Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus / computer very slow


  • This topic is locked This topic is locked
6 replies to this topic

#1 ihavethistheory

ihavethistheory

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 13 December 2008 - 04:07 PM

Hi,
My computer has become very slow.
When I try to
I have run my virus scan and anti-spyware scan that comes with road runner (CA security center).
I have also run Ad-Aware virus scan from lavasoft.
I have also deleted all my temporary internet files.
This has not fixed the problem.
I am now posting both notepard reports generated by RSIT:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Denis at 2008-12-13 12:50:07
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 92 GB (80%) free of 114 GB
Total RAM: 1023 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:51 PM, on 12/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Denis\Desktop\RSIT.exe
C:\Program Files\trend micro\Denis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.we1.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.we1.attbb.net;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {78378e32-5293-4ecd-9c96-b63489169466} - C:\WINDOWS\system32\dorebobo.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\_helper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [0Fmj3qj] lmh_b5_bundle_14.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wagabozuzo] Rundll32.exe "C:\WINDOWS\system32\wisezeki.dll",s
O4 - HKLM\..\Run: [a8dbac75] rundll32.exe "C:\WINDOWS\system32\yizesoko.dll",b
O4 - HKLM\..\Run: [CPMabe89fe9] Rundll32.exe "c:\windows\system32\vivuyayo.dll",a
O4 - HKCU\..\Run: [Ho5tRkHnl] lfbxprxy.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1110099598859
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O18 - Filter hijack: text/html - {5081825c-3f40-4f09-ab60-9ede14a717f2} - C:\WINDOWS\system32\mst122.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\zusenoyi.dll c:\windows\system32\vivuyayo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vivuyayo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vivuyayo.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10261 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Denis at 12 00 PM.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2003-08-05 106548]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78378e32-5293-4ecd-9c96-b63489169466}]
C:\WINDOWS\system32\dorebobo.dll [2008-09-10 62097]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [2008-05-10 654320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}]
Browser Helper Object - C:\Program Files\Common\_helper.dll [2008-12-10 286732]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2003-08-05 114741]
"0Fmj3qj"=lmh_b5_bundle_14.exe []
"cctray"=C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2007-08-16 177416]
"CAVRID"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2007-08-20 230664]
"cafwc"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe [2008-08-23 1193200]
"capfasem"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe [2008-08-23 173296]
""= []
"capfupgrade"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe [2008-08-23 259312]
"QOELOADER"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe [2008-08-23 14088]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-03-16 98304]
"wagabozuzo"=C:\WINDOWS\system32\wisezeki.dll [2008-09-10 62097]
"a8dbac75"=C:\WINDOWS\system32\yizesoko.dll [2008-12-13 84098]
"CPMabe89fe9"=c:\windows\system32\vivuyayo.dll [2008-12-13 91198]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"= []
"Ho5tRkHnl"=lfbxprxy.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
C:\WINDOWS\System32\DSentry.exe [2003-08-13 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe [2004-06-25 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MEDIC]
C:\Program Files\MEDIC\bin\sprtcmd.exe [2006-07-06 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe [2003-10-06 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [2003-10-06 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\mnyexpr.exe [2003-06-18 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcoi]
C:\Program Files\nvcoi\nvcoi.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\System32\NvCpl.dll [2003-11-03 4800512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\Media Experience\PCMService.exe [2003-08-26 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2005-03-16 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-04-26 151597]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\zusenoyi.dll c:\windows\system32\vivuyayo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\WINDOWS\system32\UmxWnp.Dll [2007-05-18 79368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vivuyayo.dll [2008-12-13 91198]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vivuyayo.dll [2008-12-13 91198]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\zusenoyi.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, msnsspc.dll, digest.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\Program Files\SmartFTP\SmartFTP.exe"="C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP Client"
"C:\WINDOWS\SYSTEM32\spoolsv.exe"="C:\WINDOWS\SYSTEM32\spoolsv.exe:*:Enabled:Spooler SubSystem App"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\neos.exe"="C:\WINDOWS\neos.exe:*:Enabled:enable"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\SYSTEM32\logonui.exe"="C:\WINDOWS\SYSTEM32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\SYSTEM32\winlogon.exe"="C:\WINDOWS\SYSTEM32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.reg - open - regedit.exe "%1" %*

======List of files/folders created in the last 1 months======

2008-12-13 12:50:09 ----D---- C:\Program Files\trend micro
2008-12-13 12:50:07 ----D---- C:\rsit
2008-12-13 07:04:05 ----SH---- C:\WINDOWS\system32\okoseziy.ini
2008-12-12 19:04:00 ----SH---- C:\WINDOWS\system32\eripijid.ini
2008-12-12 07:10:00 ----SH---- C:\WINDOWS\system32\ahebujiz.ini
2008-12-11 19:10:00 ----SH---- C:\WINDOWS\system32\ojinehir.ini
2008-12-11 07:09:09 ----SH---- C:\WINDOWS\system32\eyuvosit.ini
2008-12-10 19:09:00 ----SH---- C:\WINDOWS\system32\akamabiy.ini
2008-12-10 06:06:54 ----SH---- C:\WINDOWS\system32\ufovunuy.ini
2008-12-09 18:02:00 ----SH---- C:\WINDOWS\system32\usivabiy.ini
2008-12-09 06:02:03 ----SH---- C:\WINDOWS\system32\edisuzil.ini
2008-12-08 18:01:22 ----SH---- C:\WINDOWS\system32\imotajet.ini
2008-12-01 03:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-12-01 03:02:09 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-01 03:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-12-01 03:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-11-29 04:36:47 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-11-29 04:36:46 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-11-29 04:36:02 ----D---- C:\Program Files\Windows Media Connect 2
2008-11-29 04:35:49 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-11-29 04:33:56 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-11-29 04:32:48 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-29 04:32:42 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-11-23 20:20:56 ----D---- C:\WINDOWS\Prefetch
2008-11-23 19:32:15 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-23 19:31:47 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-23 08:26:20 ----A---- C:\WINDOWS\005986_.tmp
2008-11-22 16:58:17 ----D---- C:\Program Files\Lavasoft
2008-11-22 16:58:16 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-22 16:57:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-22 12:52:17 ----D---- C:\WINDOWS\pss
2008-11-22 09:26:07 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2008-11-22 09:24:29 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2008-11-22 09:22:20 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2008-11-22 09:20:26 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-11-22 09:19:03 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2008-11-22 09:17:58 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2008-11-22 09:16:50 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2008-11-22 09:15:15 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2008-11-22 09:13:22 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-11-22 09:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-11-22 09:10:06 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-11-22 09:08:22 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2008-11-22 09:06:23 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2008-11-22 09:04:40 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2008-11-22 09:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2008-11-22 09:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-11-22 08:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-11-22 08:57:51 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-11-22 08:56:10 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2008-11-22 08:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-11-22 08:51:57 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2008-11-22 08:50:34 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-11-22 08:49:05 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-11-22 08:47:36 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-11-22 08:46:29 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-11-22 08:45:22 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-11-22 08:43:48 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-11-22 08:41:25 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2008-11-22 08:40:19 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-11-22 08:39:08 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-11-22 08:37:34 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-11-22 08:35:45 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-11-22 08:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-11-22 08:31:56 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-11-22 08:30:18 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2008-11-22 08:28:31 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-11-22 08:26:52 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-11-22 08:25:06 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-11-22 08:22:58 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-11-22 08:20:24 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-11-22 07:54:51 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-22 01:16:21 ----HDC---- C:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$
2008-11-22 01:15:27 ----HDC---- C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$
2008-11-22 00:56:56 ----HDC---- C:\WINDOWS\$NtUninstallKB833407$
2008-11-22 00:51:10 ----HDC---- C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$
2008-11-22 00:45:03 ----HDC---- C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$
2008-11-22 00:36:27 ----HDC---- C:\WINDOWS\$NtUninstallKB835409$
2008-11-22 00:32:10 ----HDC---- C:\WINDOWS\$NtUninstallKB905495$
2008-11-22 00:13:11 ----HDC---- C:\WINDOWS\$NtUninstallKB835732$
2008-11-22 00:13:03 ----A---- C:\WINDOWS\system32\mf3216.dll
2008-11-22 00:13:01 ----A---- C:\WINDOWS\system32\h323msp.dll
2008-11-22 00:13:00 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2008-11-21 23:55:35 ----A---- C:\WINDOWS\system32\vbajet32.dll
2008-11-21 23:55:35 ----A---- C:\WINDOWS\system32\msxbde40.dll
2008-11-21 23:55:35 ----A---- C:\WINDOWS\system32\mstext40.dll
2008-11-21 23:55:35 ----A---- C:\WINDOWS\system32\msrepl40.dll
2008-11-21 23:55:35 ----A---- C:\WINDOWS\system32\mspbde40.dll
2008-11-21 23:55:35 ----A---- C:\WINDOWS\system32\msjtes40.dll
2008-11-21 23:55:35 ----A---- C:\WINDOWS\system32\msjetoledb40.dll
2008-11-21 23:55:35 ----A---- C:\WINDOWS\system32\msjet40.dll
2008-11-21 23:55:34 ----A---- C:\WINDOWS\system32\msexcl40.dll
2008-11-21 23:55:34 ----A---- C:\WINDOWS\system32\msexch40.dll
2008-11-21 23:55:33 ----A---- C:\WINDOWS\system32\mswdat10.dll
2008-11-21 23:55:33 ----A---- C:\WINDOWS\system32\msjter40.dll
2008-11-21 23:55:33 ----A---- C:\WINDOWS\system32\msjint40.dll
2008-11-21 23:55:33 ----A---- C:\WINDOWS\system32\expsrv.dll
2008-11-21 23:55:32 ----A---- C:\WINDOWS\system32\mswstr10.dll
2008-11-21 23:55:32 ----A---- C:\WINDOWS\system32\msrd3x40.dll
2008-11-21 23:55:32 ----A---- C:\WINDOWS\system32\msrd2x40.dll
2008-11-21 23:55:31 ----A---- C:\WINDOWS\system32\msltus40.dll
2008-11-21 23:53:44 ----HDC---- C:\WINDOWS\$NtUninstallKB828035$
2008-11-21 23:53:06 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-11-21 23:51:56 ----HDC---- C:\WINDOWS\$NtUninstallKB823182$
2008-11-21 23:27:04 ----A---- C:\WINDOWS\system32\esent.dll
2008-11-21 23:23:36 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-11-21 23:23:36 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-11-21 23:23:36 ----A---- C:\WINDOWS\system32\mstask.dll
2008-11-21 23:09:10 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-11-21 23:09:09 ----A---- C:\WINDOWS\system32\winhttp.dll
2008-11-21 19:59:17 ----RA---- C:\WINDOWS\system32\hhactivex.dll
2008-11-21 19:59:17 ----A---- C:\WINDOWS\system32\RcdScan.dll
2008-11-21 19:59:14 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2008-11-21 19:31:59 ----A---- C:\WINDOWS\system32\wpa.bak
2008-11-21 18:56:15 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-11-21 18:49:43 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-11-21 18:49:43 ----A---- C:\WINDOWS\system32\irclass.dll
2008-11-21 18:49:25 ----RA---- C:\WINDOWS\SET7F.tmp
2008-11-21 18:49:24 ----RA---- C:\WINDOWS\SET6D.tmp
2008-11-21 18:49:21 ----RA---- C:\WINDOWS\SET61.tmp
2008-11-21 18:40:05 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-11-21 18:40:03 ----D---- C:\WINDOWS\setup.pss
2008-11-21 11:32:41 ----A---- C:\AUTOEXEC.BAT
2008-11-21 11:30:33 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-11-21 11:30:33 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-11-21 11:30:33 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-11-21 11:30:33 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-11-21 11:30:31 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-11-21 11:30:31 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-11-21 11:30:30 ----A---- C:\WINDOWS\system32\inetres.dll
2008-11-21 11:30:29 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-11-21 11:30:29 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-11-21 11:30:28 ----A---- C:\WINDOWS\system32\isign32.dll
2008-11-21 11:30:28 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-11-21 11:30:21 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-11-21 11:30:15 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-11-21 11:30:15 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-11-21 11:30:15 ----A---- C:\WINDOWS\system32\srclient.dll
2008-11-21 11:30:13 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-11-21 11:30:13 ----A---- C:\WINDOWS\system32\msconf.dll
2008-11-21 11:30:13 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-11-21 11:30:13 ----A---- C:\WINDOWS\system32\ils.dll
2008-11-21 11:30:09 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-11-21 11:30:09 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-11-21 11:30:08 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-11-21 11:28:29 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-11-21 11:28:29 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-11-21 11:28:28 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-11-21 11:28:28 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-11-21 11:28:28 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-11-21 11:28:27 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-11-21 11:28:27 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-11-21 11:28:27 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-11-21 11:28:27 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-11-21 11:28:26 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-11-21 11:28:26 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-11-21 11:28:26 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-11-21 11:28:26 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-11-21 11:28:26 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-11-21 11:28:25 ----A---- C:\WINDOWS\system32\stclient.dll
2008-11-21 11:28:25 ----A---- C:\WINDOWS\system32\comuid.dll
2008-11-21 11:28:25 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-11-21 11:28:25 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-11-21 11:28:25 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-11-21 11:28:25 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-11-21 11:28:19 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-11-21 11:28:19 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-11-21 11:28:19 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-11-21 11:28:18 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-11-21 11:28:18 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-11-21 11:28:18 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-11-21 11:28:17 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-11-21 11:28:17 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-11-21 11:28:17 ----A---- C:\WINDOWS\system32\spider.exe
2008-11-21 11:28:16 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-11-21 11:28:16 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-11-21 11:28:15 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-11-21 11:28:15 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-11-21 11:28:15 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-11-21 11:28:15 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-11-21 11:28:15 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-11-21 11:28:15 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-11-21 11:28:14 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-11-21 11:28:14 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-11-21 11:28:14 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-11-21 11:28:14 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-11-21 11:28:14 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-11-21 11:28:14 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-11-21 11:28:14 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-11-21 11:28:13 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-11-21 11:28:05 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-11-21 11:14:37 ----A---- C:\WINDOWS\system32\storprop.dll
2008-11-21 11:14:20 ----RA---- C:\WINDOWS\SETA6.tmp
2008-11-21 11:14:19 ----RA---- C:\WINDOWS\SET94.tmp
2008-11-21 11:14:16 ----RA---- C:\WINDOWS\SET88.tmp
2008-11-21 03:06:29 ----D---- C:\WINDOWS\java

