Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Hijacked- possibly rootkit


  • This topic is locked This topic is locked
4 replies to this topic

#1 Liam87

Liam87

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 18 December 2008 - 11:10 PM

hello,
when i search with google it opens up a new window and i am redirected to advertisements and different antispyware sites etc.
when google is conducting a search, down the bottom of the page it says "waiting for [url="http://copy-book.com/search...etc""]http://copy-book.com/search...etc"[/url]
after one search is completed, searching a different topic gives the results of the previous topic.
i have a full version of trend micro internet security pro, i have scanned the computer using trend micro and Malwarebytes' Anti-Malware many times, each scan finds and removes a few trojans and cookies but the problem remains.

any help you could give me would be very welcome.

here is my log.txt and info.tet from RSIT

Logfile of random's system information tool 1.05 (written by random/random)
Run by Liam at 2008-12-19 13:50:18
Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (26%) free of 45 GB
Total RAM: 1014 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:50:19 PM, on 19/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\UAService7.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\AGRSMMSG.exe
C:\WINDOWS.0\system32\hkcmd.exe
C:\WINDOWS.0\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS.0\sttray.exe
C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Liam.walshy87\Desktop\RSIT.exe
C:\Documents and Settings\Liam.walshy87\Desktop\HiJackThis\Liam.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {06647158-359E-4D10-A8DE-E6145DA90BE9} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Program Files\iVideoCodec\iesplugin.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS.0\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS.0\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS.0\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE /P26 "EPSON Stylus CX3700 Series" /O6 "USB001" /M "Stylus CX3700"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3700 Series on BRIDGET-A644C21] C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE /P50 "Auto EPSON Stylus CX3700 Series on BRIDGET-A644C21" /O25 "\\BRIDGET-A644C21\Printer" /M "Stylus CX3700"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\iVideoCodec\isamonitor.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: tisspwiz.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS.0\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.optima.com.au
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{61EAB9E7-AC5E-45E5-A204-0D24C740828C}: NameServer = 85.255.113.108;85.255.112.197
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.108;85.255.112.197
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.108;85.255.112.197
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.108;85.255.112.197
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - C:\WINDOWS.0\system32\okkmtv.dll (file missing)
O22 - SharedTaskScheduler: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - C:\WINDOWS.0\system32\okkmtv.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS.0\system32\UAService7.exe

--
End of file - 10000 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06647158-359E-4D10-A8DE-E6145DA90BE9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-02-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-20 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}]
TSToolbarBHO - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll [2008-02-15 103760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - Protection Bar - C:\Program Files\iVideoCodec\iesplugin.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-02-20 2403392]
{E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - Transaction Protector - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll [2008-02-15 103760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\WINDOWS.0\AGRSMMSG.exe [2004-06-29 88363]
"igfxtray"=C:\WINDOWS.0\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS.0\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS.0\system32\igfxpers.exe [2005-09-20 114688]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SigmatelSysTrayApp"=C:\WINDOWS.0\sttray.exe [2005-07-18 393216]
"EPSON Stylus CX3700 Series"=C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE [2005-02-08 98304]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"NeroFilterCheck"=C:\WINDOWS.0\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe -atboottime []
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-04-26 237568]
"Auto EPSON Stylus CX3700 Series on BRIDGET-A644C21"=C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE [2005-02-08 98304]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-07-29 1398024]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"isamonitor.exe"=C:\Program Files\iVideoCodec\isamonitor.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe [2005-02-26 212992]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2006-04-11 1409024]
"ctfmon.exe"=C:\WINDOWS.0\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-02-20 68856]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-02-12 21898024]

C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup
tisspwiz.lnk - C:\Program Files\Trend Micro\Internet Security\tisspwiz.exe

