:\WINDOWS\system32\wbem
2008-12-04 00:34:21 ----RSD---- C:\WINDOWS\Fonts
2008-12-04 00:32:29 ----D---- C:\WINDOWS\security
2008-12-04 00:04:43 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-03 23:59:47 ----D---- C:\Program Files\Messenger
2008-12-03 23:52:17 ----D---- C:\WINDOWS\WinSxS
2008-12-03 23:51:51 ----D---- C:\WINDOWS\ime
2008-12-03 23:51:50 ----D---- C:\WINDOWS\Help
2008-12-03 23:51:01 ----D---- C:\WINDOWS\system32\usmt
2008-12-03 23:51:01 ----D---- C:\WINDOWS\system32\en-US
2008-12-03 23:50:54 ----D---- C:\WINDOWS\PeerNet
2008-12-03 23:50:53 ----D---- C:\Program Files\Movie Maker
2008-12-03 23:45:59 ----D---- C:\WINDOWS\system32\npp
2008-12-03 23:45:52 ----D---- C:\WINDOWS\msagent
2008-12-03 23:45:47 ----D---- C:\WINDOWS\srchasst
2008-12-03 23:45:45 ----D---- C:\Program Files\NetMeeting
2008-12-03 23:45:37 ----D---- C:\WINDOWS\system32\Com
2008-12-03 23:45:21 ----D---- C:\Program Files\Windows Media Player
2008-12-03 23:45:18 ----D---- C:\Program Files\Windows NT
2008-12-03 23:45:18 ----D---- C:\Program Files\Outlook Express
2008-12-03 23:45:05 ----D---- C:\Program Files\Common Files\System
2008-12-03 23:44:03 ----D---- C:\WINDOWS\system32\oobe
2008-12-03 23:43:53 ----D---- C:\WINDOWS\system
2008-12-03 23:32:21 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-03 22:51:36 ----D---- C:\Documents and Settings\Jefff\Application Data\Google
2008-12-03 06:07:36 ----D---- C:\WINDOWS\system32\DirectX
2008-12-02 04:23:30 ----D---- C:\Documents and Settings\Jefff\Application Data\LimeWire
2008-11-28 06:30:04 ----D---- C:\Documents and Settings\Jefff\Application Data\Winff
2008-11-19 03:12:10 ----D---- C:\Program Files\VstPlugins
2008-11-19 03:12:10 ----D---- C:\Program Files\Image-Line
2008-11-19 03:05:22 ----D---- C:\Program Files\Common Files\Adobe
2008-11-19 03:05:21 ----D---- C:\Program Files\Common Files
2008-11-19 02:59:24 ----D---- C:\Program Files\Adobe
2008-11-19 02:17:12 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-17 02:51:06 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-17 02:51:06 ----D---- C:\Program Files\Real
2008-11-06 21:20:15 ----D---- C:\Documents and Settings\Jefff\Application Data\Adobe
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-03 16:51:35 ----D---- C:\Documents and Settings\Jefff\Application Data\IGN_DLM
2008-11-03 16:49:52 ----D---- C:\Program Files\Microsoft Office
2008-10-25 22:08:05 ----D---- C:\WINDOWS\SHELLNEW
2008-10-24 04:54:15 ----D---- C:\WINDOWS\twain_32
2008-10-24 04:45:55 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-24 04:45:02 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-24 04:44:56 ----D---- C:\Program Files\Microsoft Works
2008-10-24 04:34:56 ----D---- C:\Program Files\DivX
2008-10-24 03:15:24 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-21 20:54:46 ----D---- C:\Program Files\SystemRequirementsLab
2008-10-21 20:52:41 ----D---- C:\WINDOWS\Registration
2008-10-19 03:47:36 ----D---- C:\Program Files\Internet Explorer
2008-10-17 01:18:27 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-22 267192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-04-23 12672]
R2 Packet;Auto Internet Protocol; C:\WINDOWS\system32\DRIVERS\packet.sys [2006-12-18 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-05-08 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-05-08 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-05-08 37376]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-05-09 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2007-05-08 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DXEC02;DXEC02; C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 103168]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-04-23 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-04-23 209152]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-06 5707744]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081204.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081204.003\navex15.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-06-06 1222840]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-22 17976]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-06-03 202912]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-04-23 730112]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\Jefff\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EraserUtilDrvI7;EraserUtilDrvI7; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys []
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver; C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2008-04-13 59136]
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver; C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd32.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver; C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 3968]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbcm;USB Cable Modem 351000 NDIS Driver; C:\WINDOWS\system32\DRIVERS\usbcm.sys [2002-04-11 13335]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-12-21 186016]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-12-21 177824]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-05-30 19696]
R2 hnmsvc;Advanced Networking Service; C:\Program Files\Dell Network Assistant\hnm_svc.exe [2007-05-25 112176]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-22 206552]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-05-30 1752816]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-05-09 20480]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-12-21 83616]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe [2008-02-04 16936]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-05-30 124656]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Edited by Pope, 13 December 2008 - 12:23 AM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:47 AM

Posted 13 December 2008 - 05:45 AM

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  • Turn off Windows automatic updates as it might lead to unexpected results at this stage:
    • Go to start -> Control Panel -> double-click System to open it.
    • Go to the Automatic Updates tab.
    • Select the "Turn off Automatic Updates" box.
    • Click Apply and then OK.
  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

    Please delete SDFix from your desktop if you still have it there then download SDFix by AndyManchesta and save it to your desktop.
    When using this tool, you must use the Administrator's account or an account with "Administrative rights"
    • Double click SDFix.exe and it will extract the files to %systemdrive%
    • (this is the drive that contains the Windows Directory, typically C:\SDFix).
    • DO NOT use it just yet.
    Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

    Open the SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
    • Copy and paste the contents of the results file Report.txt in your next reply.
  • Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

  • Please run RSIT, set the list of Files/Folders created to 2 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).
Please copy/paste in your next reply:
  • The SDFix log.
  • The log of MBAM.
  • The RSIT log.
  • Any comment or feedback about how it went.


#5 Pope

Pope
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 14 December 2008 - 03:06 AM

Basically the same problems. Same security alert. Same forced redirect. I tried to navigate past it but IE crashed and had "Runtime error 216 at 01A21EFE."



SDFix: Version 1.240
Run by Administrator on Sun 12/14/2008 at 02:19 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 02:27:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:27,49,87,b0,51,94,fe,d6,27,0e,56,ca,3f,dd,ee,cb,2c,db,7e,ed,ad,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:27,49,87,b0,51,94,fe,d6,27,0e,56,ca,3f,dd,ee,cb,2c,db,7e,ed,ad,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:27,49,87,b0,51,94,fe,d6,27,0e,56,ca,3f,dd,ee,cb,2c,db,7e,ed,ad,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:27,49,87,b0,51,94,fe,d6,27,0e,56,ca,3f,dd,ee,cb,2c,db,7e,ed,ad,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Nexon\\MapleStory\\MapleStory.exe"="C:\\Nexon\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\Bf2_w32ded.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\cain\\Cain.exe"="C:\\Program Files\\cain\\Cain.exe:*:Enabled:Cain - Password Recovery Utility"
"C:\\Program Files\\Fighter Ace Anniversary Edition\\rsync.exe"="C:\\Program Files\\Fighter Ace Anniversary Edition\\rsync.exe:*:Enabled:rsync Application"
"C:\\Program Files\\Microprose\\Risk II\\RISKII.EXE"="C:\\Program Files\\Microprose\\Risk II\\RISKII.EXE:*:Enabled:Risk II"
"C:\\Program Files\\Microsoft Games\\FS2002\\fs2002.exe"="C:\\Program Files\\Microsoft Games\\FS2002\\fs2002.exe:*:Enabled:Microsoft Flight Simulator Module"
"C:\\Program Files\\SecondLife\\SLVoice.exe"="C:\\Program Files\\SecondLife\\SLVoice.exe:*:Enabled:SLVoice"
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Nexon\\Combat Arms\\CombatArms.exe"="C:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\\Nexon\\Combat Arms\\Engine.exe"="C:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"
"C:\\Nexon\\Combat Arms\\NMService.exe"="C:\\Nexon\\Combat Arms\\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\\moove\\_adv.exe"="C:\\moove\\_adv.exe:*:Enabled:Roomancer - moove Online World Client"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"="C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\\WINDOWS\\system32\\drivers\\svchost.exe"="C:\\WINDOWS\\system32\\drivers\\svchost.exe:*:Disabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Nexon\\Combat Arms\\CombatArms.exe"="C:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\\Nexon\\Combat Arms\\Engine.exe"="C:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"

