This topic is locked
I have been trying to remove udxfytw.sys. I've managed to stop the process, so sounds are not still randomly occuring, however, I don't think I've gotten everything totally clean. The scans are still showing infection.
Posted below are both the kaspersky and RSIT logs. Thanks for any help you can offer.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, December 9, 2008
Operating System: Microsoft Windows 2000 Professional Service Pack 4 (build 2195)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, December 09, 2008 02:08:27
Records in database: 1445114
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
Scan statistics:
Files scanned: 95937
Threat name: 7
Infected objects: 23
Suspicious objects: 0
Duration of the scan: 02:01:29
File name / Threat name / Threats count
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\G1MF0XY7\smain[1].php Infected: Trojan-Downloader.JS.Psyme.amg 1
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\G1MF0XY7\smain[2].php Infected: Trojan-Downloader.JS.Psyme.amg 1
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\G1MF0XY7\smain[3].php Infected: Trojan-Downloader.JS.Psyme.amg 1
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\IAVG5MKR\placeholder-1301916-572418144[1] Infected: Trojan-Downloader.JS.Psyme.amg 1
C:\Documents and Settings\Jeff Guymon\Desktop\MultiMedia\PgcEdit_install.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k 1
C:\WINNT\system32\tmpxr_158618242174.bk Infected: Trojan.Win32.Agent.astn 1
C:\WINNT\system32\tmpxr_268128408325.bk Infected: Trojan.Win32.Agent.aqfq 1
C:\WINNT\system32\tmpxr_427141892459.bk Infected: Trojan.Win32.Agent.aqfq 1
C:\WINNT\system32\tmpxr_461821137132.bk Infected: Trojan.Win32.Agent.aqfq 1
C:\WINNT\system32\tmpxr_475613109801.bk Infected: Trojan.Win32.Agent.aqfq 1
C:\WINNT\system32\tmpxr_488321185830.bk Infected: Trojan.Win32.Agent.aqfq 1
C:\WINNT\system32\tmpxr_505848220557.bk Infected: Trojan.Win32.Agent.astn 1
C:\WINNT\system32\tmpxr_54862416073.bk Infected: Trojan.Win32.Agent.aqfq 1
C:\WINNT\system32\tmpxr_648854209698.bk Infected: Trojan.Win32.Agent.aqfq 1
C:\WINNT\system32\tmpxr_810622586013.bk Infected: Trojan.Win32.Agent.astn 1
C:\WINNT\system32\tmpxr_858065764191.bk Infected: Trojan.Win32.Agent.aqfq 1
C:\WINNT\system32\tmpxr_882573730860.bk Infected: Trojan.Win32.Agent.aqfq 1
C:\WINNT\system32\tmpxr_91901448108.bk Infected: Trojan.Win32.Agent.aqfq 1
C:\WINNT\system32\udxfytw-bak.sys Infected: Trojan.Win32.Agent.aohb 1
C:\WINNT\system32\udxfytw.sys Infected: Trojan.Win32.Agent.aouc 1
E:\Downloads\DVD Apps.zip Infected: not-a-virus:RiskTool.Win32.PsKill.k 1
E:\Downloads\WindowsXP\WinXPkeyChanger.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 2
The selected area was scanned.