C:\Documents and Settings\Liam.walshy87\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS.0\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS.0\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - C:\WINDOWS.0\system32\okkmtv.dll []
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS.0\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - C:\WINDOWS.0\system32\okkmtv.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS.0\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS.0\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\WINDOWS.0\system32\rtcshare.exe"="C:\WINDOWS.0\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®"
"C:\WINDOWS.0\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS.0\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-12-19 13:50:18 ----D---- C:\rsit
2008-12-18 09:26:17 ----D---- C:\Documents and Settings\Liam.walshy87\Application Data\Mozilla
2008-12-18 09:26:02 ----D---- C:\Program Files\Mozilla Firefox
2008-12-15 13:34:49 ----A---- C:\WINDOWS.0\DCEBoot.exe
2008-12-11 04:25:29 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Blizzard
2008-12-10 20:17:00 ----D---- C:\Logs
2008-11-26 07:55:49 ----D---- C:\Documents and Settings\Liam.walshy87\Application Data\pdf995
2008-11-26 07:55:49 ----A---- C:\WINDOWS.0\pdf995.ini
2008-11-26 07:52:04 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\pdf995
2008-11-26 07:52:03 ----A---- C:\WINDOWS.0\system32\pdfmona.dll
2008-11-26 07:52:03 ----A---- C:\WINDOWS.0\system32\pdf995mon.dll
2008-11-26 07:51:24 ----D---- C:\Program Files\pdf995

======List of files/folders modified in the last 1 months======

2008-12-19 13:38:15 ----D---- C:\WINDOWS.0\system32
2008-12-19 13:31:07 ----D---- C:\WINDOWS.0\system32\drivers
2008-12-19 13:31:07 ----A---- C:\WINDOWS.0\system32\kdfvmgr.exe
2008-12-19 13:31:07 ----A---- C:\WINDOWS.0\system32\kdfmgr.exe
2008-12-19 13:31:07 ----A---- C:\WINDOWS.0\system32\Kdfhok.dll
2008-12-19 13:31:07 ----A---- C:\WINDOWS.0\system32\kdfapi.dll
2008-12-19 13:26:21 ----D---- C:\WINDOWS.0\Temp
2008-12-19 13:24:41 ----D---- C:\Documents and Settings\Liam.walshy87\Application Data\Skype
2008-12-19 13:23:11 ----D---- C:\WINDOWS.0\system32\CatRoot2
2008-12-19 13:22:53 ----D---- C:\WINDOWS.0
2008-12-19 13:21:54 ----A---- C:\WINDOWS.0\SchedLgU.Txt
2008-12-19 09:07:27 ----D---- C:\Documents and Settings\Liam.walshy87\Application Data\skypePM
2008-12-18 20:37:19 ----D---- C:\WINDOWS.0\Prefetch
2008-12-18 19:56:15 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Google Updater
2008-12-18 09:26:02 ----RD---- C:\Program Files
2008-12-11 04:48:38 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-12-10 13:05:11 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-10 13:05:09 ----SHD---- C:\WINDOWS.0\Installer
2008-12-10 13:05:00 ----RSD---- C:\WINDOWS.0\Fonts
2008-12-10 08:57:59 ----D---- C:\Program Files\QuickTime
2008-12-04 18:07:48 ----D---- C:\WINDOWS.0\network diagnostic
2008-11-27 07:30:43 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Adobe
2008-11-27 07:30:35 ----D---- C:\Program Files\Common Files\Adobe
2008-11-27 07:30:35 ----D---- C:\Program Files\Adobe
2008-11-24 13:50:12 ----D---- C:\WINDOWS.0\Minidump
2008-11-22 17:47:03 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-22 13:33:56 ----SD---- C:\WINDOWS.0\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS.0\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SCDEmu;SCDEmu; C:\WINDOWS.0\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS.0\system32\DRIVERS\tmtdi.sys [2008-02-15 65936]
R2 tmactmon;tmactmon; \??\C:\WINDOWS.0\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS.0\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS.0\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS.0\system32\DRIVERS\tmpreflt.sys [2008-08-16 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS.0\system32\DRIVERS\tmxpflt.sys [2008-08-16 205328]
R2 vsapint;vsapint; C:\WINDOWS.0\system32\DRIVERS\vsapint.sys [2008-08-16 1195448]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS.0\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS.0\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS.0\system32\DRIVERS\e1e5132.sys [2005-09-14 179200]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS.0\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS.0\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 IAMTXP;Driver for Intel® Active Management Technology - KCS; C:\WINDOWS.0\system32\DRIVERS\IAMTXP.sys [2005-08-21 38528]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS.0\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS.0\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 neokdss;neokdss; C:\WINDOWS.0\system32\Drivers\neokdss.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS.0\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS.0\system32\drivers\sfng32.sys [2005-07-20 35712]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS.0\system32\drivers\sthda.sys [2005-07-18 1019064]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS.0\system32\DRIVERS\TM_CFW.sys [2008-02-15 333328]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS.0\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS.0\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS.0\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 Ndisprot.sys;Ndisprot.sys; C:\WINDOWS.0\system32\drivers\Ndisprot.sys [2008-12-09 27904]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS.0\system32\drivers\nmwcdc.sys [2006-03-24 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS.0\system32\drivers\nmwcdcm.sys [2006-03-24 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS.0\system32\drivers\nmwcd.sys [2006-03-24 127488]
S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS.0\system32\drivers\nmwcdcj.sys [2006-03-24 13312]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS.0\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS.0\system32\drivers\tbhsd.sys [2006-09-18 16640]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS.0\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS.0\system32\DRIVERS\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS.0\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-20 168432]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 698888]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2007-12-24 333064]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS.0\system32\wdfmgr.exe [2005-01-28 38912]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS.0\system32\UAService7.exe [2006-10-14 126976]
R3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-04-12 176640]
R3 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2008-02-16 488768]
R3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-02-16 648456]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]