Remaining Files :



Files with Hidden Attributes :

Sun 13 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Sun 13 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Sat 16 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 13 Dec 2008 6,483,344 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0ccc7414c6ec55af52148c39753735e1\BITB.tmp"
Wed 10 Dec 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4cddf1f85ad64aea830346cc75b2bb06\BITF.tmp"
Sun 14 Dec 2008 5,104,702 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b15f12905daf2d5f4bb1d398773d75a0\BITE.tmp"
Sun 14 Dec 2008 9,005,936 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bf30bb4ba3217393e4a71c3812925df8\BITD.tmp"
Sun 14 Dec 2008 5,856,519 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\dcfb3f0fee0b76240a4ce7e93515b1e3\BITC.tmp"
Wed 10 Dec 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9f4032b7c01ffa276d9d4715007a565f\download\BIT12.tmp"

Finished!


Malwarebytes' Anti-Malware 1.31
Database version: 1498
Windows 5.1.2600 Service Pack 3

12/14/2008 2:44:51 AM
mbam-log-2008-12-14 (02-44-51).txt

Scan type: Quick Scan
Objects scanned: 55532
Time elapsed: 11 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-12-14 02:46:09
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 27 GB (24%) free of 112 GB
Total RAM: 2038 MB (86% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:12 AM, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
F:\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070920
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070920
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070920
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jefff\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6765 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-09 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-03 851968]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-05-09 1392640]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-06-06 405504]
"KADxMain"=C:\WINDOWS\system32\KADxMain.exe [2006-11-02 282624]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-12-21 48800]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-05-30 85744]
"XboxStat"=c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"DXM6Patch_981116"=C:\WINDOWS\p_981116.exe [1998-11-30 497376]
"LVCOMS"=C:\WINDOWS\system32\LVCOMS.EXE []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-09 185872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
C:\Dell\E-Center\EULALauncher.exe [2007-05-24 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2007-06-06 162584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-09-26 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2006-11-03 50688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll [2008-02-04 10792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-06 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-05-30 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Nexon\MapleStory\MapleStory.exe"="C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe"="C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\cain\Cain.exe"="C:\Program Files\cain\Cain.exe:*:Enabled:Cain - Password Recovery Utility"
"C:\Program Files\Fighter Ace Anniversary Edition\rsync.exe"="C:\Program Files\Fighter Ace Anniversary Edition\rsync.exe:*:Enabled:rsync Application"
"C:\Program Files\Microprose\Risk II\RISKII.EXE"="C:\Program Files\Microprose\Risk II\RISKII.EXE:*:Enabled:Risk II"
"C:\Program Files\Microsoft Games\FS2002\fs2002.exe"="C:\Program Files\Microsoft Games\FS2002\fs2002.exe:*:Enabled:Microsoft Flight Simulator Module"
"C:\Program Files\SecondLife\SLVoice.exe"="C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\moove\_adv.exe"="C:\moove\_adv.exe:*:Enabled:Roomancer - moove Online World Client"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 2 months======

2008-12-14 02:33:22 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-12-14 02:10:58 ----D---- C:\SDFix
2008-12-10 19:36:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-07 00:45:08 ----D---- C:\Program Files\trend micro
2008-12-07 00:45:04 ----D---- C:\rsit
2008-12-05 03:04:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-05 03:03:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-04 23:49:47 ----D---- C:\WINDOWS\ERUNT
2008-12-04 21:17:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-04 21:17:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-04 20:13:14 ----ASH---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2008-12-04 20:13:10 ----D---- C:\Documents and Settings\Administrator\Application Data\Identities
2008-12-04 20:13:10 ----D---- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-12-04 20:13:09 ----D---- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-12-04 20:13:08 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-12-04 20:12:22 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-04 00:35:19 ----D---- C:\WINDOWS\Prefetch
2008-12-04 00:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-04 00:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-04 00:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-04 00:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-04 00:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-04 00:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-04 00:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-04 00:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-04 00:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-04 00:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-04 00:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-04 00:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-04 00:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-04 00:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-04 00:00:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-03 23:59:59 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-03 23:59:45 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-03 23:59:32 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-03 23:53:11 ----A---- C:\WINDOWS\setuplog.txt
2008-12-03 23:50:59 ----D---- C:\WINDOWS\system32\scripting
2008-12-03 23:50:56 ----D---- C:\WINDOWS\l2schemas
2008-12-03 23:50:55 ----D---- C:\WINDOWS\system32\en
2008-12-03 23:50:54 ----D---- C:\WINDOWS\system32\bits
2008-12-03 23:46:21 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-03 23:24:00 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-03 23:23:58 ----D---- C:\WINDOWS\EHome
2008-11-25 20:41:16 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-11-19 01:59:53 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-11-17 02:36:37 ----A---- C:\WINDOWS\system32\srkey.exe
2008-11-12 03:05:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-12 03:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-11-06 21:15:43 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-11-03 16:57:12 ----A---- C:\WINDOWS\Cinema Tycoon 2 Movie Mania Uninstall Log.txt
2008-11-01 21:13:27 ----A---- C:\WINDOWS\binkw32.dll
2008-11-01 20:45:28 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2008-10-25 22:11:05 ----A---- C:\SetUp-Log-mpegable DS decoder.txt
2008-10-25 22:11:02 ----N---- C:\WINDOWS\AKDeInstall.exe
2008-10-25 22:11:01 ----D---- C:\Program Files\mpegable
2008-10-25 22:05:17 ----A---- C:\WINDOWS\eSellerateEngine.dll
2008-10-25 21:15:08 ----D---- C:\Program Files\AviSynth 2.5
2008-10-25 12:15:22 ----A---- C:\WINDOWS\system32\unrar.dll
2008-10-25 12:15:22 ----A---- C:\WINDOWS\avisplitter.ini
2008-10-25 12:15:19 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-10-25 12:15:19 ----A---- C:\WINDOWS\system32\x264vfw.dll
2008-10-25 12:15:19 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2008-10-25 12:15:19 ----A---- C:\WINDOWS\system32\vp6vfw.dll
2008-10-25 12:15:19 ----A---- C:\WINDOWS\system32\huffyuv.dll
2008-10-25 12:15:18 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-10-25 12:15:17 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-10-25 12:15:15 ----D---- C:\Program Files\K-Lite Codec Pack
2008-10-25 03:26:37 ----D---- C:\Program Files\DNA
2008-10-25 03:26:36 ----D---- C:\Program Files\BitTorrent
2008-10-24 04:25:01 ----N---- C:\WINDOWS\system32\RoseCo2.dll
2008-10-24 04:25:01 ----N---- C:\WINDOWS\system32\KickCom2.dll
2008-10-24 04:25:01 ----A---- C:\WINDOWS\system32\demoover.exe
2008-10-24 03:27:33 ----A---- C:\WINDOWS\PControl.ini
2008-10-24 02:02:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-23 01:46:15 ----D---- C:\Program Files\Invasion Interactive Ltd
2008-10-22 17:25:50 ----D---- C:\Nexon
2008-10-22 17:25:48 ----D---- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-10-22 08:31:23 ----D---- C:\Program Files\Common Files\INCA Shared
2008-10-21 20:58:17 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-10-21 20:58:17 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-10-21 20:58:15 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-10-21 20:58:14 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-10-21 20:58:14 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-10-21 20:58:13 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-10-21 20:58:11 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-10-21 20:58:11 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-10-21 20:58:10 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-10-21 20:58:09 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-10-21 20:58:08 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-10-21 20:58:08 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-10-21 20:58:06 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-10-21 20:58:05 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-10-21 20:58:04 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-10-21 20:58:02 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-10-21 20:58:01 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-10-21 20:58:01 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-10-21 20:58:00 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-10-21 20:57:59 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-10-21 20:57:56 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-10-21 20:57:56 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-10-21 20:57:55 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-10-21 20:57:53 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-10-21 20:57:51 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-10-21 20:57:51 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-10-21 20:57:50 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-10-21 20:57:48 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-10-21 20:57:48 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-10-21 20:57:46 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-10-21 20:57:46 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-10-21 20:57:45 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-10-21 20:57:43 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-10-21 20:57:40 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-10-21 20:57:40 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-10-21 20:57:37 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-10-21 20:57:36 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-10-21 20:57:35 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-10-21 20:57:35 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-10-21 20:57:34 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-10-21 20:57:34 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-10-21 20:57:33 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-10-21 20:57:32 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-10-21 20:57:31 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-10-21 20:57:30 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-10-21 20:57:29 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-10-21 20:57:28 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-10-21 20:57:17 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-10-21 20:57:16 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-10-21 20:57:16 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-10-21 20:57:16 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-10-21 20:57:15 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-10-21 20:57:14 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-10-21 20:57:08 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-10-21 20:41:55 ----D---- C:\WINDOWS\Logs
2008-10-21 20:41:51 ----HD---- C:\WINDOWS\msdownld.tmp
2008-10-21 11:59:03 ----D---- C:\Program Files\SD EnterNET
2008-10-20 03:52:30 ----N---- C:\WINDOWS\Setup1.exe
2008-10-20 03:52:26 ----A---- C:\WINDOWS\ST6UNST.EXE
2008-10-19 02:12:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-19 02:12:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-19 02:12:08 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-19 02:08:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-19 02:08:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-17 23:20:24 ----A---- C:\WINDOWS\Cinema Tycoon 2 Movie Mania Setup Log.txt
2008-10-17 17:45:20 ----D---- C:\Program Files\Microsoft Games
2008-10-17 16:33:51 ----A---- C:\WINDOWS\system32\swpdflt2.dll