======List of files/folders modified in the last 1 months======

2008-12-13 12:50:09 ----RD---- C:\Program Files
2008-12-13 12:48:00 ----D---- C:\WINDOWS\SYSTEM32
2008-12-13 11:38:20 ----D---- C:\WINDOWS
2008-12-13 11:33:06 ----D---- C:\WINDOWS\Temp
2008-12-13 11:32:26 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-13 11:26:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-13 07:04:03 ----ASH---- C:\WINDOWS\system32\vivuyayo.dll
2008-12-13 07:04:01 ----ASH---- C:\WINDOWS\system32\yizesoko.dll
2008-12-12 19:03:47 ----ASH---- C:\WINDOWS\system32\zusidebi.dll
2008-12-12 19:03:45 ----N---- C:\WINDOWS\system32\dijipire.dll
2008-12-12 18:54:32 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-12 07:09:29 ----A---- C:\WINDOWS\system32\gefunizi.dll
2008-12-11 19:09:12 ----N---- C:\WINDOWS\system32\rihenijo.dll
2008-12-11 19:09:12 ----A---- C:\WINDOWS\system32\yatomona.dll
2008-12-11 07:09:04 ----A---- C:\WINDOWS\system32\wunuzima.dll
2008-12-11 07:09:03 ----N---- C:\WINDOWS\system32\tisovuye.dll
2008-12-10 19:08:53 ----N---- C:\WINDOWS\system32\yibamaka.dll
2008-12-10 19:08:53 ----A---- C:\WINDOWS\system32\yerofapu.dll
2008-12-10 18:03:07 ----ASH---- C:\WINDOWS\system32\gulaheli.dll
2008-12-10 15:49:46 ----D---- C:\Program Files\Common
2008-12-10 06:06:50 ----N---- C:\WINDOWS\system32\yunuvofu.dll
2008-12-10 06:06:21 ----ASH---- C:\WINDOWS\system32\yufiweru.dll
2008-12-09 18:01:53 ----ASH---- C:\WINDOWS\system32\zupizuma.dll
2008-12-09 18:01:52 ----N---- C:\WINDOWS\system32\yibavisu.dll
2008-12-09 06:01:41 ----N---- C:\WINDOWS\system32\lizuside.dll
2008-12-09 06:01:40 ----ASH---- C:\WINDOWS\system32\jiponite.dll
2008-12-08 18:01:21 ----ASH---- C:\WINDOWS\system32\vitayafi.dll
2008-12-08 18:01:18 ----ASH---- C:\WINDOWS\system32\tejatomi.dll
2008-12-08 03:00:28 ----SHD---- C:\WINDOWS\Installer
2008-12-08 03:00:27 ----HD---- C:\Config.Msi
2008-12-01 03:03:39 ----RSHDC---- C:\WINDOWS\system32\DLLCACHE
2008-12-01 03:03:39 ----HD---- C:\WINDOWS\INF
2008-12-01 03:03:39 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-01 03:02:12 ----A---- C:\WINDOWS\imsins.BAK
2008-11-29 04:36:29 ----A---- C:\WINDOWS\WIN.INI
2008-11-29 04:36:01 ----D---- C:\Program Files\Windows Media Player
2008-11-29 04:35:56 ----D---- C:\WINDOWS\Help
2008-11-29 04:34:11 ----D---- C:\WINDOWS\system32\DRIVERS
2008-11-23 22:42:12 ----D---- C:\Program Files\Internet Explorer
2008-11-23 22:36:55 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-23 20:25:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-23 20:21:01 ----A---- C:\WINDOWS\SETUPLOG.TXT
2008-11-23 20:20:16 ----D---- C:\WINDOWS\IME
2008-11-23 20:20:15 ----D---- C:\WINDOWS\system32\WBEM
2008-11-23 20:20:15 ----D---- C:\WINDOWS\system32\Setup
2008-11-23 20:20:15 ----D---- C:\WINDOWS\AppPatch
2008-11-23 20:20:14 ----RSD---- C:\WINDOWS\Fonts
2008-11-23 19:37:15 ----D---- C:\WINDOWS\SECURITY
2008-11-23 19:32:18 ----D---- C:\Program Files\Messenger
2008-11-23 19:28:06 ----D---- C:\WINDOWS\peernet
2008-11-23 19:28:06 ----D---- C:\Program Files\Movie Maker
2008-11-23 19:24:21 ----D---- C:\WINDOWS\system32\Restore
2008-11-23 19:24:21 ----D---- C:\WINDOWS\system32\NPP
2008-11-23 19:24:20 ----D---- C:\WINDOWS\MSAGENT
2008-11-23 19:24:18 ----D---- C:\WINDOWS\SRCHASST
2008-11-23 19:24:17 ----D---- C:\Program Files\NetMeeting
2008-11-23 19:24:16 ----D---- C:\WINDOWS\system32\Com
2008-11-23 19:24:13 ----D---- C:\Program Files\Windows NT
2008-11-23 19:24:12 ----D---- C:\Program Files\Outlook Express
2008-11-23 19:24:05 ----D---- C:\Program Files\Common Files\System
2008-11-23 19:23:40 ----D---- C:\WINDOWS\system32\OOBE
2008-11-23 19:23:39 ----D---- C:\WINDOWS\system32\USMT
2008-11-23 19:23:38 ----D---- C:\WINDOWS\SYSTEM
2008-11-23 19:20:19 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-23 19:16:06 ----D---- C:\WINDOWS\EHome
2008-11-23 19:05:06 ----RASH---- C:\boot.ini
2008-11-23 19:05:06 ----A---- C:\WINDOWS\SYSTEM.INI
2008-11-23 08:23:33 ----D---- C:\WINDOWS\system32\en-US
2008-11-23 08:21:00 ----HDC---- C:\WINDOWS\ie7
2008-11-23 08:16:52 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-11-22 16:57:12 ----D---- C:\Program Files\Common Files
2008-11-22 08:04:48 ----RD---- C:\WINDOWS\Web
2008-11-22 08:04:08 ----RASH---- C:\NTDETECT.COM
2008-11-22 07:29:12 ----D---- C:\WINDOWS\Debug
2008-11-22 07:27:32 ----D---- C:\WINDOWS\SxsCaPendDel
2008-11-22 07:26:13 ----D---- C:\WINDOWS\WinSxS
2008-11-22 07:23:47 ----D---- C:\Program Files\Common Files\BitDefender
2008-11-22 01:27:03 ----HDC---- C:\WINDOWS\$NtUninstallKB890046_0$
2008-11-22 01:25:07 ----HDC---- C:\WINDOWS\$NtUninstallKB922819_0$
2008-11-22 01:23:25 ----HDC---- C:\WINDOWS\$NtUninstallKB924191_0$
2008-11-22 01:21:32 ----HDC---- C:\WINDOWS\$NtUninstallKB923191_0$
2008-11-22 01:19:52 ----HDC---- C:\WINDOWS\$NtUninstallKB924496_0$
2008-11-22 01:18:17 ----HDC---- C:\WINDOWS\$NtUninstallKB923414_0$
2008-11-22 01:14:42 ----HDC---- C:\WINDOWS\$NtUninstallKB920685_0$
2008-11-22 01:13:05 ----HDC---- C:\WINDOWS\$NtUninstallKB919007_0$
2008-11-22 01:11:26 ----HDC---- C:\WINDOWS\$NtUninstallKB922616_0$
2008-11-22 01:08:45 ----HDC---- C:\WINDOWS\$NtUninstallKB921398_0$
2008-11-22 01:06:34 ----HDC---- C:\WINDOWS\$NtUninstallKB920683_0$
2008-11-22 01:04:58 ----HDC---- C:\WINDOWS\$NtUninstallKB920670_0$
2008-11-22 01:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB917422_0$
2008-11-22 01:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB921883_0$
2008-11-22 00:59:47 ----HDC---- C:\WINDOWS\$NtUninstallKB914388_0$
2008-11-22 00:58:18 ----HDC---- C:\WINDOWS\$NtUninstallKB911280_0$
2008-11-22 00:56:23 ----HDC---- C:\WINDOWS\$NtUninstallKB917953_0$
2008-11-22 00:55:03 ----HDC---- C:\WINDOWS\$NtUninstallKB913580_0$
2008-11-22 00:52:29 ----HDC---- C:\WINDOWS\$NtUninstallKB917344_0$
2008-11-22 00:50:41 ----HDC---- C:\WINDOWS\$NtUninstallKB914389_0$
2008-11-22 00:48:02 ----HDC---- C:\WINDOWS\$NtUninstallKB908531_0$
2008-11-22 00:46:38 ----HDC---- C:\WINDOWS\$NtUninstallKB911562_0$
2008-11-22 00:44:24 ----HDC---- C:\WINDOWS\$NtUninstallKB840987$
2008-11-22 00:41:49 ----HDC---- C:\WINDOWS\$NtUninstallKB911927_0$
2008-11-22 00:40:34 ----HDC---- C:\WINDOWS\$NtUninstallKB912919_0$
2008-11-22 00:39:20 ----HDC---- C:\WINDOWS\$NtUninstallKB908519_0$
2008-11-22 00:37:51 ----HDC---- C:\WINDOWS\$NtUninstallKB910437_0$
2008-11-22 00:35:07 ----HDC---- C:\WINDOWS\$NtUninstallKB896424_0$
2008-11-22 00:33:32 ----HDC---- C:\WINDOWS\$NtUninstallKB900725_0$
2008-11-22 00:31:03 ----HDC---- C:\WINDOWS\$NtUninstallKB905749_0$
2008-11-22 00:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2008-11-22 00:28:46 ----HDC---- C:\WINDOWS\$NtUninstallKB905414_0$
2008-11-22 00:27:34 ----HDC---- C:\WINDOWS\$NtUninstallKB901017_0$
2008-11-22 00:26:05 ----HDC---- C:\WINDOWS\$NtUninstallKB902400_0$
2008-11-22 00:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB896423_0$
2008-11-22 00:23:15 ----HDC---- C:\WINDOWS\$NtUninstallKB899587_0$
2008-11-22 00:22:10 ----HDC---- C:\WINDOWS\$NtUninstallKB899591_0$