-----------------EOF-----------------





info.txt logfile of random's system information tool 1.05 2008-12-19 13:50:21

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS.0\IsUninst.exe -fC:\WINDOWS.0\orun32.isu
-->C:\WINDOWS.0\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS.0\UNNMP.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS.0\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uninstall.exe"
ACD/Labs Software in C:\ACDFREE10\-->C:\ACDFREE10\setup\setup.exe -uninstall
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS.0\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11-->C:\WINDOWS.0\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS.0\system32\Adobe\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem-->agrsmdel
Aglare Mp4 to AVI Converter 1.0-->"C:\Program Files\Aglare Mp4 to AVI Converter\unins000.exe"
AltoMP3 Gold 5.20-->C:\Program Files\AltoMP3 Gold\uninst.exe
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DivX User Guide-->C:\Program Files\DivX\DivXUserGuideUninstall /USERGUIDE
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Image Clip Palette-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x9 -u
EPSON Printer Software-->C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESCX3700 User's Guide-->C:\Program Files\EPSON\TPMANUAL\ESCX3700\USE_G\DOCUNINS.EXE
e-tax 2007-->C:\etax2007\e-tax 2007_uninstall.exe
e-tax 2008-->C:\etax2008\e-tax 2008_uninstall.exe
Finale NotePad 2007-->C:\Program Files\Finale NotePad 2007\uninstallNP.exe
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Photos Screensaver-->MsiExec.exe /X{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GTA2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}\Setup.exe" -l0x9
Guitar Pro 5.0-->"C:\Program Files\Guitar Pro 5\unins000.exe"
Haali Media Splitter-->"C:\Program Files\Matroska Pack\haali\uninstall.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS.0\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Liam.walshy87\Desktop\HiJackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS.0\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS.0\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS.0\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS.0\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS.0\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel® PRO Network Connections Drivers-->Prounstl.exe
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player-->MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Matroska Pack-->C:\Program Files\Matroska Pack\uninstall.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS.0\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS.0\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS.0\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS.0\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS.0\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero PhotoShow Express-->"C:\Program Files\Ahead\Nero PhotoShow\data\Xtras\Uninstall.exe"
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NeroVision Express Content-->C:\WINDOWS.0\UNNVEContent.exe /UNINSTALL
Nokia Connectivity Cable Driver-->MsiExec.exe /X{E4DD8B33-6F9B-41C5-96FF-5DBF27ED23E7}
Nokia PC Connectivity Solution-->MsiExec.exe /I{588AA47B-9115-44D3-B2E5-4F10BC659D6C}
Nokia PC Suite-->MsiExec.exe /I{77296E63-8C19-462B-ABA1-F510750A8C51}
oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
Pdf995-->C:\Program Files\pdf995\setup.exe uninstall
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PIF DESIGNER-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x9 anything
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS.0\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS.0\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS.0\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS.0\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS.0\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS.0\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS.0\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS.0\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS.0\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS.0\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS.0\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS.0\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS.0\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS.0\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS.0\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS.0\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS.0\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS.0\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS.0\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS.0\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS.0\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS.0\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS.0\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS.0\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS.0\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS.0\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS.0\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS.0\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS.0\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS.0\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS.0\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS.0\$NtUninstallKB958644$\spuninst\spuninst.exe"
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony ACID XPress 5.0a-->MsiExec.exe /X{12F4BE69-6614-41D3-BB3B-DF7F921DF2BB}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Trend Micro Internet Security Pro-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security Pro-->MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS.0\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS.0\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17)-->C:\PROGRA~1\DIFX\dpinst.exe /u C:\WINDOWS.0\system32\DRVSTORE\nokbtmdm_7F91C37896B530901B0665F9EF32E19FF06F5687\nokbtmdm.inf
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Connect-->"C:\WINDOWS.0\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Service Pack 3-->"C:\WINDOWS.0\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
wintorg-->C:\WINDOWS.0\st6unst.exe -n "D:\My Documents\ST6UNST.LOG"
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (3)\Uninstall.exe
Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