======List of files/folders modified in the last 2 months======

2008-12-14 02:30:40 ----D---- C:\WINDOWS\Temp
2008-12-14 02:11:51 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2008-12-14 02:11:49 ----D---- C:\Program Files\Symantec AntiVirus
2008-12-14 02:11:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-14 02:11:25 ----RASH---- C:\boot.ini
2008-12-14 02:11:25 ----A---- C:\WINDOWS\win.ini
2008-12-14 02:11:25 ----A---- C:\WINDOWS\system.ini
2008-12-14 01:57:26 ----D---- C:\WINDOWS\system32\ias
2008-12-14 01:57:23 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-14 01:57:23 ----D---- C:\WINDOWS
2008-12-13 00:15:38 ----SHD---- C:\WINDOWS\Installer
2008-12-10 19:36:58 ----HD---- C:\WINDOWS\inf
2008-12-10 19:36:05 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-10 19:36:05 ----D---- C:\WINDOWS\system32
2008-12-10 19:34:10 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-10 06:39:07 ----D---- C:\WINDOWS\system32\drivers
2008-12-10 06:39:06 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-10 06:25:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-10 06:23:22 ----RD---- C:\Program Files
2008-12-06 20:25:58 ----D---- C:\Program Files\Mozilla Firefox
2008-12-05 21:47:33 ----D---- C:\WINDOWS\network diagnostic
2008-12-05 21:32:47 ----D---- C:\WINDOWS\pss
2008-12-05 03:04:43 ----A---- C:\WINDOWS\imsins.BAK
2008-12-04 20:13:04 ----D---- C:\Documents and Settings
2008-12-04 15:51:38 ----SHD---- C:\System Volume Information
2008-12-04 15:51:38 ----D---- C:\WINDOWS\system32\Restore
2008-12-04 00:37:34 ----AC---- C:\WINDOWS\OEWABLog.txt
2008-12-04 00:34:40 ----D---- C:\WINDOWS\system32\Setup
2008-12-04 00:34:40 ----D---- C:\WINDOWS\AppPatch
2008-12-04 00:34:32 ----D---- C:\WINDOWS\system32\wbem
2008-12-04 00:34:21 ----RSD---- C:\WINDOWS\Fonts
2008-12-04 00:32:29 ----D---- C:\WINDOWS\security
2008-12-04 00:04:43 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-03 23:59:47 ----D---- C:\Program Files\Messenger
2008-12-03 23:52:17 ----D---- C:\WINDOWS\WinSxS
2008-12-03 23:51:51 ----D---- C:\WINDOWS\ime
2008-12-03 23:51:50 ----D---- C:\WINDOWS\Help
2008-12-03 23:51:01 ----D---- C:\WINDOWS\system32\usmt
2008-12-03 23:51:01 ----D---- C:\WINDOWS\system32\en-US
2008-12-03 23:50:54 ----D---- C:\WINDOWS\PeerNet
2008-12-03 23:50:53 ----D---- C:\Program Files\Movie Maker
2008-12-03 23:45:59 ----D---- C:\WINDOWS\system32\npp
2008-12-03 23:45:52 ----D---- C:\WINDOWS\msagent
2008-12-03 23:45:47 ----D---- C:\WINDOWS\srchasst
2008-12-03 23:45:45 ----D---- C:\Program Files\NetMeeting
2008-12-03 23:45:37 ----D---- C:\WINDOWS\system32\Com
2008-12-03 23:45:21 ----D---- C:\Program Files\Windows Media Player
2008-12-03 23:45:18 ----D---- C:\Program Files\Windows NT
2008-12-03 23:45:18 ----D---- C:\Program Files\Outlook Express
2008-12-03 23:45:05 ----D---- C:\Program Files\Common Files\System
2008-12-03 23:44:03 ----D---- C:\WINDOWS\system32\oobe
2008-12-03 23:43:53 ----D---- C:\WINDOWS\system
2008-12-03 23:32:21 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-03 06:07:36 ----D---- C:\WINDOWS\system32\DirectX
2008-11-19 03:12:10 ----D---- C:\Program Files\VstPlugins
2008-11-19 03:12:10 ----D---- C:\Program Files\Image-Line
2008-11-19 03:05:22 ----D---- C:\Program Files\Common Files\Adobe
2008-11-19 03:05:21 ----D---- C:\Program Files\Common Files
2008-11-19 02:59:24 ----D---- C:\Program Files\Adobe
2008-11-19 02:17:12 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-17 02:51:06 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-17 02:51:06 ----D---- C:\Program Files\Real
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-03 16:49:52 ----D---- C:\Program Files\Microsoft Office
2008-10-25 22:08:05 ----D---- C:\WINDOWS\SHELLNEW
2008-10-24 04:54:15 ----D---- C:\WINDOWS\twain_32
2008-10-24 04:45:55 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-24 04:45:02 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-24 04:44:56 ----D---- C:\Program Files\Microsoft Works
2008-10-24 04:34:56 ----D---- C:\Program Files\DivX
2008-10-24 03:15:24 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-21 20:54:46 ----D---- C:\Program Files\SystemRequirementsLab
2008-10-21 20:52:41 ----D---- C:\WINDOWS\Registration
2008-10-19 03:47:36 ----D---- C:\Program Files\Internet Explorer
2008-10-17 01:18:27 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-05-08 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-05-08 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-05-08 37376]
R3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-06-03 202912]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
S1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
S1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-22 267192]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-04-23 12672]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S2 Packet;Auto Internet Protocol; C:\WINDOWS\system32\DRIVERS\packet.sys [2006-12-18 12672]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-05-09 604928]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2007-05-08 45568]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 DXEC02;DXEC02; C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 103168]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver; C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2008-04-13 59136]
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver; C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-04-23 989696]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-04-23 209152]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-06 5707744]
S3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd32.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081212.004\naveng.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081212.004\navex15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-06-06 1222840]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver; C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 3968]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-22 17976]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbcm;USB Cable Modem 351000 NDIS Driver; C:\WINDOWS\system32\DRIVERS\usbcm.sys [2002-04-11 13335]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-04-23 730112]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-12-21 186016]
S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-12-21 177824]
S2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-05-30 19696]
S2 hnmsvc;Advanced Networking Service; C:\Program Files\Dell Network Assistant\hnm_svc.exe [2007-05-25 112176]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-22 206552]
S2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-05-30 1752816]
S2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-05-09 20480]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-12-21 83616]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe [2008-02-04 16936]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-05-30 124656]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:47 AM