2008-11-22 00:21:06 ----HDC---- C:\WINDOWS\$NtUninstallKB893756_0$
2008-11-22 00:19:48 ----HDC---- C:\WINDOWS\$NtUninstallKB896358_0$
2008-11-22 00:18:28 ----HDC---- C:\WINDOWS\$NtUninstallKB890859_0$
2008-11-22 00:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB901214_0$
2008-11-22 00:16:04 ----HDC---- C:\WINDOWS\$NtUninstallKB896428_0$
2008-11-22 00:14:41 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-11-22 00:11:33 ----HDC---- C:\WINDOWS\$NtUninstallKB840374$
2008-11-22 00:10:44 ----HDC---- C:\WINDOWS\$NtUninstallKB841356$
2008-11-22 00:08:28 ----HDC---- C:\WINDOWS\$NtUninstallKB839645$
2008-11-22 00:07:48 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-11-22 00:06:50 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-11-22 00:06:07 ----HDC---- C:\WINDOWS\$NtUninstallKB833987$
2008-11-22 00:05:40 ----HDC---- C:\WINDOWS\$NtUninstallKB885626$
2008-11-22 00:04:37 ----HDC---- C:\WINDOWS\$NtUninstallKB841873$
2008-11-22 00:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB839643-DirectX9$
2008-11-22 00:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-11-22 00:00:11 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-11-21 23:58:54 ----HDC---- C:\WINDOWS\$NtUninstallKB873376$
2008-11-21 23:57:34 ----HDC---- C:\WINDOWS\$NtUninstallKB841533$
2008-11-21 23:55:51 ----HDC---- C:\WINDOWS\$NtUninstallKB837001$
2008-11-21 23:55:00 ----HDC---- C:\WINDOWS\$NtUninstallQ828026$
2008-11-21 23:52:54 ----HDC---- C:\WINDOWS\$NtUninstallKB824105$
2008-11-21 23:11:11 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-11-21 23:10:10 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2008-11-21 23:07:39 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-21 23:01:08 ----HD---- C:\Program Files\WindowsUpdate
2008-11-21 20:08:30 ----A---- C:\WINDOWS\ModemLog_Conexant SmartHSFi V.9x 56K DF PCI Modem.txt
2008-11-21 19:59:13 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-21 19:19:41 ----D---- C:\Documents and Settings
2008-11-21 19:19:27 ----D---- C:\WINDOWS\Registration
2008-11-21 19:16:50 ----SHD---- C:\System Volume Information
2008-11-21 19:14:48 ----D---- C:\WINDOWS\system32\CONFIG
2008-11-21 18:57:25 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-21 18:57:18 ----A---- C:\WINDOWS\ODBCINST.INI
2008-11-21 18:56:55 ----D---- C:\WINDOWS\system32\IAS
2008-11-21 18:56:07 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-11-21 18:50:14 ----D---- C:\DRIVERS
2008-11-21 18:49:54 ----A---- C:\WINDOWS\system32\OEMINFO.INI
2008-11-21 18:49:32 ----ASH---- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
2008-11-21 16:41:01 ----D---- C:\Program Files\Yahoo!
2008-11-21 16:28:49 ----D---- C:\WINDOWS\ADDINS
2008-11-21 15:38:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-21 11:54:34 ----SD---- C:\WINDOWS\Tasks
2008-11-21 11:31:07 ----SD---- C:\WINDOWS\occache
2008-11-21 10:44:05 ----D---- C:\WINDOWS\Media
2008-11-21 10:44:00 ----D---- C:\WINDOWS\TWAIN_32
2008-11-21 10:43:42 ----D---- C:\WINDOWS\system32\ICSXML
2008-11-21 10:43:07 ----D---- C:\WINDOWS\system32\1033
2008-11-21 10:42:03 ----D---- C:\WINDOWS\Driver Cache
2008-11-16 16:31:06 ----D---- C:\WINDOWS\CAVTemp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 KmxAgent;KmxAgent; C:\WINDOWS\System32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile; C:\WINDOWS\System32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw; C:\WINDOWS\System32\DRIVERS\kmxfw.sys [2008-06-24 115216]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2003-07-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2003-07-14 23219]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2008-08-23 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2007-08-20 21512]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2007-08-20 26376]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2007-08-20 32264]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2007-08-20 21128]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2003-06-19 40448]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 KmxCF;KmxCF; C:\WINDOWS\System32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx; C:\WINDOWS\System32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2003-08-05 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2003-08-05 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2003-08-05 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2003-08-05 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2003-08-05 83284]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2003-08-05 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2003-08-05 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2003-08-05 98068]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2003-08-05 100373]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2004-03-22 51088]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2004-03-22 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2004-03-22 21744]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-07-02 1063936]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-07-02 202368]
R3 KmxCfg;KmxCfg; C:\WINDOWS\System32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-07-16 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2006-10-21 28256]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-11-03 1330940]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-18 578176]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2008-08-23 108368]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-07-02 631680]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S2 TIIXRAKU;TIIXRAKU; \??\C:\WINDOWS\system32\tiixraku.byc []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys []
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2003-07-16 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [2003-08-06 1376360]
R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2007-08-20 144960]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-10 137200]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007-01-04 280080]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-11-03 73728]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 202544]
R2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxFwHlp;HIPS Firewall Helper; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [2007-10-18 145936]
R2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2007-08-20 242952]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-01-10 65536]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2007-08-16 214280]
R3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-16 189704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\hpbpro.exe [2004-03-01 77824]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\hpboid.exe [2004-03-01 73728]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\System32\tcpsvcs.exe [2003-07-16 19456]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2004-03-18 65536]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-12-13 12:50:59