======Security center information======

AV: Trend Micro Internet Security Pro
FW: Trend Micro Personal Firewall

System event log

Computer Name: WALSHY87
Event Code: 7035
Message: The Network Location Awareness (NLA) service was successfully sent a start control.

Record Number: 24637
Source Name: Service Control Manager
Time Written: 20081124085108.000000+600
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: WALSHY87
Event Code: 7035
Message: The SSDP Discovery Service service was successfully sent a start control.

Record Number: 24636
Source Name: Service Control Manager
Time Written: 20081124085108.000000+600
Event Type: information
User: WALSHY87\Liam

Computer Name: WALSHY87
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.

Record Number: 24635
Source Name: Service Control Manager
Time Written: 20081124085108.000000+600
Event Type: information
User:

Computer Name: WALSHY87
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

Record Number: 24634
Source Name: Service Control Manager
Time Written: 20081124085108.000000+600
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: WALSHY87
Event Code: 7035
Message: The ServiceLayer service was successfully sent a start control.

Record Number: 24633
Source Name: Service Control Manager
Time Written: 20081124085108.000000+600
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: WALSHY87
Event Code: 1517
Message: Windows saved user WALSHY87\Tegan registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 3626
Source Name: Userenv
Time Written: 20080823211849.000000+600
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: WALSHY87
Event Code: 302
Message: msnmsgr (2204) \\.\C:\Documents and Settings\Tegan\Local Settings\Application Data\Microsoft\Messenger\tegs_09@hotmail.com\SharingMetadata\Working\database_6080_31D3_8031_B100\dfsr.db: The database engine has successfully completed recovery steps.

Record Number: 3625
Source Name: ESENT
Time Written: 20080823205848.000000+600
Event Type: information
User:

Computer Name: WALSHY87
Event Code: 301
Message: msnmsgr (2204) \\.\C:\Documents and Settings\Tegan\Local Settings\Application Data\Microsoft\Messenger\tegs_09@hotmail.com\SharingMetadata\Working\database_6080_31D3_8031_B100\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Tegan\Local Settings\Application Data\Microsoft\Messenger\tegs_09@hotmail.com\SharingMetadata\Working\database_6080_31D3_8031_B100\fsr.log.