Posted 14 December 2008 - 10:47 AM

  • Please download ATF Cleaner by Atribune & save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main "Select Files to Delete" choose: Select All.
    • Click the Empty Selected button.
    • If you use Firefox browser click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera browser click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.
  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image



    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

  • Please download mbr.exe from the following link and save it to your desktop: http://www2.gmer.net/mbr/mbr.exe
    • Double click mbr.exe to run it. You will see a very flash of a "dos" box then disappears. This is normal.
    • The tool creates a log (mbr.log) on your desktop. Copy and paste the content of that log to your reply.
Please copy/paste in your next reply:
  • The Combofix log.
  • The mbr.log.
  • Any comment or feedback about how it went.


#7 Pope

Pope
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 15 December 2008 - 12:40 AM

No improvement. This time when IE crashed gave error message: The instruction at "0x01a21BFA" referenced memory at "0x00000000". The memory could not be "written."


ComboFix 08-12-14.04 - Jefff 2008-12-14 23:55:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1463 [GMT -5:00]
Running from: c:\documents and settings\Jefff\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\x64

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_PACKET
-------\Service_Packet


((((((((((((((((((((((((( Files Created from 2008-11-15 to 2008-12-15 )))))))))))))))))))))))))))))))
.

2008-12-14 02:33 . 2008-12-14 02:33 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-12-14 02:10 . 2008-12-14 02:30 <DIR> d-------- C:\SDFix
2008-12-07 00:45 . 2008-12-13 00:13 <DIR> d-------- C:\rsit
2008-12-07 00:45 . 2008-12-13 00:12 <DIR> d-------- c:\program files\trend micro
2008-12-07 00:44 . 2008-12-14 02:08 <DIR> d-------- c:\documents and settings\Jefff\Application Data\U3
2008-12-04 23:53 . 2008-12-04 23:53 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2008-12-04 23:49 . 2008-12-04 23:50 <DIR> d-------- c:\windows\ERUNT
2008-12-04 21:17 . 2008-12-04 21:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-04 21:17 . 2008-12-04 21:17 <DIR> d-------- c:\documents and settings\Jefff\Application Data\Malwarebytes
2008-12-04 21:17 . 2008-12-04 21:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-04 21:17 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 21:17 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-04 20:13 . 2007-09-20 16:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InstallShield
2008-12-04 20:13 . 2008-02-11 15:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2008-12-04 20:13 . 2008-12-04 20:13 <DIR> d-------- c:\documents and settings\Administrator
2008-12-03 23:50 . 2008-12-03 23:51 <DIR> d-------- c:\windows\system32\scripting
2008-12-03 23:50 . 2008-12-03 23:50 <DIR> d-------- c:\windows\system32\en
2008-12-03 23:50 . 2008-12-03 23:50 <DIR> d-------- c:\windows\system32\bits
2008-12-03 23:50 . 2008-12-03 23:50 <DIR> d-------- c:\windows\l2schemas
2008-12-03 23:46 . 2008-12-03 23:52 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-03 23:23 . 2008-12-03 23:23 <DIR> d-------- c:\windows\EHome
2008-12-03 05:26 . 2008-12-03 20:13 <DIR> d-------- c:\documents and settings\Jefff\Application Data\InstallShield Installation Information
2008-11-25 20:41 . 2008-11-25 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-11-19 01:59 . 2008-12-03 22:48 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2008-11-17 02:36 . 2008-11-17 02:36 192,512 --a------ c:\windows\system32\srkey.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 05:01 --------- d-----w c:\program files\DNA
2008-12-15 05:01 --------- d-----w c:\documents and settings\Jefff\Application Data\DNA
2008-12-15 04:59 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-10 11:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-04 02:06 --------- d-----w c:\documents and settings\Jefff\Application Data\BitTorrent
2008-12-02 09:23 --------- d-----w c:\documents and settings\Jefff\Application Data\LimeWire
2008-11-28 11:30 --------- d-----w c:\documents and settings\Jefff\Application Data\Winff
2008-11-19 08:12 --------- d-----w c:\program files\VstPlugins
2008-11-19 08:12 --------- d-----w c:\program files\Image-Line
2008-11-19 08:05 --------- d-----w c:\program files\Common Files\Adobe
2008-11-17 07:51 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 07:51 --------- d-----w c:\program files\Real
2008-11-14 21:09 --------- d-----w c:\documents and settings\NetworkService\Application Data\DivX
2008-11-07 02:15 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-05 20:52 --------- d-----w c:\documents and settings\Jefff\Application Data\Disney Mix It Plug-in
2008-11-03 21:51 --------- d-----w c:\documents and settings\Jefff\Application Data\IGN_DLM
2008-10-27 09:37 --------- d-----w c:\program files\AviSynth 2.5
2008-10-26 03:11 47,104 ------w c:\windows\AKDeInstall.exe
2008-10-26 03:11 --------- d-----w c:\program files\mpegable
2008-10-26 03:05 356,352 ----a-w c:\windows\eSellerateEngine.dll
2008-10-26 02:29 190 ----a-w C:\stats.dat
2008-10-25 17:15 --------- d-----w c:\program files\K-Lite Codec Pack
2008-10-25 08:26 --------- d-----w c:\program files\BitTorrent
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 09:50 --------- d-----w c:\program files\SD EnterNET
2008-10-24 09:45 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-24 09:44 --------- d-----w c:\program files\Microsoft Works
2008-10-24 09:34 --------- d-----w c:\program files\DivX
2008-10-23 06:46 --------- d-----w c:\program files\Invasion Interactive Ltd
2008-10-23 05:31 --------- d-----w c:\documents and settings\All Users\Application Data\NexonUS
2008-10-22 13:31 --------- d-----w c:\program files\Common Files\INCA Shared
2008-10-22 01:54 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-21 21:51 --------- d-----w c:\documents and settings\Jefff\Application Data\SecondLife
2008-10-20 08:53 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-20 08:53 339,968 ------w c:\windows\Setup1.exe
2008-10-18 22:48 --------- d-----w c:\documents and settings\LocalService\Application Data\Yahoo!
2008-10-18 19:25 --------- d-----w c:\program files\Microsoft Games
2008-10-18 03:58 61,224 ----a-w c:\documents and settings\Jefff\GoToAssistDownloadHelper.exe
2008-10-17 06:18 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-01 17:14 260 ----a-w c:\documents and settings\Jefff\Application Data\wklnhst.dat
2008-09-20 05:34 5,607 -c--a-w c:\windows\~GLH0001.TMP
2008-09-20 05:34 27,136 -c--a-w c:\windows\~GLH0000.TMP
2008-09-20 05:34 140,288 -c--a-w c:\windows\~GLC0000.TMP
2008-11-04 01:47 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-11-04 01:47 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-04 01:47 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-11-04 01:47 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-11-04 01:47 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-11 342336]
"vxdhm"="c:\documents and settings\Jefff\Application Data\Google\xtgoj6119471.exe" [2008-12-03 124416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-05-09 1392640]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 48800]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-05-30 85744]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-09 185872]
"SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 c:\windows\stsystra.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-02-04 14:47 10792 c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2007-05-14 14:23 1191936 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a--c--- 2007-05-24 07:03 17920 c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-06-06 15:30 162584 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microprose\\Risk II\\RISKII.EXE"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"6112:TCP"= 6112:TCP:Blizzard Downloader
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R3 EraserUtilDrvI7;EraserUtilDrvI7;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [2008-12-13 99376]
S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2006-05-30 124656]
S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;c:\windows\system32\DRIVERS\SWUSBFLT.sys [2008-10-17 3968]
.
Contents of the 'Scheduled Tasks' folder