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\PhotoDeluxe BE 1.0\DeIsL1.isu"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{410438A3-B591-4028-B70A-3CC0B33FBCD1}\Setup.exe" -l0x9 -L0x9anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Adobe Type Manager 4.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20030807.3)-->C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
CA Internet Security Suite-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
Canon Digital Camera USB WIA Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\DC USB WIA\Uninst.isu" -c"C:\Program Files\Canon\DC USB WIA\SetupWia.dll"
Canon PhotoRecord-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities PhotoStitch 3.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoStitch\Uninst.isu"
Canon Utilities RAW Image Converter-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\RAW Image Converter\Uninst.isu"
Canon Utilities RemoteCapture 2.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\RemoteCapture\Uninst.isu"
Canon Utilities ZoomBrowser EX-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\uninstallutilities.dll"
Conexant SmartHSFi V.9x 56K DF PCI Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2702\HXFSETUP.EXE -U -IDel8d8xk.INF
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Support-->MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DVDSentry-->MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
EPSON TWAIN 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\Setup.exe" UNINSTALL
Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
HP Deskjet 6800-->C:\Program Files\Hewlett-Packard\Deskjet 6800 Installs\Installer\setup.exe /x
HP Deskjet 6800-->MsiExec.exe /X{92E0213D-2D81-4AC0-B9E5-BCB3AB8C2F9E}
HP Photo & Imaging 4.1-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet-->MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MUSICMATCH® Jukebox-->C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
Olympus DSS Player 3.5 (US)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE4C340C-1633-47A9-A9E5-77779C35BF2C}\Setup.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealOne Player-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
Road Runner Medic 6.0.0.6-->MsiExec.exe /I{3964B238-02DC-425E-B025-3B007C8ECCF7}
Road Runner Safe Storage-->MsiExec.exe /I{8C92F717-6AF8-445C-A5EE-0570C864365E}
RoadRunner-->MsiExec.exe /I{A73EFA95-4872-4AE3-8EE9-10D2E2D713CF}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
SmartFTP Client 2.0 Setup Files (remove only)-->"C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
SmartFTP Client 2.0-->MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\setup.exe" -l0x9 -L0x9 /SMAINT
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Virtools 3D Life Player-->C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Web Directory Toolbar-->regsvr32 /u /s C:\WINDOWS\system32\sdmtb.dll
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: CA Anti-Virus
FW: CA Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Common Files\Sonic Shared;C:\Program Files\ImageConverter Plus;C:\Program Files\ImageConverter Plus
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0303
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Thank you

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:42 AM

Posted 13 December 2008 - 07:41 PM

Hello ihavethistheory,

Posted Image

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 ihavethistheory

ihavethistheory
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 13 December 2008 - 11:18 PM

Hi Tea,
Thank you for the quick answer.
Here is the combofix log:

ComboFix 08-12-13.03 - Denis 2008-12-13 19:47:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.529 [GMT -8:00]
Running from: c:\documents and settings\Denis\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Denis\Application Data\install.dat
c:\documents and settings\Denis\err.log
c:\documents and settings\Denis\ResErrors.log
c:\program files\Common\helper.dll
c:\program files\Common\helper.sig
c:\temp\fCOe
c:\temp\fse
c:\temp\fse\tmpZTF.log
c:\temp\isgTi19
c:\temp\isgTi19\lPig.log
c:\temp\sanR24
c:\temp\sanR24\lDii.log
c:\windows\Install.txt
c:\windows\system\oeminfo.ini
c:\windows\system32\ahebujiz.ini
c:\windows\system32\akamabiy.ini
c:\windows\system32\Cache
c:\windows\system32\Cache\mstub-pal_nmw_a353_r15950.exe
c:\windows\system32\Cache\roxydownloader.exe
c:\windows\system32\Cache\SmartDownload.exe
c:\windows\system32\comrepl.exe
c:\windows\system32\dijipire.dll
c:\windows\system32\diwejoge.dll
c:\windows\system32\dorebobo.dll
c:\windows\system32\edisuzil.ini
c:\windows\system32\eripijid.ini
c:\windows\system32\eyuvosit.ini
c:\windows\system32\ezodumuk.ini
c:\windows\system32\gefunizi.dll
c:\windows\system32\gulaheli.dll
c:\windows\system32\imotajet.ini
c:\windows\system32\Install.txt
c:\windows\system32\jiponite.dll
c:\windows\system32\kumudoze.dll
c:\windows\system32\lizuside.dll
c:\windows\system32\mirindaspd.exe
c:\windows\system32\ojinehir.ini
c:\windows\system32\okoseziy.ini
c:\windows\SYSTEM32\opqss.bak2
c:\windows\system32\punawuwu.dll
c:\windows\system32\rihenijo.dll
c:\windows\system32\tejatomi.dll
c:\windows\system32\tisovuye.dll
c:\windows\system32\ufovunuy.ini
c:\windows\system32\usivabiy.ini
c:\windows\system32\vitayafi.dll
c:\windows\system32\vivuyayo.dll
c:\windows\system32\wisezeki.dll
c:\windows\system32\wunuzima.dll
c:\windows\system32\yatomona.dll
c:\windows\system32\yerofapu.dll
c:\windows\system32\yibamaka.dll
c:\windows\system32\yibavisu.dll
c:\windows\system32\yizesoko.dll
c:\windows\system32\yufiweru.dll
c:\windows\system32\yunuvofu.dll
c:\windows\system32\zupizuma.dll
c:\windows\system32\zusenoyi.dll
c:\windows\system32\zusidebi.dll
C:\xcrashdump.dat

----- BITS: Possible infected sites -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Legacy_MACIDWE
-------\Legacy_NOBICYT
-------\Legacy_PERFS
-------\Legacy_ROUTING
-------\Legacy_SOBICYT
-------\Legacy_TDXDOWKC
-------\Legacy_WSERVING


((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 )))))))))))))))))))))))))))))))
.