Record Number: 3624
Source Name: ESENT
Time Written: 20080823205847.000000+600
Event Type: information
User:

Computer Name: WALSHY87
Event Code: 301
Message: msnmsgr (2204) \\.\C:\Documents and Settings\Tegan\Local Settings\Application Data\Microsoft\Messenger\tegs_09@hotmail.com\SharingMetadata\Working\database_6080_31D3_8031_B100\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Tegan\Local Settings\Application Data\Microsoft\Messenger\tegs_09@hotmail.com\SharingMetadata\Working\database_6080_31D3_8031_B100\fsr00048.log.

Record Number: 3623
Source Name: ESENT
Time Written: 20080823205846.000000+600
Event Type: information
User:

Computer Name: WALSHY87
Event Code: 300
Message: msnmsgr (2204) \\.\C:\Documents and Settings\Tegan\Local Settings\Application Data\Microsoft\Messenger\tegs_09@hotmail.com\SharingMetadata\Working\database_6080_31D3_8031_B100\dfsr.db: The database engine is initiating recovery steps.

Record Number: 3622
Source Name: ESENT
Time Written: 20080823205846.000000+600
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CD1"=i:
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:13 PM

Posted 27 December 2008 - 01:42 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • After it has finished, two logs will open. Please post the contents of both. log.txt will be maximized and info.txt will be minimized.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 Liam87

Liam87
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 28 December 2008 - 05:41 AM

This is the most recent Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:40:01 PM, on 28/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\UAService7.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\AGRSMMSG.exe
C:\WINDOWS.0\system32\hkcmd.exe
C:\WINDOWS.0\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS.0\sttray.exe
C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe
C:\WINDOWS.0\system32\kdfmgr.exe
C:\DOCUME~1\LIAM~1.WAL\LOCALS~1\Temp\Google Toolbar\gtb1.tmp.exe
C:\Documents and Settings\Liam.walshy87\Desktop\RSIT.exe
C:\Documents and Settings\Liam.walshy87\Desktop\HiJackThis\Liam.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {06647158-359E-4D10-A8DE-E6145DA90BE9} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Program Files\iVideoCodec\iesplugin.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS.0\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS.0\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS.0\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE /P26 "EPSON Stylus CX3700 Series" /O6 "USB001" /M "Stylus CX3700"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3700 Series on BRIDGET-A644C21] C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE /P50 "Auto EPSON Stylus CX3700 Series on BRIDGET-A644C21" /O25 "\\BRIDGET-A644C21\Printer" /M "Stylus CX3700"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\iVideoCodec\isamonitor.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2957755308-326172106-3508514906-1006\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe (User 'Tegan')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: tisspwiz.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS.0\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.optima.com.au
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{61EAB9E7-AC5E-45E5-A204-0D24C740828C}: NameServer = 85.255.113.108;85.255.112.197
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.108;85.255.112.197
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.108;85.255.112.197
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.108;85.255.112.197
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - C:\WINDOWS.0\system32\okkmtv.dll (file missing)
O22 - SharedTaskScheduler: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - C:\WINDOWS.0\system32\okkmtv.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS.0\system32\UAService7.exe

--
End of file - 10219 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06647158-359E-4D10-A8DE-E6145DA90BE9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-02-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-20 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}]
TSToolbarBHO - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll [2008-02-15 103760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - Protection Bar - C:\Program Files\iVideoCodec\iesplugin.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-02-20 2403392]
{E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - Transaction Protector - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll [2008-02-15 103760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\WINDOWS.0\AGRSMMSG.exe [2004-06-29 88363]
"igfxtray"=C:\WINDOWS.0\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS.0\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS.0\system32\igfxpers.exe [2005-09-20 114688]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SigmatelSysTrayApp"=C:\WINDOWS.0\sttray.exe [2005-07-18 393216]
"EPSON Stylus CX3700 Series"=C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE [2005-02-08 98304]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"NeroFilterCheck"=C:\WINDOWS.0\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe -atboottime []
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-04-26 237568]
"Auto EPSON Stylus CX3700 Series on BRIDGET-A644C21"=C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE [2005-02-08 98304]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-07-29 1398024]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"isamonitor.exe"=C:\Program Files\iVideoCodec\isamonitor.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe [2005-02-26 212992]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2006-04-11 1409024]
"ctfmon.exe"=C:\WINDOWS.0\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-02-20 68856]