2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-Run-Pinnacle Game Profiler - c:\program files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe
HKLM-Run-LVCOMS - c:\windows\system32\LVCOMS.EXE


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070920
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jefff\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jefff\Start Menu\Programs\IMVU\Run IMVU.lnk -
Trusted Zone: *.moove.com

c:\windows\Downloaded Program Files\sysreqlab3.dll - c:\windows\Downloaded Program Files\sysreqlab_srl.dll
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
c:\windows\Downloaded Program Files\sysreqlab.osd

c:\windows\Downloaded Program Files\ActiveWorldsDownload.lic - c:\windows\Downloaded Program Files\ActiveWorldsDownload.ocx
O16 -: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B}
hxxp://www.activeworlds.com/products/ActiveWorldsDownload.cab
c:\windows\Downloaded Program Files\ActiveWorldsDownload.inf
FF - ProfilePath - c:\documents and settings\Jefff\Application Data\Mozilla\Firefox\Profiles\sqlzz2au.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 00:01:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(964)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-12-15 0:04:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-15 05:04:24

Pre-Run: 26,824,990,720 bytes free
Post-Run: 26,741,305,344 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

252 --- E O F --- 2008-12-13 05:15:43


Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:47 AM

Posted 15 December 2008 - 07:56 AM

Thanks for feedback.
  • Bittorrent is set to start with Windows. Please either uninstall it or configure it not to startup with windows. Refrain also from running it at this stage to avoid reinfection or infecting other users. Please empty all P2P download folders.

  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jefff\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)


    Optional: The following sites are set to the safe zone. It means that the traffic created by these sites won't be checked by security checkpoints any more. While these site are safe to visit they might not be safe all the time and their traffic better pass through the security checkpoint. If you decided to remove these sites from the trusted zone check the boxes next to the following entries:

    O15 - Trusted Zone: *.moove.com

    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Open notepad and copy/paste the text in the code box below into it:

    http://www.bleepingcomputer.com/forums/t/184693/perfect-defender-2009-still-causing-crashes/
    
    Collect::[4]
    C:\Documents and Settings\Jefff\Application Data\Google\xtgoj6119471.exe
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "vxdhm"=-
    
    Dirlook::
    C:\Documents and Settings\Jefff\Application Data\Google

    Save this as CFScript.txt


    Posted Image


    Referring to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it shall produce a log for you. Post that log in your next reply.

    **Important Note**

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.
    • A browser will open.
    • Simply follow the instructions to copy/paste/send the requested file.
  • Please first reboot, make a fresh Hijackthis log and post it to your reply along with your comment.


#9 Pope

Pope
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 16 December 2008 - 02:34 AM

I don't want to jinx myself but everything looks to be properly functioning. No security alerts and there was no redirect. The tab falshed as though it would but I have been able to use IE and am posting this reply from my laptop. Hpoefully that'll do it. Thanks for all you helped. Certainly saved a lot of money. Here's the logs:


ComboFix 08-12-14.04 - Jefff 2008-12-16 1:23:03.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1479 [GMT -5:00]
Running from: c:\documents and settings\Jefff\Desktop\ComboFix.exe
Command switches used :: F:\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jefff\Application Data\Google\xtgoj6119471.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-16 to 2008-12-16 )))))))))))))))))))))))))))))))
.