2008-12-13 12:50 . 2008-12-13 12:50 <DIR> d-------- C:\rsit
2008-12-13 12:50 . 2008-12-13 12:50 <DIR> d-------- c:\program files\trend micro
2008-12-13 12:27 . 2008-12-13 12:39 <DIR> d-------- c:\documents and settings\Denis\.SunDownloadManager
2008-11-29 04:36 . 2008-11-29 04:36 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-11-29 04:32 . 2008-11-29 04:32 <DIR> d-------- c:\windows\SYSTEM32\LogFiles
2008-11-29 04:32 . 2008-11-29 04:34 <DIR> d-------- c:\windows\SYSTEM32\DRIVERS\UMDF
2008-11-23 22:36 . 2008-10-03 09:41 6,066,176 -----c--- c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
2008-11-23 22:36 . 2007-04-17 01:28 2,455,488 -----c--- c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-11-23 22:36 . 2007-01-08 19:07 991,232 -----c--- c:\windows\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-11-23 22:36 . 2008-08-25 23:24 459,264 -----c--- c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
2008-11-23 22:36 . 2008-08-25 23:24 383,488 -----c--- c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-11-23 22:36 . 2008-08-25 23:24 267,776 -----c--- c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
2008-11-23 22:36 . 2008-08-25 23:24 63,488 -----c--- c:\windows\SYSTEM32\DLLCACHE\icardie.dll
2008-11-23 22:36 . 2008-08-25 23:24 52,224 -----c--- c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-11-23 17:21 . 2008-10-24 03:21 455,296 -----c--- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-11-23 08:26 . 2008-09-09 17:14 1,307,648 -----c--- c:\windows\SYSTEM32\DLLCACHE\msxml6.dll
2008-11-23 08:26 . 2008-04-13 09:27 79,872 -----c--- c:\windows\SYSTEM32\DLLCACHE\msxml6r.dll
2008-11-23 08:26 . 2006-12-28 11:01 19,569 --a------ c:\windows\005986_.tmp
2008-11-23 03:51 . 2008-09-08 02:41 333,824 -----c--- c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-11-23 03:51 . 2008-08-14 02:04 138,496 -----c--- c:\windows\SYSTEM32\DLLCACHE\afd.sys
2008-11-23 03:50 . 2008-08-14 02:11 2,189,184 -----c--- c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
2008-11-23 03:50 . 2008-08-14 02:09 2,145,280 -----c--- c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-11-23 03:50 . 2008-08-14 01:33 2,066,048 -----c--- c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2008-11-23 03:50 . 2008-08-14 01:33 2,023,936 -----c--- c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-11-23 03:50 . 2008-09-15 04:12 1,846,400 -----c--- c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-11-23 03:50 . 2008-05-08 06:02 203,136 -----c--- c:\windows\SYSTEM32\DLLCACHE\rmcast.sys
2008-11-23 03:49 . 2008-04-11 11:04 691,712 -----c--- c:\windows\SYSTEM32\DLLCACHE\inetcomm.dll
2008-11-23 03:49 . 2008-10-15 08:34 337,408 -----c--- c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-11-23 03:49 . 2008-05-01 06:33 331,776 -----c--- c:\windows\SYSTEM32\DLLCACHE\msadce.dll
2008-11-22 16:58 . 2008-11-22 16:58 <DIR> d-------- c:\program files\Lavasoft
2008-11-22 16:58 . 2008-11-22 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-22 16:57 . 2008-11-22 16:57 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-22 07:45 . 2007-08-13 18:06 56,700 --a------ c:\windows\SYSTEM32\ieuinit.inf
2008-11-22 07:45 . 2004-08-02 14:20 7,208 --------- c:\windows\SYSTEM32\secupd.sig
2008-11-22 07:45 . 2004-08-02 14:20 4,569 --------- c:\windows\SYSTEM32\secupd.dat
2008-11-22 00:13 . 2008-04-13 16:11 614,912 --a------ c:\windows\SYSTEM32\h323msp.dll
2008-11-22 00:13 . 2008-04-13 16:11 331,264 --a------ c:\windows\SYSTEM32\ipnathlp.dll
2008-11-22 00:13 . 2008-04-13 16:12 265,728 --a------ c:\windows\SYSTEM32\h323.tsp
2008-11-22 00:13 . 2008-04-13 16:11 40,960 --a------ c:\windows\SYSTEM32\mf3216.dll
2008-11-22 00:13 . 2004-03-29 17:48 40,960 -----c--- c:\windows\SYSTEM32\DLLCACHE\evtgprov.dll
2008-11-21 23:53 . 2008-04-13 16:11 33,792 --a------ c:\windows\SYSTEM32\msgsvc.dll
2008-11-21 23:27 . 2008-04-13 16:11 1,082,368 --a------ c:\windows\SYSTEM32\esent.dll
2008-11-21 23:23 . 2008-04-13 16:12 274,944 --a------ c:\windows\SYSTEM32\mstask.dll
2008-11-21 23:23 . 2008-04-13 16:12 192,512 --a------ c:\windows\SYSTEM32\schedsvc.dll
2008-11-21 23:23 . 2008-04-13 16:12 12,288 --a------ c:\windows\SYSTEM32\mstinit.exe
2008-11-21 23:09 . 2008-04-13 16:12 354,304 --a------ c:\windows\SYSTEM32\winhttp.dll
2008-11-21 23:09 . 2008-04-13 16:12 18,944 --a------ c:\windows\SYSTEM32\qmgrprxy.dll
2008-11-21 23:01 . 2008-10-16 14:12 213,528 --a------ c:\windows\SYSTEM32\wuaucpl.cpl
2008-11-21 19:59 . 1999-05-07 13:24 645,616 --a------ c:\windows\SYSTEM32\MSCOMCT2.OCX
2008-11-21 19:59 . 2000-03-23 12:50 446,464 -ra------ c:\windows\SYSTEM32\hhactivex.dll
2008-11-21 19:59 . 1999-05-07 13:24 414,944 --a------ c:\windows\SYSTEM32\COMCT332.OCX
2008-11-21 19:59 . 1998-11-10 10:46 328,480 --a------ c:\windows\SYSTEM32\ssa3d30.ocx
2008-11-21 19:59 . 2002-01-08 17:00 176,128 --a------ c:\windows\SYSTEM32\RcdScan.dll
2008-11-21 19:59 . 1998-09-24 12:03 171,967 --a------ c:\windows\SYSTEM32\Odbcjet.hlp
2008-11-21 19:59 . 1998-06-17 23:00 89,360 --a------ c:\windows\SYSTEM32\VB5DB.DLL
2008-11-21 19:59 . 1998-09-24 12:03 7,348 --a------ c:\windows\SYSTEM32\Odbcjet.cnt
2008-11-21 19:31 . 2008-11-21 19:31 1,374 --a------ c:\windows\SYSTEM32\wpa.bak
2008-11-21 19:19 . 2004-04-26 12:53 <DIR> d-------- c:\documents and settings\Guest\Application Data\Sonic
2008-11-21 19:19 . 2004-04-26 12:57 <DIR> d-------- c:\documents and settings\Guest\Application Data\Jasc Software Inc
2008-11-21 19:19 . 2008-11-21 19:19 <DIR> d-------- c:\documents and settings\Guest
2008-11-21 19:11 . 2003-07-16 12:23 1,875,968 --a--c--- c:\windows\SYSTEM32\DLLCACHE\msir3jp.lex
2008-11-21 19:10 . 2008-04-13 16:09 13,463,552 --a--c--- c:\windows\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-11-21 18:56 . 2008-11-21 18:56 749 -rah----- c:\windows\WindowsShell.Manifest
2008-11-21 18:56 . 2008-11-21 18:56 749 -rah----- c:\windows\SYSTEM32\wuaucpl.cpl.manifest
2008-11-21 18:56 . 2008-11-21 18:56 749 -rah----- c:\windows\SYSTEM32\sapi.cpl.manifest
2008-11-21 18:56 . 2008-11-21 18:56 749 -rah----- c:\windows\SYSTEM32\ncpa.cpl.manifest
2008-11-21 18:56 . 2008-11-21 18:56 488 -rah----- c:\windows\SYSTEM32\logonui.exe.manifest
2008-11-21 18:55 . 2003-07-16 12:30 73,728 --a--c--- c:\windows\SYSTEM32\DLLCACHE\icwtutor.exe
2008-11-21 18:55 . 2003-07-16 12:30 61,440 --a--c--- c:\windows\SYSTEM32\DLLCACHE\icwres.dll
2008-11-21 18:55 . 2003-07-16 12:48 40,960 --a--c--- c:\windows\SYSTEM32\DLLCACHE\trialoc.dll
2008-11-21 18:47 . 2008-11-21 23:10 1,168,420 --a------ c:\windows\setupapi.log.2.old
2008-11-21 18:47 . 2008-11-29 04:32 1,027,080 --a------ c:\windows\setupapi.log.3.old
2008-11-21 11:28 . 2008-04-13 16:11 2,061,824 --a------ c:\windows\SYSTEM32\mstscax.dll
2008-11-21 11:27 . 2008-04-13 10:32 196,224 --a------ c:\windows\SYSTEM32\DRIVERS\rdpdr.sys
2008-11-21 11:19 . 2008-04-13 10:45 52,864 --a------ c:\windows\SYSTEM32\DRIVERS\dmusic.sys
2008-11-21 11:19 . 2008-04-13 10:47 25,856 --a------ c:\windows\SYSTEM32\DRIVERS\usbprint.sys
2008-11-21 11:19 . 2008-04-13 10:45 6,272 --a------ c:\windows\SYSTEM32\DRIVERS\splitter.sys
2008-11-21 11:18 . 2008-04-13 10:40 57,600 --a------ c:\windows\SYSTEM32\DRIVERS\redbook.sys
2008-11-21 11:16 . 2008-04-13 16:13 40,840 --a------ c:\windows\SYSTEM32\DRIVERS\termdd.sys
2008-11-21 11:14 . 2003-07-16 12:39 1,086,182 -ra------ c:\windows\SET88.tmp
2008-11-21 11:14 . 2008-04-13 16:12 146,432 --a------ c:\windows\SYSTEM\winspool.drv
2008-11-21 11:14 . 2008-04-13 16:12 74,752 --a------ c:\windows\SYSTEM32\storprop.dll
2008-11-21 11:14 . 2003-07-16 12:30 13,608 -ra------ c:\windows\SET94.tmp
2008-11-21 11:14 . 2008-04-13 10:54 11,264 --a------ c:\windows\SYSTEM32\DRIVERS\irenum.sys
2008-11-21 11:14 . 2003-07-16 12:54 7,046 -ra------ c:\windows\SETA6.tmp
2008-11-21 03:06 . 2008-11-21 03:06 <DIR> d-------- c:\windows\java
2008-11-15 19:17 . 2008-11-15 19:17 850 --a------ c:\windows\SYSTEM32\ProductTweaks.xml
2008-11-15 19:17 . 2008-11-15 19:17 385 --a------ c:\windows\SYSTEM32\user_gensett.xml

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 04:03 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k7
2008-12-14 04:03 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k6
2008-12-14 04:03 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k5
2008-12-14 04:03 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k4
2008-12-14 04:03 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k3
2008-12-14 04:03 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k2
2008-12-14 04:03 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k1
2008-12-14 04:03 118,874 ----a-w c:\windows\system32\drivers\kmxcfg.u2k0
2008-12-14 04:01 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-14 03:49 --------- d-----w c:\program files\Common
2008-11-22 15:23 --------- d-----w c:\program files\Common Files\BitDefender
2008-11-22 03:59 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-22 02:55 1,663 ----a-w c:\windows\INF\COMD8.tmp
2008-11-22 00:41 --------- d-----w c:\program files\Yahoo!
2008-11-21 23:38 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-02 01:28 --------- d-----w c:\documents and settings\Denis\Application Data\SUPERAntiSpyware.com
2008-11-01 03:34 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-30 05:50 --------- d-----w c:\documents and settings\Denis\Application Data\MSN6
2008-10-26 05:56 --------- d-----w c:\documents and settings\NetworkService\Application Data\AdobeUM
2008-10-25 04:45 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 03:35 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-10-20 02:50 --------- d-----w c:\program files\IrfanView
2008-10-16 22:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
2007-08-19 08:19 7,028,144 ----a-w c:\documents and settings\Denis\medic6.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-05 114741]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 177416]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 230664]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-08-23 1193200]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-08-23 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-08-23 259312]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-08-23 14088]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-03-16 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2008-08-30 53248]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\SYSTEM32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 12:30 79368 c:\windows\SYSTEM32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, msnsspc.dll, digest.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 16:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2007-11-15 09:23 202544 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
--a------ 2003-08-13 07:27 28672 c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 14:18 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 22:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2004-06-25 16:32 172032 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MEDIC]
--a------ 2006-07-06 07:45 192512 c:\program files\MEDIC\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2003-10-06 07:05 53248 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2003-10-06 07:05 118784 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a------ 2003-06-18 09:00 200704 c:\program files\Microsoft Money\System\mnyexpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-11-03 10:46 4800512 c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2003-08-26 16:47 204800 c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-03-16 20:19 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-04-26 12:52 151597 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 00:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\WINDOWS\\SYSTEM32\\spoolsv.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\DRIVERS\kmxstart.sys [2008-06-24 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2008-06-24 115216]
R2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 UmxAgent;HIPS Event Manager;"c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;"c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;"c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe" [2008-06-24 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 PPCtlPriv;PPCtlPriv;"c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2007-08-16 189704]
S2 TIIXRAKU;TIIXRAKU;\??\c:\windows\system32\tiixraku.byc []