C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup
tisspwiz.lnk - C:\Program Files\Trend Micro\Internet Security\tisspwiz.exe

C:\Documents and Settings\Liam.walshy87\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS.0\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS.0\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - C:\WINDOWS.0\system32\okkmtv.dll []
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS.0\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - C:\WINDOWS.0\system32\okkmtv.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS.0\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS.0\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\WINDOWS.0\system32\rtcshare.exe"="C:\WINDOWS.0\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®"
"C:\WINDOWS.0\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS.0\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-12-19 13:50:18 ----D---- C:\rsit
2008-12-18 09:26:17 ----D---- C:\Documents and Settings\Liam.walshy87\Application Data\Mozilla
2008-12-18 09:26:02 ----D---- C:\Program Files\Mozilla Firefox
2008-12-15 13:34:49 ----A---- C:\WINDOWS.0\DCEBoot.exe
2008-12-11 04:25:29 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Blizzard
2008-12-10 20:17:00 ----D---- C:\Logs

======List of files/folders modified in the last 1 months======

2008-12-28 20:34:47 ----D---- C:\WINDOWS.0\Temp
2008-12-28 20:34:47 ----D---- C:\Program Files\Google
2008-12-28 20:34:38 ----D---- C:\WINDOWS.0\system32\drivers
2008-12-28 20:34:38 ----A---- C:\WINDOWS.0\system32\kdfvmgr.exe
2008-12-28 20:34:38 ----A---- C:\WINDOWS.0\system32\Kdfhok.dll
2008-12-28 20:34:38 ----A---- C:\WINDOWS.0\system32\kdfapi.dll
2008-12-28 20:34:37 ----D---- C:\WINDOWS.0\system32
2008-12-28 20:34:37 ----A---- C:\WINDOWS.0\system32\kdfmgr.exe
2008-12-28 19:38:13 ----D---- C:\WINDOWS.0\system32\CatRoot2
2008-12-28 19:17:40 ----A---- C:\WINDOWS.0\SchedLgU.Txt
2008-12-28 14:22:14 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Google Updater
2008-12-27 18:41:30 ----D---- C:\WINDOWS.0
2008-12-27 16:02:08 ----D---- C:\WINDOWS.0\Prefetch
2008-12-20 10:45:52 ----D---- C:\Documents and Settings\Liam.walshy87\Application Data\Skype
2008-12-20 10:45:28 ----D---- C:\Documents and Settings\Liam.walshy87\Application Data\skypePM
2008-12-19 17:07:50 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\pdf995
2008-12-18 09:26:02 ----RD---- C:\Program Files
2008-12-11 04:48:38 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-12-10 13:05:11 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-10 13:05:09 ----SHD---- C:\WINDOWS.0\Installer
2008-12-10 13:05:00 ----RSD---- C:\WINDOWS.0\Fonts
2008-12-10 08:57:59 ----D---- C:\Program Files\QuickTime
2008-12-04 18:07:48 ----D---- C:\WINDOWS.0\network diagnostic