2008-12-14 02:33 . 2008-12-14 02:33 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-12-14 02:10 . 2008-12-14 02:30 <DIR> d-------- C:\SDFix
2008-12-07 00:45 . 2008-12-13 00:13 <DIR> d-------- C:\rsit
2008-12-07 00:45 . 2008-12-13 00:12 <DIR> d-------- c:\program files\trend micro
2008-12-07 00:44 . 2008-12-14 02:08 <DIR> d-------- c:\documents and settings\Jefff\Application Data\U3
2008-12-04 23:53 . 2008-12-04 23:53 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2008-12-04 23:49 . 2008-12-04 23:50 <DIR> d-------- c:\windows\ERUNT
2008-12-04 21:17 . 2008-12-04 21:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-04 21:17 . 2008-12-04 21:17 <DIR> d-------- c:\documents and settings\Jefff\Application Data\Malwarebytes
2008-12-04 21:17 . 2008-12-04 21:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-04 21:17 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 21:17 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-04 20:13 . 2007-09-20 16:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InstallShield
2008-12-04 20:13 . 2008-02-11 15:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2008-12-04 20:13 . 2008-12-04 20:13 <DIR> d-------- c:\documents and settings\Administrator
2008-12-03 23:50 . 2008-12-03 23:51 <DIR> d-------- c:\windows\system32\scripting
2008-12-03 23:50 . 2008-12-03 23:50 <DIR> d-------- c:\windows\system32\en
2008-12-03 23:50 . 2008-12-03 23:50 <DIR> d-------- c:\windows\system32\bits
2008-12-03 23:50 . 2008-12-03 23:50 <DIR> d-------- c:\windows\l2schemas
2008-12-03 23:46 . 2008-12-03 23:52 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-03 23:23 . 2008-12-03 23:23 <DIR> d-------- c:\windows\EHome
2008-12-03 05:26 . 2008-12-03 20:13 <DIR> d-------- c:\documents and settings\Jefff\Application Data\InstallShield Installation Information
2008-11-25 20:41 . 2008-11-25 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-11-19 01:59 . 2008-12-03 22:48 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2008-11-17 02:36 . 2008-11-17 02:36 192,512 --a------ c:\windows\system32\srkey.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 06:15 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-16 06:08 --------- d-----w c:\documents and settings\Jefff\Application Data\DNA
2008-12-16 06:05 --------- d-----w c:\program files\DNA
2008-12-10 11:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-04 02:06 --------- d-----w c:\documents and settings\Jefff\Application Data\BitTorrent
2008-12-02 09:23 --------- d-----w c:\documents and settings\Jefff\Application Data\LimeWire
2008-11-28 11:30 --------- d-----w c:\documents and settings\Jefff\Application Data\Winff
2008-11-19 08:12 --------- d-----w c:\program files\VstPlugins
2008-11-19 08:12 --------- d-----w c:\program files\Image-Line
2008-11-19 08:05 --------- d-----w c:\program files\Common Files\Adobe
2008-11-17 07:51 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 07:51 --------- d-----w c:\program files\Real
2008-11-14 21:09 --------- d-----w c:\documents and settings\NetworkService\Application Data\DivX
2008-11-07 02:15 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-05 20:52 --------- d-----w c:\documents and settings\Jefff\Application Data\Disney Mix It Plug-in
2008-11-03 21:51 --------- d-----w c:\documents and settings\Jefff\Application Data\IGN_DLM
2008-11-02 02:13 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-10-27 09:37 --------- d-----w c:\program files\AviSynth 2.5
2008-10-26 03:11 47,104 ------w c:\windows\AKDeInstall.exe
2008-10-26 03:11 --------- d-----w c:\program files\mpegable
2008-10-26 03:05 356,352 ----a-w c:\windows\eSellerateEngine.dll
2008-10-26 02:29 190 ----a-w C:\stats.dat
2008-10-25 17:15 --------- d-----w c:\program files\K-Lite Codec Pack
2008-10-25 08:26 --------- d-----w c:\program files\BitTorrent
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-24 09:50 --------- d-----w c:\program files\SD EnterNET
2008-10-24 09:45 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-24 09:44 --------- d-----w c:\program files\Microsoft Works
2008-10-24 09:34 --------- d-----w c:\program files\DivX
2008-10-23 06:46 --------- d-----w c:\program files\Invasion Interactive Ltd
2008-10-23 05:31 --------- d-----w c:\documents and settings\All Users\Application Data\NexonUS
2008-10-22 13:31 --------- d-----w c:\program files\Common Files\INCA Shared
2008-10-22 01:54 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-21 21:51 --------- d-----w c:\documents and settings\Jefff\Application Data\SecondLife
2008-10-20 08:53 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-20 08:53 339,968 ------w c:\windows\Setup1.exe
2008-10-18 22:48 --------- d-----w c:\documents and settings\LocalService\Application Data\Yahoo!
2008-10-18 19:25 --------- d-----w c:\program files\Microsoft Games
2008-10-18 03:58 61,224 ----a-w c:\documents and settings\Jefff\GoToAssistDownloadHelper.exe
2008-10-17 06:18 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-08 00:29 4,608 ----a-w c:\windows\system32\w95inf32.dll
2008-10-08 00:29 2,272 ----a-w c:\windows\system32\w95inf16.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-10-01 17:14 260 ----a-w c:\documents and settings\Jefff\Application Data\wklnhst.dat
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-20 05:34 5,607 -c--a-w c:\windows\~GLH0001.TMP
2008-09-20 05:34 27,136 -c--a-w c:\windows\~GLH0000.TMP
2008-09-20 05:34 140,288 -c--a-w c:\windows\~GLC0000.TMP
2008-11-04 01:47 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-11-04 01:47 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-04 01:47 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-11-04 01:47 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-11-04 01:47 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\Jefff\Application Data\Google ----

2008-12-16 01:16 64512 --a------ c:\documents and settings\Jefff\Application Data\Google\lptdfx.dll
2008-12-03 22:51 607 --a------ c:\documents and settings\Jefff\Application Data\Google\T-Scan\n.gif
2008-12-03 22:51 598 --a------ c:\documents and settings\Jefff\Application Data\Google\T-Scan\y.gif
2008-12-03 22:51 2119 --a------ c:\documents and settings\Jefff\Application Data\Google\T-Scan\t.gif
2008-12-03 22:46 124416 --a------ c:\documents and settings\Jefff\Application Data\Google\xtgoj6119471.exe
2007-10-03 08:14 412 --a--c--- c:\documents and settings\Jefff\Application Data\Google\Local Search History\google%2Eweb.w


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-05-09 1392640]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 48800]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-05-30 85744]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-09 185872]
"SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 c:\windows\stsystra.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-02-04 14:47 10792 c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 11:15 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-11-11 21:21 342336 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2007-05-14 14:23 1191936 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a--c--- 2007-05-24 07:03 17920 c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-06-06 15:30 162584 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microprose\\Risk II\\RISKII.EXE"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"6112:TCP"= 6112:TCP:Blizzard Downloader
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2006-05-30 124656]
S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;c:\windows\system32\DRIVERS\SWUSBFLT.sys [2008-10-17 3968]
.
Contents of the 'Scheduled Tasks' folder

2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070920
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\sysreqlab3.dll - c:\windows\Downloaded Program Files\sysreqlab_srl.dll
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
c:\windows\Downloaded Program Files\sysreqlab.osd

c:\windows\Downloaded Program Files\ActiveWorldsDownload.lic - c:\windows\Downloaded Program Files\ActiveWorldsDownload.ocx
O16 -: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B}
hxxp://www.activeworlds.com/products/ActiveWorldsDownload.cab
c:\windows\Downloaded Program Files\ActiveWorldsDownload.inf
FF - ProfilePath - c:\documents and settings\Jefff\Application Data\Mozilla\Firefox\Profiles\sqlzz2au.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 01:25:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(960)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
.
Completion time: 2008-12-16 1:26:43
ComboFix-quarantined-files.txt 2008-12-16 06:26:10
ComboFix2.txt 2008-12-15 05:04:28

Pre-Run: 26,744,819,712 bytes free
Post-Run: 26,726,117,376 bytes free

250 --- E O F --- 2008-12-13 05:15:43


Logfile of random's system information tool 1.04 (written by random/random)
Run by Jefff at 2008-12-16 02:24:52
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 26 GB (23%) free of 112 GB
Total RAM: 2038 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:00 AM, on 12/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Jefff\Desktop\RSIT.exe
F:\Jefff.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070920
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7668 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-09 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-03 851968]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-05-09 1392640]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-06-06 405504]
"KADxMain"=C:\WINDOWS\system32\KADxMain.exe [2006-11-02 282624]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-12-21 48800]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-05-30 85744]
"XboxStat"=c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-09 185872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-01-03 50528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2008-11-11 342336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
C:\Dell\E-Center\EULALauncher.exe [2007-05-24 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2007-06-06 162584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-09-26 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2006-11-03 50688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll [2008-02-04 10792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-06 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-05-30 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microprose\Risk II\RISKII.EXE"="C:\Program Files\Microprose\Risk II\RISKII.EXE:*:Enabled:Risk II"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