___________________________________________________________________
Logfile of random's system information tool 1.04 (written by random/random)
Run by Jeff Guymon at 2008-12-09 06:57:22
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 32 GB (73%) free of 44 GB
Total RAM: 1023 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:26 AM, on 12/9/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\htpatch.exe
C:\WINNT\system32\PROMon.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINNT\SM1BG.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Documents and Settings\Jeff Guymon\Desktop\RSIT.exe
C:\Program Files\trend micro\Jeff Guymon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HTpatch] C:\WINNT\htpatch.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [EPSON Stylus Photo R260 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\WINNT\TEMP\E_S9F.tmp" /EF "HKCU"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150047754953
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: afisicx - Unknown owner - C:\WINNT\system32\afisicx.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: noytcyr - Unknown owner - C:\WINNT\system32\noytcyr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: roytctm - Unknown owner - C:\WINNT\system32\roytctm.exe (file missing)
O23 - Service: tdydowkc - Unknown owner - C:\WINNT\system32\tdydowkc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: wsldoekd - Unknown owner - C:\WINNT\system32\wsldoekd.exe (file missing)
--
End of file - 8138 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 54248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-08-14 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-07 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-07 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-07 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Radio - C:\WINNT\System32\msdxm.ocx [2005-03-31 844560]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=mobsync.exe /logon []
"HTpatch"=C:\WINNT\htpatch.exe [2002-10-30 28672]
"PROMon.exe"=C:\WINNT\system32\PROMon.exe [2002-04-18 73728]
"NvCplDaemon"=C:\WINNT\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"Omnipage"=C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [2002-06-03 49152]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-06-14 282624]
"RoxioDragToDisc"=C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe [2004-01-27 1179648]
"SM1BG"=C:\WINNT\SM1BG.EXE [2003-08-27 94208]
"SoundMan"=C:\WINNT\SOUNDMAN.EXE [2002-11-19 46592]
"NvMediaCenter"=C:\WINNT\system32\NvMcTray.dll [2006-10-22 86016]
"Logitech Hardware Abstraction Layer"=C:\WINNT\KHALMNPR.EXE [2006-07-19 94208]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2006-11-30 112216]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-11-17 136768]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-07 136600]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"=C:\Program Files\TClockEx\TCLOCKEX.EXE [2000-03-09 89088]
"EPSON Stylus Photo R260 Series"=C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE [2006-05-18 139264]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nwprovau]
C:\WINNT\system32\nwprovau.dll [2006-08-31 140048]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2008-12-08 22:47:23 ----D---- C:\rsit
2008-12-08 22:47:23 ----D---- C:\Program Files\trend micro
2008-12-07 21:14:03 ----D---- C:\Documents and Settings\Jeff Guymon\Application Data\Malwarebytes
2008-12-07 21:13:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-07 21:13:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-07 20:11:26 ----A---- C:\WINNT\system32\javaws.exe
2008-12-07 20:11:26 ----A---- C:\WINNT\system32\javaw.exe
2008-12-07 20:11:26 ----A---- C:\WINNT\system32\java.exe
2008-12-07 20:11:26 ----A---- C:\WINNT\system32\deploytk.dll
2008-12-07 20:09:56 ----D---- C:\Program Files\Java
2008-11-23 19:12:40 ----HDC---- C:\WINNT\$NtUninstallKB957097$
2008-11-23 19:12:25 ----HDC---- C:\WINNT\$NtUninstallKB955069$
2008-11-23 19:11:28 ----HDC---- C:\WINNT\$NtUninstallKB956390-IE6SP1-20080820.120000$
2008-11-23 19:11:20 ----HDC---- C:\WINNT\$NtUninstallKB957095$