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\9a23472d-7dc7-44f5-94d7-d77408415094]
c:\windows\System32\pmlpxz.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-13 c:\windows\Tasks\At1.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-13 c:\windows\Tasks\At10.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-13 c:\windows\Tasks\At11.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-13 c:\windows\Tasks\At12.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-13 c:\windows\Tasks\At13.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-13 c:\windows\Tasks\At14.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-13 c:\windows\Tasks\At15.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-13 c:\windows\Tasks\At16.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-14 c:\windows\Tasks\At17.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-14 c:\windows\Tasks\At18.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-14 c:\windows\Tasks\At19.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-13 c:\windows\Tasks\At2.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-14 c:\windows\Tasks\At20.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-13 c:\windows\Tasks\At21.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-13 c:\windows\Tasks\At22.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-13 c:\windows\Tasks\At23.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-13 c:\windows\Tasks\At24.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-13 c:\windows\Tasks\At25.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-13 c:\windows\Tasks\At26.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-13 c:\windows\Tasks\At27.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-13 c:\windows\Tasks\At28.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-13 c:\windows\Tasks\At29.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-13 c:\windows\Tasks\At3.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-13 c:\windows\Tasks\At30.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-13 c:\windows\Tasks\At31.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-13 c:\windows\Tasks\At32.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-13 c:\windows\Tasks\At33.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-13 c:\windows\Tasks\At34.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-13 c:\windows\Tasks\At35.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-13 c:\windows\Tasks\At36.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-13 c:\windows\Tasks\At37.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-13 c:\windows\Tasks\At38.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-13 c:\windows\Tasks\At39.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-13 c:\windows\Tasks\At4.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-13 c:\windows\Tasks\At40.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-14 c:\windows\Tasks\At41.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-14 c:\windows\Tasks\At42.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-14 c:\windows\Tasks\At43.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-14 c:\windows\Tasks\At44.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-13 c:\windows\Tasks\At45.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-13 c:\windows\Tasks\At46.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-13 c:\windows\Tasks\At47.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-13 c:\windows\Tasks\At48.job
- c:\windows\system32\wf5UyVt3.exe []

2008-12-13 c:\windows\Tasks\At5.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-13 c:\windows\Tasks\At6.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-13 c:\windows\Tasks\At7.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-13 c:\windows\Tasks\At8.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-13 c:\windows\Tasks\At9.job
- c:\windows\system32\jgSvbYNr.exe []

2008-12-02 c:\windows\Tasks\CAAntiSpywareScan_Daily as Denis at 12 00 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-16 20:10]
.
- - - - ORPHANS REMOVED - - - -

BHO-{78378e32-5293-4ecd-9c96-b63489169466} - c:\windows\system32\dorebobo.dll
HKCU-Run-Sonic RecordNow! - (no file)
HKCU-Run-Ho5tRkHnl - lfbxprxy.exe
HKLM-Run-0Fmj3qj - lmh_b5_bundle_14.exe
MSConfigStartUp-nvcoi - c:\program files\nvcoi\nvcoi.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.drudgereport.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyServer = sas.we1.attbb.net:8000
uInternet Settings,ProxyOverride = *.we1.attbb.net;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 20:04:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TIIXRAKU]
"ImagePath"="\??\c:\windows\system32\tiixraku.byc"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(1096)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(3792)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SYSTEM32\nvsvc32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\windows\wanmpsvc.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\program files\CA\CA Internet Security Suite\ccupdate\ccupdate.exe
.
**************************************************************************
.
Completion time: 2008-12-13 20:10:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-14 04:10:10

Pre-Run: 96,065,462,272 bytes free
Post-Run: 96,361,037,824 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn /noguiboot

470 --- E O F --- 2008-12-08 11:00:29

And here is the HijackThis log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Denis at 2008-12-13 20:15:15
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 92 GB (80%) free of 114 GB
Total RAM: 1023 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:27 PM, on 12/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Denis\Desktop\RSIT.exe
C:\Program Files\trend micro\Denis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.we1.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.we1.attbb.net;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1110099598859
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8992 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Denis at 12 00 PM.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2003-08-05 106548]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [2008-05-10 654320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2003-08-05 114741]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2007-08-16 177416]
"CAVRID"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2007-08-20 230664]
"cafwc"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe [2008-08-23 1193200]
"capfasem"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe [2008-08-23 173296]
"capfupgrade"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe [2008-08-23 259312]
"QOELOADER"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe [2008-08-23 14088]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-03-16 98304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
C:\WINDOWS\System32\DSentry.exe [2003-08-13 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe [2004-06-25 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MEDIC]
C:\Program Files\MEDIC\bin\sprtcmd.exe [2006-07-06 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe [2003-10-06 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [2003-10-06 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\mnyexpr.exe [2003-06-18 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\System32\NvCpl.dll [2003-11-03 4800512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\Media Experience\PCMService.exe [2003-08-26 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2005-03-16 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-04-26 151597]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\WINDOWS\system32\UmxWnp.Dll [2007-05-18 79368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, msnsspc.dll, digest.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\WINDOWS\SYSTEM32\spoolsv.exe"="C:\WINDOWS\SYSTEM32\spoolsv.exe:*:Enabled:Spooler SubSystem App"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-13 20:10:45 ----D---- C:\WINDOWS\temp
2008-12-13 20:10:38 ----A---- C:\ComboFix.txt
2008-12-13 20:06:54 ----D---- C:\WINDOWS\LastGood
2008-12-13 19:45:32 ----A---- C:\Boot.bak
2008-12-13 19:45:24 ----RASHD---- C:\cmdcons
2008-12-13 19:41:21 ----A---- C:\WINDOWS\zip.exe
2008-12-13 19:41:21 ----A---- C:\WINDOWS\VFIND.exe
2008-12-13 19:41:21 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-13 19:41:21 ----A---- C:\WINDOWS\SWSC.exe
2008-12-13 19:41:21 ----A---- C:\WINDOWS\SWREG.exe
2008-12-13 19:41:21 ----A---- C:\WINDOWS\sed.exe
2008-12-13 19:41:21 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-13 19:41:21 ----A---- C:\WINDOWS\grep.exe
2008-12-13 19:41:21 ----A---- C:\WINDOWS\fdsv.exe
2008-12-13 19:39:36 ----D---- C:\WINDOWS\ERDNT
2008-12-13 19:39:36 ----D---- C:\Qoobox
2008-12-13 12:50:09 ----D---- C:\Program Files\trend micro
2008-12-13 12:50:07 ----D---- C:\rsit
2008-12-01 03:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-12-01 03:02:09 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-01 03:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-12-01 03:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-11-29 04:36:47 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-11-29 04:36:46 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-11-29 04:36:02 ----D---- C:\Program Files\Windows Media Connect 2
2008-11-29 04:35:49 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-11-29 04:33:56 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-11-29 04:32:48 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-29 04:32:42 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-11-23 20:20:56 ----D---- C:\WINDOWS\Prefetch
2008-11-23 19:32:15 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-23 19:31:47 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-23 08:26:20 ----A---- C:\WINDOWS\005986_.tmp
2008-11-22 16:58:17 ----D---- C:\Program Files\Lavasoft
2008-11-22 16:58:16 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-22 16:57:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-22 12:52:17 ----D---- C:\WINDOWS\pss