======List of files/folders created in the last 2 months======

2008-12-16 01:52:40 ----D---- C:\WINDOWS\temp
2008-12-16 01:26:44 ----A---- C:\ComboFix.txt
2008-12-14 23:55:22 ----A---- C:\Boot.bak
2008-12-14 23:55:17 ----RASHD---- C:\cmdcons
2008-12-14 23:51:00 ----A---- C:\WINDOWS\zip.exe
2008-12-14 23:51:00 ----A---- C:\WINDOWS\VFIND.exe
2008-12-14 23:51:00 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-14 23:51:00 ----A---- C:\WINDOWS\SWSC.exe
2008-12-14 23:51:00 ----A---- C:\WINDOWS\SWREG.exe
2008-12-14 23:51:00 ----A---- C:\WINDOWS\sed.exe
2008-12-14 23:51:00 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-14 23:51:00 ----A---- C:\WINDOWS\grep.exe
2008-12-14 23:51:00 ----A---- C:\WINDOWS\fdsv.exe
2008-12-14 23:50:57 ----D---- C:\WINDOWS\ERDNT
2008-12-14 23:50:56 ----D---- C:\Qoobox
2008-12-14 02:10:58 ----D---- C:\SDFix
2008-12-10 19:36:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-07 00:45:08 ----D---- C:\Program Files\trend micro
2008-12-07 00:45:04 ----D---- C:\rsit
2008-12-07 00:44:27 ----D---- C:\Documents and Settings\Jefff\Application Data\U3
2008-12-05 03:04:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-05 03:03:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-05 00:02:41 ----D---- C:\Documents and Settings\Jefff\Application Data\WinRAR
2008-12-04 23:49:47 ----D---- C:\WINDOWS\ERUNT
2008-12-04 21:17:15 ----D---- C:\Documents and Settings\Jefff\Application Data\Malwarebytes
2008-12-04 21:17:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-04 21:17:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-04 20:12:22 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-04 00:35:19 ----D---- C:\WINDOWS\Prefetch
2008-12-04 00:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-04 00:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-04 00:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-04 00:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-04 00:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-04 00:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-04 00:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-04 00:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-04 00:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-04 00:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-04 00:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-04 00:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-04 00:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-04 00:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-04 00:00:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-03 23:59:59 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-03 23:59:45 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-03 23:59:32 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-03 23:53:11 ----A---- C:\WINDOWS\setuplog.txt
2008-12-03 23:50:59 ----D---- C:\WINDOWS\system32\scripting
2008-12-03 23:50:56 ----D---- C:\WINDOWS\l2schemas
2008-12-03 23:50:55 ----D---- C:\WINDOWS\system32\en
2008-12-03 23:50:54 ----D---- C:\WINDOWS\system32\bits
2008-12-03 23:46:21 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-03 23:24:00 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-03 23:23:58 ----D---- C:\WINDOWS\EHome
2008-12-03 05:26:30 ----D---- C:\Documents and Settings\Jefff\Application Data\InstallShield Installation Information
2008-11-25 20:41:16 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-11-19 01:59:53 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-11-17 02:36:37 ----A---- C:\WINDOWS\system32\srkey.exe
2008-11-12 03:05:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-12 03:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-11-06 21:15:43 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-11-05 15:27:33 ----D---- C:\Documents and Settings\Jefff\Application Data\Disney Mix It Plug-in
2008-11-03 16:57:12 ----A---- C:\WINDOWS\Cinema Tycoon 2 Movie Mania Uninstall Log.txt
2008-11-01 21:13:27 ----A---- C:\WINDOWS\binkw32.dll
2008-11-01 20:45:28 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2008-10-25 22:11:05 ----A---- C:\SetUp-Log-mpegable DS decoder.txt
2008-10-25 22:11:02 ----N---- C:\WINDOWS\AKDeInstall.exe
2008-10-25 22:11:01 ----D---- C:\Program Files\mpegable
2008-10-25 22:05:17 ----A---- C:\WINDOWS\eSellerateEngine.dll
2008-10-25 21:15:08 ----D---- C:\Program Files\AviSynth 2.5
2008-10-25 12:15:22 ----A---- C:\WINDOWS\system32\unrar.dll
2008-10-25 12:15:22 ----A---- C:\WINDOWS\avisplitter.ini
2008-10-25 12:15:19 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-10-25 12:15:19 ----A---- C:\WINDOWS\system32\x264vfw.dll
2008-10-25 12:15:19 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2008-10-25 12:15:19 ----A---- C:\WINDOWS\system32\vp6vfw.dll
2008-10-25 12:15:19 ----A---- C:\WINDOWS\system32\huffyuv.dll
2008-10-25 12:15:18 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-10-25 12:15:17 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-10-25 12:15:15 ----D---- C:\Program Files\K-Lite Codec Pack
2008-10-25 03:27:57 ----D---- C:\Documents and Settings\Jefff\Application Data\BitTorrent
2008-10-25 03:26:37 ----D---- C:\Program Files\DNA
2008-10-25 03:26:37 ----D---- C:\Documents and Settings\Jefff\Application Data\DNA
2008-10-25 03:26:36 ----D---- C:\Program Files\BitTorrent
2008-10-24 04:25:01 ----N---- C:\WINDOWS\system32\RoseCo2.dll
2008-10-24 04:25:01 ----N---- C:\WINDOWS\system32\KickCom2.dll
2008-10-24 04:25:01 ----A---- C:\WINDOWS\system32\demoover.exe
2008-10-24 03:27:33 ----A---- C:\WINDOWS\PControl.ini
2008-10-24 02:02:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-23 01:46:15 ----D---- C:\Program Files\Invasion Interactive Ltd
2008-10-22 17:25:50 ----D---- C:\Nexon
2008-10-22 17:25:48 ----D---- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-10-22 08:31:23 ----D---- C:\Program Files\Common Files\INCA Shared
2008-10-21 20:58:17 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-10-21 20:58:17 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-10-21 20:58:15 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-10-21 20:58:14 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-10-21 20:58:14 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-10-21 20:58:13 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-10-21 20:58:11 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-10-21 20:58:11 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-10-21 20:58:10 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-10-21 20:58:09 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-10-21 20:58:08 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-10-21 20:58:08 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-10-21 20:58:06 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-10-21 20:58:05 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-10-21 20:58:04 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-10-21 20:58:02 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-10-21 20:58:01 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-10-21 20:58:01 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-10-21 20:58:00 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-10-21 20:57:59 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-10-21 20:57:56 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-10-21 20:57:56 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-10-21 20:57:55 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-10-21 20:57:53 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-10-21 20:57:51 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-10-21 20:57:51 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-10-21 20:57:50 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-10-21 20:57:48 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-10-21 20:57:48 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-10-21 20:57:46 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-10-21 20:57:46 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-10-21 20:57:45 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-10-21 20:57:43 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-10-21 20:57:40 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-10-21 20:57:40 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-10-21 20:57:37 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-10-21 20:57:36 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-10-21 20:57:35 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-10-21 20:57:35 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-10-21 20:57:34 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-10-21 20:57:34 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-10-21 20:57:33 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-10-21 20:57:32 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-10-21 20:57:31 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-10-21 20:57:30 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-10-21 20:57:29 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-10-21 20:57:28 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-10-21 20:57:17 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-10-21 20:57:16 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-10-21 20:57:16 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-10-21 20:57:16 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-10-21 20:57:15 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-10-21 20:57:14 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-10-21 20:57:08 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-10-21 20:41:55 ----D---- C:\WINDOWS\Logs
2008-10-21 20:41:51 ----HD---- C:\WINDOWS\msdownld.tmp
2008-10-21 16:33:19 ----D---- C:\Documents and Settings\Jefff\Application Data\SecondLife
2008-10-21 11:59:03 ----D---- C:\Program Files\SD EnterNET
2008-10-20 03:52:30 ----N---- C:\WINDOWS\Setup1.exe
2008-10-20 03:52:26 ----A---- C:\WINDOWS\ST6UNST.EXE
2008-10-19 02:12:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-19 02:12:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-19 02:12:08 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-19 02:08:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-19 02:08:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-17 23:20:24 ----A---- C:\WINDOWS\Cinema Tycoon 2 Movie Mania Setup Log.txt
2008-10-17 17:45:20 ----D---- C:\Program Files\Microsoft Games
2008-10-17 16:33:51 ----A---- C:\WINDOWS\system32\swpdflt2.dll