2008-11-23 19:11:14 ----HDC---- C:\WINNT\$NtUninstallKB956391$
2008-11-23 19:11:03 ----HDC---- C:\WINNT\$NtUninstallKB954211$
2008-11-23 19:01:28 ----HDC---- C:\WINNT\$NtUninstallKB938464-IE6SP1-20080429.120000$
2008-11-23 18:59:56 ----HDC---- C:\WINNT\$NtUninstallKB952954$
2008-11-23 18:59:51 ----HDC---- C:\WINNT\$NtUninstallKB950974$
2008-11-23 18:59:42 ----HDC---- C:\WINNT\$NtUninstallKB951066-OE6SP1-20080625.120000$
2008-11-23 18:59:34 ----HDC---- C:\WINNT\$NtUninstallKB951748$
2008-11-23 18:58:58 ----HDC---- C:\WINNT\$NtUninstallKB951698_DX9$
2008-11-23 18:54:09 ----HDC---- C:\WINNT\$NtUninstallKB950749$
2008-11-23 18:54:02 ----HDC---- C:\WINNT\$NtUninstallKB944338$
2008-11-23 18:53:27 ----HDC---- C:\WINNT\$NtUninstallKB948590$
2008-11-23 18:53:21 ----HDC---- C:\WINNT\$NtUninstallKB945553$
2008-11-23 18:52:49 ----HDC---- C:\WINNT\$NtUninstallKB943055$
2008-11-23 18:51:56 ----HDC---- C:\WINNT\$NtUninstallKB943485$
2008-11-23 18:51:47 ----HDC---- C:\WINNT\$NtUninstallKB937894$
2008-11-23 18:50:59 ----HDC---- C:\WINNT\$NtUninstallKB941569$
2008-11-23 18:50:51 ----HDC---- C:\WINNT\$NtUninstallKB923810$
2008-11-23 18:50:46 ----HDC---- C:\WINNT\$NtUninstallKB933729$
2008-11-23 18:50:40 ----HDC---- C:\WINNT\$NtUninstallKB938827$
2008-11-23 18:50:30 ----A---- C:\WINNT\system32\wmpns.dll
2008-11-23 18:50:24 ----HDC---- C:\WINNT\$NtUninstallKB936782_WMP9$
2008-11-23 18:50:17 ----HDC---- C:\WINNT\$NtUninstallKB926122$
2008-11-23 18:50:12 ----HDC---- C:\WINNT\$NtUninstallKB935839$
2008-11-23 18:50:06 ----HDC---- C:\WINNT\$NtUninstallKB935840$
2008-11-23 18:49:59 ----HDC---- C:\WINNT\$NtUninstallKB927891$
2008-11-23 14:38:10 ----HDC---- C:\WINNT\$NtUninstallKB958644$
2008-11-23 00:35:50 ----D---- C:\WINNT\ERUNT
2008-11-23 00:32:06 ----A---- C:\WINNT\ntbtlog.txt
2008-11-21 20:21:13 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-11-21 20:21:13 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
======List of files/folders modified in the last 1 months======
2008-12-09 06:57:22 ----D---- C:\WINNT\system32
2008-12-09 06:57:04 ----AD---- C:\WINNT\Debug
2008-12-09 06:55:41 ----AD---- C:\WINNT\Temp
2008-12-09 06:53:03 ----A---- C:\WINNT\SchedLgU.Txt
2008-12-09 06:39:28 ----AD---- C:\WINNT\security
2008-12-08 23:12:20 ----D---- C:\WINNT\system32\NtmsData
2008-12-08 22:47:23 ----RAD---- C:\Program Files
2008-12-07 21:35:24 ----AD---- C:\WINNT\system32\drivers
2008-12-07 21:32:40 ----AD---- C:\WINNT
2008-12-07 20:53:21 ----D---- C:\Quarantine
2008-12-07 20:11:29 ----SHD---- C:\WINNT\Installer
2008-12-07 19:59:47 ----AD---- C:\Program Files\Common Files
2008-12-07 19:40:23 ----A---- C:\WINNT\wininit.ini
2008-12-04 19:07:59 ----D---- C:\Documents and Settings\Jeff Guymon\Application Data\Identities
2008-12-04 18:59:22 ----A---- C:\WINNT\KA.INI
2008-12-04 18:59:01 ----D---- C:\KA
2008-11-23 21:17:53 ----AD---- C:\WINNT\system32\wbem
2008-11-23 21:17:53 ----A---- C:\WINNT\system32\PerfStringBackup.INI
2008-11-23 19:20:32 ----RASHDC---- C:\WINNT\system32\dllcache
2008-11-23 19:20:31 ----AD---- C:\WINNT\system32\Setup
2008-11-23 19:20:31 ----AD---- C:\WINNT\msagent
2008-11-23 19:14:31 ----D---- C:\WINNT\Microsoft.NET
2008-11-23 19:12:45 ----HD---- C:\WINNT\inf
2008-11-23 19:12:30 ----A---- C:\WINNT\imsins.BAK
2008-11-23 19:10:23 ----A---- C:\WINNT\win.ini
2008-11-23 19:08:29 ----D---- C:\WINNT\Registration
2008-11-23 19:07:25 ----AD---- C:\WINNT\system32\mui
2008-11-23 19:07:24 ----D---- C:\Program Files\Internet Explorer
2008-11-23 18:59:47 ----D---- C:\Program Files\Common Files\System
2008-11-23 18:59:46 ----D---- C:\Program Files\Outlook Express
2008-11-23 18:57:20 ----RASD---- C:\WINNT\Fonts
2008-11-23 18:56:42 ----AD---- C:\Program Files\Common Files\Microsoft Shared
2008-11-23 18:54:28 ----D---- C:\WINNT\winsxs
2008-11-22 11:51:26 ----SHD---- C:\WINNT\CSC
2008-11-21 20:27:17 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-21 16:46:07 ----AD---- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-11-21 16:46:05 ----D---- C:\Documents and Settings\Jeff Guymon\Application Data\ZoomBrowser EX
2008-11-20 15:26:28 ----AD---- C:\WINNT\Help