2008-11-22 09:26:07 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2008-11-22 09:24:29 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2008-11-22 09:22:20 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2008-11-22 09:20:26 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-11-22 09:19:03 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2008-11-22 09:17:58 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2008-11-22 09:16:50 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2008-11-22 09:15:15 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2008-11-22 09:13:22 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-11-22 09:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-11-22 09:10:06 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-11-22 09:08:22 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2008-11-22 09:06:23 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2008-11-22 09:04:40 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2008-11-22 09:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2008-11-22 09:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-11-22 08:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-11-22 08:57:51 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-11-22 08:56:10 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2008-11-22 08:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-11-22 08:51:57 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2008-11-22 08:50:34 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-11-22 08:49:05 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-11-22 08:47:36 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-11-22 08:46:29 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-11-22 08:45:22 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-11-22 08:43:48 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-11-22 08:41:25 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2008-11-22 08:40:19 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-11-22 08:39:08 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-11-22 08:37:34 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-11-22 08:35:45 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-11-22 08:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-11-22 08:31:56 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-11-22 08:30:18 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2008-11-22 08:28:31 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-11-22 08:26:52 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-11-22 08:25:06 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-11-22 08:22:58 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-11-22 08:20:24 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-11-22 07:54:51 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-22 01:16:21 ----HDC---- C:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$
2008-11-22 01:15:27 ----HDC---- C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$
2008-11-22 00:56:56 ----HDC---- C:\WINDOWS\$NtUninstallKB833407$
2008-11-22 00:51:10 ----HDC---- C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$
2008-11-22 00:45:03 ----HDC---- C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$
2008-11-22 00:36:27 ----HDC---- C:\WINDOWS\$NtUninstallKB835409$
2008-11-22 00:32:10 ----HDC---- C:\WINDOWS\$NtUninstallKB905495$
2008-11-22 00:13:11 ----HDC---- C:\WINDOWS\$NtUninstallKB835732$
2008-11-22 00:13:03 ----A---- C:\WINDOWS\system32\mf3216.dll
2008-11-22 00:13:01 ----A---- C:\WINDOWS\system32\h323msp.dll
2008-11-22 00:13:00 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2008-11-21 23:55:35 ----A---- C:\WINDOWS\system32\vbajet32.dll
2008-11-21 23:55:35 ----A---- C:\WINDOWS\system32\msxbde40.dll
2008-11-21 23:55:35 ----A---- C:\WINDOWS\system32\mstext40.dll
2008-11-21 23:55:35 ----A---- C:\WINDOWS\system32\msrepl40.dll
2008-11-21 23:55:35 ----A---- C:\WINDOWS\system32\mspbde40.dll
2008-11-21 23:55:35 ----A---- C:\WINDOWS\system32\msjtes40.dll
2008-11-21 23:55:35 ----A---- C:\WINDOWS\system32\msjetoledb40.dll
2008-11-21 23:55:35 ----A---- C:\WINDOWS\system32\msjet40.dll
2008-11-21 23:55:34 ----A---- C:\WINDOWS\system32\msexcl40.dll
2008-11-21 23:55:34 ----A---- C:\WINDOWS\system32\msexch40.dll
2008-11-21 23:55:33 ----A---- C:\WINDOWS\system32\mswdat10.dll
2008-11-21 23:55:33 ----A---- C:\WINDOWS\system32\msjter40.dll
2008-11-21 23:55:33 ----A---- C:\WINDOWS\system32\msjint40.dll
2008-11-21 23:55:33 ----A---- C:\WINDOWS\system32\expsrv.dll
2008-11-21 23:55:32 ----A---- C:\WINDOWS\system32\mswstr10.dll
2008-11-21 23:55:32 ----A---- C:\WINDOWS\system32\msrd3x40.dll
2008-11-21 23:55:32 ----A---- C:\WINDOWS\system32\msrd2x40.dll
2008-11-21 23:55:31 ----A---- C:\WINDOWS\system32\msltus40.dll
2008-11-21 23:53:44 ----HDC---- C:\WINDOWS\$NtUninstallKB828035$
2008-11-21 23:53:06 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-11-21 23:51:56 ----HDC---- C:\WINDOWS\$NtUninstallKB823182$
2008-11-21 23:27:04 ----A---- C:\WINDOWS\system32\esent.dll
2008-11-21 23:23:36 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-11-21 23:23:36 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-11-21 23:23:36 ----A---- C:\WINDOWS\system32\mstask.dll
2008-11-21 23:09:10 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-11-21 23:09:09 ----A---- C:\WINDOWS\system32\winhttp.dll
2008-11-21 19:59:17 ----RA---- C:\WINDOWS\system32\hhactivex.dll
2008-11-21 19:59:17 ----A---- C:\WINDOWS\system32\RcdScan.dll
2008-11-21 19:59:14 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2008-11-21 19:31:59 ----A---- C:\WINDOWS\system32\wpa.bak
2008-11-21 18:56:15 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-11-21 18:49:43 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-11-21 18:49:43 ----A---- C:\WINDOWS\system32\irclass.dll
2008-11-21 18:49:25 ----RA---- C:\WINDOWS\SET7F.tmp
2008-11-21 18:49:24 ----RA---- C:\WINDOWS\SET6D.tmp
2008-11-21 18:49:21 ----RA---- C:\WINDOWS\SET61.tmp
2008-11-21 18:40:05 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-11-21 18:40:03 ----D---- C:\WINDOWS\setup.pss
2008-11-21 11:32:41 ----A---- C:\AUTOEXEC.BAT
2008-11-21 11:30:33 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-11-21 11:30:33 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-11-21 11:30:33 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-11-21 11:30:33 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-11-21 11:30:31 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-11-21 11:30:31 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-11-21 11:30:30 ----A---- C:\WINDOWS\system32\inetres.dll
2008-11-21 11:30:29 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-11-21 11:30:29 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-11-21 11:30:28 ----A---- C:\WINDOWS\system32\isign32.dll
2008-11-21 11:30:28 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-11-21 11:30:21 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-11-21 11:30:15 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-11-21 11:30:15 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-11-21 11:30:15 ----A---- C:\WINDOWS\system32\srclient.dll
2008-11-21 11:30:13 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-11-21 11:30:13 ----A---- C:\WINDOWS\system32\msconf.dll
2008-11-21 11:30:13 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-11-21 11:30:13 ----A---- C:\WINDOWS\system32\ils.dll
2008-11-21 11:30:09 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-11-21 11:30:09 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-11-21 11:30:08 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-11-21 11:28:29 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-11-21 11:28:29 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-11-21 11:28:28 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-11-21 11:28:28 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-11-21 11:28:28 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-11-21 11:28:27 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-11-21 11:28:27 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-11-21 11:28:27 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-11-21 11:28:27 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-11-21 11:28:26 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-11-21 11:28:26 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-11-21 11:28:26 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-11-21 11:28:26 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-11-21 11:28:26 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-11-21 11:28:25 ----A---- C:\WINDOWS\system32\stclient.dll
2008-11-21 11:28:25 ----A---- C:\WINDOWS\system32\comuid.dll
2008-11-21 11:28:25 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-11-21 11:28:25 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-11-21 11:28:25 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-11-21 11:28:25 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-11-21 11:28:19 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-11-21 11:28:19 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-11-21 11:28:19 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-11-21 11:28:18 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-11-21 11:28:18 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-11-21 11:28:18 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-11-21 11:28:17 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-11-21 11:28:17 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-11-21 11:28:17 ----A---- C:\WINDOWS\system32\spider.exe
2008-11-21 11:28:16 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-11-21 11:28:16 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-11-21 11:28:15 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-11-21 11:28:15 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-11-21 11:28:15 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-11-21 11:28:15 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-11-21 11:28:15 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-11-21 11:28:15 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-11-21 11:28:14 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-11-21 11:28:14 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-11-21 11:28:14 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-11-21 11:28:14 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-11-21 11:28:14 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-11-21 11:28:14 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-11-21 11:28:14 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-11-21 11:28:13 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-11-21 11:28:05 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-11-21 11:14:37 ----A---- C:\WINDOWS\system32\storprop.dll
2008-11-21 11:14:20 ----RA---- C:\WINDOWS\SETA6.tmp
2008-11-21 11:14:19 ----RA---- C:\WINDOWS\SET94.tmp
2008-11-21 11:14:16 ----RA---- C:\WINDOWS\SET88.tmp
2008-11-21 03:06:29 ----D---- C:\WINDOWS\java