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS.0\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SCDEmu;SCDEmu; C:\WINDOWS.0\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS.0\system32\DRIVERS\tmtdi.sys [2008-02-15 65936]
R2 tmactmon;tmactmon; \??\C:\WINDOWS.0\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS.0\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS.0\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS.0\system32\DRIVERS\tmpreflt.sys [2008-08-16 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS.0\system32\DRIVERS\tmxpflt.sys [2008-08-16 205328]
R2 vsapint;vsapint; C:\WINDOWS.0\system32\DRIVERS\vsapint.sys [2008-08-16 1195448]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS.0\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS.0\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS.0\system32\DRIVERS\e1e5132.sys [2005-09-14 179200]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS.0\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS.0\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 IAMTXP;Driver for Intel® Active Management Technology - KCS; C:\WINDOWS.0\system32\DRIVERS\IAMTXP.sys [2005-08-21 38528]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS.0\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS.0\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 neokdss;neokdss; C:\WINDOWS.0\system32\Drivers\neokdss.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS.0\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS.0\system32\drivers\sfng32.sys [2005-07-20 35712]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS.0\system32\drivers\sthda.sys [2005-07-18 1019064]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS.0\system32\DRIVERS\TM_CFW.sys [2008-02-15 333328]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS.0\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS.0\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS.0\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 Ndisprot.sys;Ndisprot.sys; C:\WINDOWS.0\system32\drivers\Ndisprot.sys [2008-12-09 27904]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS.0\system32\drivers\nmwcdc.sys [2006-03-24 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS.0\system32\drivers\nmwcdcm.sys [2006-03-24 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS.0\system32\drivers\nmwcd.sys [2006-03-24 127488]
S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS.0\system32\drivers\nmwcdcj.sys [2006-03-24 13312]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS.0\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS.0\system32\drivers\tbhsd.sys [2006-09-18 16640]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS.0\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS.0\system32\DRIVERS\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS.0\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-20 168432]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 698888]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2007-12-24 333064]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS.0\system32\wdfmgr.exe [2005-01-28 38912]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS.0\system32\UAService7.exe [2006-10-14 126976]
R3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-04-12 176640]
R3 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2008-02-16 488768]
R3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-02-16 648456]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]

-----------------EOF-----------------

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:13 PM

Posted 01 January 2009 - 07:25 PM

I have some bad news for you.

O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\iVideoCodec\isamonitor.exe

The entries above indicate your computer may be infected with backdoor trojans. These trojans leave a backdoor open on the system that can allow hacker total and complete access to your computer. Hackers can operate your computer just as if he were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs. Backdoor trojans send your identity information to a third party who may use that information for their own purposes such as identity theft, stolen bank funds, stealing credit card information etc.

Before deciding whether your computer needs cleaning or reformatting, you need to ask yourself some very serious questions.

Do you use your computer for any of the following?
  • Online banking/Business purposes
  • storing sensitive or very personal information
If you answered yes to any of those questions, you should disconnect your computer from the Internet and do a complete format and reinstall. If you use online banking, then you should contact your bank and arrange to have your password changed immediately. You should change any other passwords you use as these may have been compromised.

David Bach's Six Ways to Avoid Identity Theft

Here are six things you need to know to fight back against identity theft:

1. Keep your private information private.

Half of all identity theft in which the thief is identified is committed by a friend, coworker, neighbor, in-home employee, or relative of the victim. So make it a habit not to leave things lying around at home or in the office -- specifically your wallet, checkbook, or anything else containing private or financial information, including your mail.

Also, before you toss anything in the trash containing your private information, be sure to shred it. This isn't new advice, but I'd be remiss not to mention it.

2. Get a copy of your credit reports.

Often, victims of identity theft have no idea their credit is being used or destroyed until they apply for a loan and pull their credit score. So pull your credit report now, and make a plan to check it regularly.

By law, you're entitled to a free credit report from each of the three major credit bureaus -- Equifax, Experian, and TransUnion -- once every year. Go to AnnualCreditReport.com and stagger your requests so that you'll receive one report from each credit bureau every four months. Put the dates on your calendar so you don't forget. Keep in mind that this is for your free credit report only, not your credit score.

For your credit score, you'll need to go to myFICO. While you're there, you may want to check out their Identity Theft Security Deluxe product, which monitors your credit score and credit report automatically for $49.95 a year.