2008-11-19 01:44:51 ----D---- C:\WINNT\Minidump
2008-11-18 14:06:57 ----A---- C:\WINNT\ODBC.INI
2008-11-17 10:05:54 ----AD---- C:\Documents and Settings
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Cdr4_2K;Cdr4_2K; C:\WINNT\system32\drivers\Cdr4_2K.sys [2004-01-27 43008]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2004-01-27 24576]
R1 cdudf;cdudf; C:\WINNT\system32\drivers\cdudf.sys [2004-01-27 284928]
R1 DVDVRRdr;DVDVRRdr; C:\WINNT\system32\drivers\DVDVRRdr.sys [2004-01-27 140416]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINNT\system32\drivers\mfetdik.sys [2006-11-30 52136]
R1 pwd_2k;pwd_2k; C:\WINNT\system32\drivers\pwd_2k.sys [2004-01-27 117248]
R1 UDFReadr;UDFReadr; C:\WINNT\system32\drivers\UDFReadr.sys [2004-01-27 197632]
R2 LBeepKE;LBeepKE; C:\WINNT\System32\Drivers\LBeepKE.sys [2006-09-01 3712]
R2 Nbf;NetBEUI Protocol; C:\WINNT\System32\DRIVERS\nbf.sys [2001-05-08 102160]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINNT\system32\drivers\ALCXWDM.SYS [2002-11-26 730700]
R3 dvd_2K;dvd_2K; C:\WINNT\system32\drivers\dvd_2K.sys [2004-01-27 23680]
R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINNT\System32\DRIVERS\e1000nt5.sys [2002-05-05 103680]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINNT\system32\DRIVERS\L8042Kbd.sys [2006-07-19 13568]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINNT\system32\DRIVERS\L8042mou.Sys [2006-07-19 55936]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINNT\system32\DRIVERS\LMouKE.Sys [2006-07-19 71936]
R3 mfeapfk;McAfee Inc.; C:\WINNT\system32\drivers\mfeapfk.sys [2006-11-30 64360]
R3 mfeavfk;McAfee Inc.; C:\WINNT\system32\drivers\mfeavfk.sys [2006-11-30 72264]
R3 mfebopk;McAfee Inc.; C:\WINNT\system32\drivers\mfebopk.sys [2006-11-30 34152]
R3 mfehidk;McAfee Inc.; C:\WINNT\system32\drivers\mfehidk.sys [2006-11-30 168776]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINNT\system32\drivers\msmpu401.sys [1999-09-25 2832]
R3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 openhci;Microsoft USB Open Host Controller Driver; C:\WINNT\System32\DRIVERS\openhci.sys [2003-06-19 24784]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2003-06-19 19728]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2003-06-19 40176]
R3 usbhub20;USB Hub Support; C:\WINNT\System32\DRIVERS\usbhub20.sys [2003-06-19 49776]
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 cmuda;C-Media WDM Audio Interface; C:\WINNT\system32\drivers\cmuda.sys []
S3 mmc_2K;mmc_2K; C:\WINNT\system32\drivers\mmc_2K.sys [2004-01-27 23680]
S3 MPE;BDA MPE Filter; C:\WINNT\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINNT\System32\DRIVERS\msdv.sys [2004-07-09 56832]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINNT\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINNT\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2003-06-19 21872]
S3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2003-06-19 12592]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 IntelIde;IntelIde; C:\WINNT\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 awfgzrzf;awfgzrzf; C:\WINNT\system32\svchost.exe [2001-05-08 7952]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-07 152984]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-11-17 104000]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [2006-11-30 144960]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [2006-11-30 54872]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINNT\system32\nvsvc32.exe [2006-10-22 159810]
R2 StiSvc;Still Image Service; C:\WINNT\system32\stisvc.exe [2003-06-19 61712]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2003-12-04 49152]
S2 afisicx;afisicx; C:\WINNT\system32\afisicx.exe []
S2 NMSSvc;Intel® NMS; C:\WINNT\System32\NMSSvc.exe [2002-05-03 1118208]
S2 noytcyr;noytcyr; C:\WINNT\system32\noytcyr.exe []
S2 roytctm;roytctm; C:\WINNT\system32\roytctm.exe []
S2 tdydowkc;tdydowkc; C:\WINNT\system32\tdydowkc.exe []
S2 wsldoekd;wsldoekd; C:\WINNT\system32\wsldoekd.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINNT\System32\svchost.exe [2001-05-08 7952]
-----------------EOF-----------------
Back to top