======List of files/folders modified in the last 2 months======

2008-12-16 02:23:10 ----D---- C:\Program Files\Symantec AntiVirus
2008-12-16 02:22:35 ----D---- C:\WINDOWS\system32\ias
2008-12-16 02:22:25 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-16 02:22:25 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2008-12-16 02:22:24 ----D---- C:\WINDOWS
2008-12-16 02:21:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-16 01:52:41 ----D---- C:\WINDOWS\system32
2008-12-16 01:25:27 ----A---- C:\WINDOWS\system.ini
2008-12-16 01:24:52 ----D---- C:\WINDOWS\system32\drivers
2008-12-16 01:24:50 ----D---- C:\Program Files\Common Files
2008-12-16 01:24:49 ----D---- C:\WINDOWS\AppPatch
2008-12-16 01:23:44 ----D---- C:\Documents and Settings\Jefff\Application Data\Google
2008-12-16 01:08:22 ----RASH---- C:\boot.ini
2008-12-16 01:08:22 ----A---- C:\WINDOWS\win.ini
2008-12-14 23:57:20 ----D---- C:\WINDOWS\system32\config
2008-12-13 00:15:38 ----SHD---- C:\WINDOWS\Installer
2008-12-10 19:36:58 ----HD---- C:\WINDOWS\inf
2008-12-10 19:36:05 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-10 19:34:10 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-10 06:39:06 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-10 06:25:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-10 06:23:22 ----RD---- C:\Program Files
2008-12-06 20:25:58 ----D---- C:\Program Files\Mozilla Firefox
2008-12-05 21:47:33 ----D---- C:\WINDOWS\network diagnostic
2008-12-05 21:32:47 ----D---- C:\WINDOWS\pss
2008-12-05 03:04:43 ----A---- C:\WINDOWS\imsins.BAK
2008-12-04 20:13:04 ----D---- C:\Documents and Settings
2008-12-04 15:51:38 ----SHD---- C:\System Volume Information
2008-12-04 15:51:38 ----D---- C:\WINDOWS\system32\Restore
2008-12-04 14:35:30 ----SD---- C:\Documents and Settings\Jefff\Application Data\Microsoft
2008-12-04 00:37:34 ----AC---- C:\WINDOWS\OEWABLog.txt
2008-12-04 00:34:40 ----D---- C:\WINDOWS\system32\Setup
2008-12-04 00:34:32 ----D---- C:\WINDOWS\system32\wbem
2008-12-04 00:34:21 ----RSD---- C:\WINDOWS\Fonts
2008-12-04 00:32:29 ----D---- C:\WINDOWS\security
2008-12-04 00:04:43 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-03 23:59:47 ----D---- C:\Program Files\Messenger
2008-12-03 23:52:17 ----D---- C:\WINDOWS\WinSxS
2008-12-03 23:51:51 ----D---- C:\WINDOWS\ime
2008-12-03 23:51:50 ----D---- C:\WINDOWS\Help
2008-12-03 23:51:01 ----D---- C:\WINDOWS\system32\usmt
2008-12-03 23:51:01 ----D---- C:\WINDOWS\system32\en-US
2008-12-03 23:50:54 ----D---- C:\WINDOWS\PeerNet
2008-12-03 23:50:53 ----D---- C:\Program Files\Movie Maker
2008-12-03 23:45:59 ----D---- C:\WINDOWS\system32\npp
2008-12-03 23:45:52 ----D---- C:\WINDOWS\msagent
2008-12-03 23:45:47 ----D---- C:\WINDOWS\srchasst
2008-12-03 23:45:45 ----D---- C:\Program Files\NetMeeting
2008-12-03 23:45:37 ----D---- C:\WINDOWS\system32\Com
2008-12-03 23:45:21 ----D---- C:\Program Files\Windows Media Player
2008-12-03 23:45:18 ----D---- C:\Program Files\Windows NT
2008-12-03 23:45:18 ----D---- C:\Program Files\Outlook Express
2008-12-03 23:45:05 ----D---- C:\Program Files\Common Files\System
2008-12-03 23:44:03 ----D---- C:\WINDOWS\system32\oobe
2008-12-03 23:43:53 ----D---- C:\WINDOWS\system
2008-12-03 23:32:21 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-03 06:07:36 ----D---- C:\WINDOWS\system32\DirectX
2008-12-02 04:23:30 ----D---- C:\Documents and Settings\Jefff\Application Data\LimeWire
2008-11-28 06:30:04 ----D---- C:\Documents and Settings\Jefff\Application Data\Winff
2008-11-19 03:12:10 ----D---- C:\Program Files\VstPlugins
2008-11-19 03:12:10 ----D---- C:\Program Files\Image-Line
2008-11-19 03:05:22 ----D---- C:\Program Files\Common Files\Adobe
2008-11-19 02:59:24 ----D---- C:\Program Files\Adobe
2008-11-19 02:17:12 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-17 02:51:06 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-17 02:51:06 ----D---- C:\Program Files\Real
2008-11-06 21:20:15 ----D---- C:\Documents and Settings\Jefff\Application Data\Adobe
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-03 16:51:35 ----D---- C:\Documents and Settings\Jefff\Application Data\IGN_DLM
2008-11-03 16:49:52 ----D---- C:\Program Files\Microsoft Office
2008-10-25 22:08:05 ----D---- C:\WINDOWS\SHELLNEW
2008-10-24 04:54:15 ----D---- C:\WINDOWS\twain_32
2008-10-24 04:45:55 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-24 04:45:02 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-24 04:44:56 ----D---- C:\Program Files\Microsoft Works
2008-10-24 04:34:56 ----D---- C:\Program Files\DivX
2008-10-24 03:15:24 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-21 20:54:46 ----D---- C:\Program Files\SystemRequirementsLab
2008-10-21 20:52:41 ----D---- C:\WINDOWS\Registration
2008-10-19 03:47:36 ----D---- C:\Program Files\Internet Explorer
2008-10-17 01:18:27 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-22 267192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-04-23 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-05-08 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-05-08 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-05-08 37376]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-05-09 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2007-05-08 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DXEC02;DXEC02; C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 103168]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-04-23 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-04-23 209152]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-06 5707744]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081212.004\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081212.004\navex15.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-06-06 1222840]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-22 17976]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-06-03 202912]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-04-23 730112]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EraserUtilDrvI7;EraserUtilDrvI7; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys []
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver; C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2008-04-13 59136]
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver; C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd32.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\Jefff\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver; C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 3968]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbcm;USB Cable Modem 351000 NDIS Driver; C:\WINDOWS\system32\DRIVERS\usbcm.sys [2002-04-11 13335]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-12-21 186016]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-12-21 177824]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-05-30 19696]
R2 hnmsvc;Advanced Networking Service; C:\Program Files\Dell Network Assistant\hnm_svc.exe [2007-05-25 112176]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-22 206552]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-05-30 1752816]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-05-09 20480]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-12-21 83616]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe [2008-02-04 16936]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-05-30 124656]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------


Again, thank you so much!

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:47 AM

Posted 16 December 2008 - 10:34 AM

You are welcome!

Everything looks good.


  • Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Go to where it says "Java SE Runtime Environment (JRE) 6 Update 11"
    • Click the "Download" button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.
  • Go to start > run and copy and paste or type next command in the field then hit enter:

    ComboFix /u

    Note: There's a space between Combofix and /

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

  • Remove SDFix and its folder (C:\SDFix). Delete also any tool or fix we have used from your desktop.
Do you have any question before we close the topic?

#11 Pope

Pope
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 16 December 2008 - 11:24 AM

No, that's about it. Thanks again.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:47 AM

Posted 16 December 2008 - 02:39 PM

You are welcome and happy surfing.

This thread will now be closed.

If you need this topic reopened, please send me a PM and I will reopen it for you. Include the address of this thread in your request.

If you should have a new issue, please start a new topic.

This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users