3. Find out if your state has a credit freeze law.

Here's a virtually foolproof way to prevent a thief from stealing your identity and using your personal data to get approved for credit. With this new law you're able to block ("freeze") all access to your credit report and credit score.

It's not necessarily the most convenient solution to protect yourself from fraud. Anytime you need to have your credit checked -- for instance, if you're buying a car or cell phone or even interviewing for a job -- you'll need to lift the block ("thaw" your record), which takes about three days. But if you have real concerns about identity theft or perhaps are already a victim, this is an option you may want to consider.

Some states will only grant a credit freeze if you're already a victim of identity theft. Find out if your state has a credit freeze law, including what it costs, by visiting FinancialPrivacyNow.org.

4. Check your bank statements weekly.

One of the great things about online banking is that you can log on and check your account at any time. Make a point of checking your bank statement weekly to be sure there aren't any red flags.

The same goes for your credit card statements. In fact, you may want to consider canceling your paper statements altogether and opting for online statements. After all, you're more likely to have personal information stolen from your mail than from the Internet.

That said, be sure to always use a secure computer. Using a public computer, like one at your local library, is risky due to tracking software that thieves can use to steal your passwords.

5. Be computer savvy.

Even though a relatively small percentage of identity theft occurs online, you should still take necessary precautions.

In addition to being careful about surfing the web on public computers, you should also be aware of the risks involved when using a wireless connection. Wi-Fi and Bluetooth are becoming increasingly popular, and as a result, there is bound to be an increase in wireless hacking.

Wireless connectivity is the perfect platform for thieves to get your personal data. If you have a wireless network at home or work, make sure you are incorporating password-protection and encryption. When accessing public hotspots, use a personal firewall.

Also, keep your computer safe by updating your antivirus and anti-spyware programs regularly. Use passwords so that others can't log on to your computer, laptop, or even your PDA, and be sure to change your passwords often.

Be smart about phishing scams, too. That's when you're sent an email that requests your personal or financial information, or that prompts you to click a link to provide your personal or financial information. If you're unsure of the legitimacy of such a request, call the company that it was supposedly sent from. If an email seems suspicious, it usually is.

6. Be aware of "deleted" data.

The Washington Post recently ran an article on mobile phones -- specifically "smartphones" like the Palm Treo and BlackBerry -- that was quite an eye-opener.

According to the story, resetting your phone to wipe out personal data doesn't exactly delete information. It turns out that your phone's operating system never actually deletes data, only the pointers to where the data is located. Anyone with the right software can recover information that was stored on your phone once you sell or discard it

You need to do is contact the device manufacturer for complete instructions on what to do to wipe your data clean. You can also visit WirelessRecycling.com for instructions. And think twice about what information you store on your device in case it's ever lost or stolen.

If Your Identity Is Stolen

Take the above steps and -- should you ever find yourself in the unfortunate position of having had your identity stolen -- you'll commend yourself for being proactive enough to identify a problem before too much damage was done.

Don't waste a minute once you've discovered suspicious activity -- go directly to the website of the Federal Trade Commission to file a complaint and access their comprehensive guide on the steps you'll need to follow to resolve the situation.

I recommend backing up your important files and reinstalling everything from scratch. There are so many changes that could have been done if that backdoor was used. Even if we cleaned the infections, it would not help to recover the information that has been compromised and there is no guarantee that your computer would be safe to use.

If you only use your computer for music/games etc, your better option would be to clean it of infections rather than do a reformat. The decision must be made by you.

Here are some informative links to use to help you make a decision:

Danger: Remote Access Trojans

Consumers – Identity Theft

When should I re-format? How should I reinstall?

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Rootkits: The Obscure Hacker Attack

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

Microsoft Says Recovery from Malware Becoming Impossible

How to report ID theft, fraud, drive-by installs, hijacking and malware? (#10451)

However, if you do not have the resources to reformat your computer and reinstall your operating system and programs, I will be happy to attempt to clean it.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:13 PM

Posted 07 January 2009 - 07:29 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users