======List of files/folders modified in the last 1 months======

2008-12-13 20:10:56 ----D---- C:\WINDOWS\system32\DRIVERS
2008-12-13 20:10:56 ----D---- C:\WINDOWS\SYSTEM32
2008-12-13 20:10:45 ----D---- C:\WINDOWS
2008-12-13 20:08:14 ----HD---- C:\WINDOWS\INF
2008-12-13 20:08:03 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-13 20:07:54 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 20:05:41 ----A---- C:\WINDOWS\system.ini
2008-12-13 20:02:18 ----D---- C:\WINDOWS\system32\CONFIG
2008-12-13 20:01:56 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-13 19:54:56 ----D---- C:\WINDOWS\AppPatch
2008-12-13 19:54:56 ----D---- C:\Program Files\Common Files
2008-12-13 19:49:25 ----D---- C:\temp
2008-12-13 19:49:15 ----D---- C:\WINDOWS\SYSTEM
2008-12-13 19:49:08 ----D---- C:\Program Files\Common
2008-12-13 19:45:33 ----RASH---- C:\boot.ini
2008-12-13 19:43:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-13 12:50:09 ----RD---- C:\Program Files
2008-12-08 03:00:28 ----SHD---- C:\WINDOWS\Installer
2008-12-08 03:00:27 ----HD---- C:\Config.Msi
2008-12-01 03:03:39 ----RSHDC---- C:\WINDOWS\system32\DLLCACHE
2008-12-01 03:03:39 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-01 03:02:12 ----A---- C:\WINDOWS\imsins.BAK
2008-11-29 04:36:29 ----A---- C:\WINDOWS\WIN.INI
2008-11-29 04:36:01 ----D---- C:\Program Files\Windows Media Player
2008-11-29 04:35:56 ----D---- C:\WINDOWS\Help
2008-11-23 22:42:12 ----D---- C:\Program Files\Internet Explorer
2008-11-23 20:25:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-23 20:21:01 ----A---- C:\WINDOWS\SETUPLOG.TXT
2008-11-23 20:20:16 ----D---- C:\WINDOWS\IME
2008-11-23 20:20:15 ----D---- C:\WINDOWS\system32\WBEM
2008-11-23 20:20:15 ----D---- C:\WINDOWS\system32\Setup
2008-11-23 20:20:14 ----RSD---- C:\WINDOWS\Fonts
2008-11-23 19:37:15 ----D---- C:\WINDOWS\SECURITY
2008-11-23 19:32:18 ----D---- C:\Program Files\Messenger
2008-11-23 19:28:06 ----D---- C:\WINDOWS\peernet
2008-11-23 19:28:06 ----D---- C:\Program Files\Movie Maker
2008-11-23 19:24:21 ----D---- C:\WINDOWS\system32\Restore
2008-11-23 19:24:21 ----D---- C:\WINDOWS\system32\NPP
2008-11-23 19:24:20 ----D---- C:\WINDOWS\MSAGENT
2008-11-23 19:24:18 ----D---- C:\WINDOWS\SRCHASST
2008-11-23 19:24:17 ----D---- C:\Program Files\NetMeeting
2008-11-23 19:24:16 ----D---- C:\WINDOWS\system32\Com
2008-11-23 19:24:13 ----D---- C:\Program Files\Windows NT
2008-11-23 19:24:12 ----D---- C:\Program Files\Outlook Express
2008-11-23 19:24:05 ----D---- C:\Program Files\Common Files\System
2008-11-23 19:23:40 ----D---- C:\WINDOWS\system32\OOBE
2008-11-23 19:23:39 ----D---- C:\WINDOWS\system32\USMT
2008-11-23 19:20:19 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-23 19:16:06 ----D---- C:\WINDOWS\EHome
2008-11-23 08:23:33 ----D---- C:\WINDOWS\system32\en-US
2008-11-23 08:21:00 ----HDC---- C:\WINDOWS\ie7
2008-11-23 08:16:52 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-11-22 08:04:48 ----RD---- C:\WINDOWS\Web
2008-11-22 08:04:08 ----RASH---- C:\NTDETECT.COM
2008-11-22 07:29:12 ----D---- C:\WINDOWS\Debug
2008-11-22 07:27:32 ----D---- C:\WINDOWS\SxsCaPendDel
2008-11-22 07:26:13 ----D---- C:\WINDOWS\WinSxS
2008-11-22 07:23:47 ----D---- C:\Program Files\Common Files\BitDefender
2008-11-22 01:27:03 ----HDC---- C:\WINDOWS\$NtUninstallKB890046_0$
2008-11-22 01:25:07 ----HDC---- C:\WINDOWS\$NtUninstallKB922819_0$
2008-11-22 01:23:25 ----HDC---- C:\WINDOWS\$NtUninstallKB924191_0$
2008-11-22 01:21:32 ----HDC---- C:\WINDOWS\$NtUninstallKB923191_0$
2008-11-22 01:19:52 ----HDC---- C:\WINDOWS\$NtUninstallKB924496_0$
2008-11-22 01:18:17 ----HDC---- C:\WINDOWS\$NtUninstallKB923414_0$
2008-11-22 01:14:42 ----HDC---- C:\WINDOWS\$NtUninstallKB920685_0$
2008-11-22 01:13:05 ----HDC---- C:\WINDOWS\$NtUninstallKB919007_0$
2008-11-22 01:11:26 ----HDC---- C:\WINDOWS\$NtUninstallKB922616_0$
2008-11-22 01:08:45 ----HDC---- C:\WINDOWS\$NtUninstallKB921398_0$
2008-11-22 01:06:34 ----HDC---- C:\WINDOWS\$NtUninstallKB920683_0$
2008-11-22 01:04:58 ----HDC---- C:\WINDOWS\$NtUninstallKB920670_0$
2008-11-22 01:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB917422_0$
2008-11-22 01:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB921883_0$
2008-11-22 00:59:47 ----HDC---- C:\WINDOWS\$NtUninstallKB914388_0$
2008-11-22 00:58:18 ----HDC---- C:\WINDOWS\$NtUninstallKB911280_0$
2008-11-22 00:56:23 ----HDC---- C:\WINDOWS\$NtUninstallKB917953_0$
2008-11-22 00:55:03 ----HDC---- C:\WINDOWS\$NtUninstallKB913580_0$
2008-11-22 00:52:29 ----HDC---- C:\WINDOWS\$NtUninstallKB917344_0$
2008-11-22 00:50:41 ----HDC---- C:\WINDOWS\$NtUninstallKB914389_0$
2008-11-22 00:48:02 ----HDC---- C:\WINDOWS\$NtUninstallKB908531_0$
2008-11-22 00:46:38 ----HDC---- C:\WINDOWS\$NtUninstallKB911562_0$
2008-11-22 00:44:24 ----HDC---- C:\WINDOWS\$NtUninstallKB840987$
2008-11-22 00:41:49 ----HDC---- C:\WINDOWS\$NtUninstallKB911927_0$
2008-11-22 00:40:34 ----HDC---- C:\WINDOWS\$NtUninstallKB912919_0$
2008-11-22 00:39:20 ----HDC---- C:\WINDOWS\$NtUninstallKB908519_0$
2008-11-22 00:37:51 ----HDC---- C:\WINDOWS\$NtUninstallKB910437_0$
2008-11-22 00:35:07 ----HDC---- C:\WINDOWS\$NtUninstallKB896424_0$
2008-11-22 00:33:32 ----HDC---- C:\WINDOWS\$NtUninstallKB900725_0$
2008-11-22 00:31:03 ----HDC---- C:\WINDOWS\$NtUninstallKB905749_0$
2008-11-22 00:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2008-11-22 00:28:46 ----HDC---- C:\WINDOWS\$NtUninstallKB905414_0$
2008-11-22 00:27:34 ----HDC---- C:\WINDOWS\$NtUninstallKB901017_0$
2008-11-22 00:26:05 ----HDC---- C:\WINDOWS\$NtUninstallKB902400_0$
2008-11-22 00:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB896423_0$
2008-11-22 00:23:15 ----HDC---- C:\WINDOWS\$NtUninstallKB899587_0$
2008-11-22 00:22:10 ----HDC---- C:\WINDOWS\$NtUninstallKB899591_0$
2008-11-22 00:21:06 ----HDC---- C:\WINDOWS\$NtUninstallKB893756_0$
2008-11-22 00:19:48 ----HDC---- C:\WINDOWS\$NtUninstallKB896358_0$
2008-11-22 00:18:28 ----HDC---- C:\WINDOWS\$NtUninstallKB890859_0$
2008-11-22 00:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB901214_0$
2008-11-22 00:16:04 ----HDC---- C:\WINDOWS\$NtUninstallKB896428_0$
2008-11-22 00:14:41 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-11-22 00:11:33 ----HDC---- C:\WINDOWS\$NtUninstallKB840374$
2008-11-22 00:10:44 ----HDC---- C:\WINDOWS\$NtUninstallKB841356$
2008-11-22 00:08:28 ----HDC---- C:\WINDOWS\$NtUninstallKB839645$
2008-11-22 00:07:48 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-11-22 00:06:50 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-11-22 00:06:07 ----HDC---- C:\WINDOWS\$NtUninstallKB833987$
2008-11-22 00:05:40 ----HDC---- C:\WINDOWS\$NtUninstallKB885626$
2008-11-22 00:04:37 ----HDC---- C:\WINDOWS\$NtUninstallKB841873$
2008-11-22 00:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB839643-DirectX9$
2008-11-22 00:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-11-22 00:00:11 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-11-21 23:58:54 ----HDC---- C:\WINDOWS\$NtUninstallKB873376$
2008-11-21 23:57:34 ----HDC---- C:\WINDOWS\$NtUninstallKB841533$
2008-11-21 23:55:51 ----HDC---- C:\WINDOWS\$NtUninstallKB837001$
2008-11-21 23:55:00 ----HDC---- C:\WINDOWS\$NtUninstallQ828026$
2008-11-21 23:52:54 ----HDC---- C:\WINDOWS\$NtUninstallKB824105$
2008-11-21 23:11:11 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-11-21 23:10:10 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2008-11-21 23:07:39 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-21 23:01:08 ----HD---- C:\Program Files\WindowsUpdate
2008-11-21 20:08:30 ----A---- C:\WINDOWS\ModemLog_Conexant SmartHSFi V.9x 56K DF PCI Modem.txt
2008-11-21 19:59:13 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-21 19:19:41 ----D---- C:\Documents and Settings
2008-11-21 19:19:27 ----D---- C:\WINDOWS\Registration
2008-11-21 19:16:50 ----SHD---- C:\System Volume Information
2008-11-21 18:57:25 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-21 18:57:18 ----A---- C:\WINDOWS\ODBCINST.INI
2008-11-21 18:56:55 ----D---- C:\WINDOWS\system32\IAS
2008-11-21 18:56:07 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-11-21 18:50:14 ----D---- C:\DRIVERS
2008-11-21 18:49:54 ----A---- C:\WINDOWS\system32\OEMINFO.INI
2008-11-21 18:49:32 ----ASH---- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
2008-11-21 16:41:01 ----D---- C:\Program Files\Yahoo!
2008-11-21 16:28:49 ----D---- C:\WINDOWS\ADDINS
2008-11-21 15:38:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-21 11:54:34 ----SD---- C:\WINDOWS\Tasks
2008-11-21 11:31:07 ----SD---- C:\WINDOWS\occache
2008-11-21 10:44:05 ----D---- C:\WINDOWS\Media
2008-11-21 10:44:00 ----D---- C:\WINDOWS\TWAIN_32
2008-11-21 10:43:42 ----D---- C:\WINDOWS\system32\ICSXML
2008-11-21 10:43:07 ----D---- C:\WINDOWS\system32\1033
2008-11-21 10:42:03 ----D---- C:\WINDOWS\Driver Cache
2008-11-16 16:31:06 ----D---- C:\WINDOWS\CAVTemp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 KmxAgent;KmxAgent; C:\WINDOWS\System32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile; C:\WINDOWS\System32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw; C:\WINDOWS\System32\DRIVERS\kmxfw.sys [2008-06-24 115216]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2003-07-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2003-07-14 23219]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2008-08-23 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2007-08-20 21512]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2007-08-20 26376]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2007-08-20 32264]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2007-08-20 21128]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2003-06-19 40448]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 KmxCF;KmxCF; C:\WINDOWS\System32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx; C:\WINDOWS\System32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2003-08-05 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2003-08-05 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2003-08-05 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2003-08-05 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2003-08-05 83284]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2003-08-05 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2003-08-05 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2003-08-05 98068]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2003-08-05 100373]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2004-03-22 51088]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2004-03-22 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2004-03-22 21744]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-07-02 1063936]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-07-02 202368]
R3 KmxCfg;KmxCfg; C:\WINDOWS\System32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-07-16 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2006-10-21 28256]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-11-03 1330940]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-18 578176]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2008-08-23 108368]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-07-02 631680]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S2 TIIXRAKU;TIIXRAKU; \??\C:\WINDOWS\system32\tiixraku.byc []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys []
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2003-07-16 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [2003-08-06 1376360]
R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2007-08-20 144960]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-10 137200]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007-01-04 280080]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-11-03 73728]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 202544]
R2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxFwHlp;HIPS Firewall Helper; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [2007-10-18 145936]
R2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2007-08-20 242952]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-01-10 65536]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2007-08-16 214280]
R3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-16 189704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\hpbpro.exe [2004-03-01 77824]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\hpboid.exe [2004-03-01 73728]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\System32\tcpsvcs.exe [2003-07-16 19456]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2004-03-18 65536]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Thank you

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:42 AM

Posted 14 December 2008 - 09:49 AM

Hello,

You're welcome. :thumbsup:

Please go to the following site : http://www.threatexpert.com/submit.aspx

In the "file to submit" area, please click the browse button and navigate to the following file :

c:\windows\system32\tiixraku.byc

Check the "I agree" box and when your file is uploaded, click submit.

Please post back with the URL of the page that comes up when it's done analyzing the file.

How is it running please?

Thanks,
tea

Edited by teacup61, 14 December 2008 - 09:49 AM.

Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 ihavethistheory

ihavethistheory
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 14 December 2008 - 11:27 AM

Hi Tea,

Thanks a lot,
My computer is running fine at this point.
I was not able to follow the last directions you gave me because the file c:\windows\system32\tiixraku.byc is not on my computer.
Let me know if that is a problem.
Thanks again

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:42 AM

Posted 14 December 2008 - 11:48 AM

Hello,

You're welcome, and good to know. :thumbsup: If it's not there, then it's not there. The entry indicated the file was missing, but I wanted to be sure. I couldn't find anything on it, so thought maybe we could find out. :)

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer.

You have some pretty good protection in place, though I would suggest an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

If there are no problems, then all done! :)

Take care,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:42 AM

Posted 20 December 2008 - 09:38 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users