Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Keeps Coming Back


  • This topic is locked This topic is locked
21 replies to this topic

#1 Marvelous23

Marvelous23

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 16 April 2009 - 11:51 AM

Hello. I first found Vundo on Saturday, April 11. I left my email client (Thunderbird) open for a few hours and came back to loads of popups. I tried calling Microsoft, and they assisted me with removal - or so I thought. Afterwards, I installed every Windows update, bought and installed Trend Micro's Internet Security Pro, and started scanning with Malwarebyte's Anti-Malware twice a day, at least. Every day since then I have found instances of Vundo (depending on which I use first, my Antivirus or MBAM). Each day it has a different name, too. It started out with Vundo.H, then Vundo.HGO, and today, I have Vundo.V. Finally, last night I ran a Kaspersky scan, and it found two files that I had never seen mentioned before - a trojan-downloader.Win32.fraudload.edj and packed.win32.Mondera.c. I can't locate these files, and neither can any of the other programs.

Here are the requested files: DDS.txt and my Kaspersky log (041609KOS.txt), and the Attach.txt file. Thank you so much for your help.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Jen at 12:33:38.40 on Thu 04/16/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.443 [GMT -4:00]

AV: Trend Micro Internet Security Pro *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Documents and Settings\Jen\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE"
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
StartupFolder: c:\docume~1\jen\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_11.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239389739609
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {430E36FC-8A76-490B-948A-9CA446300DEF} = 4.2.2.2,4.2.2.1
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
AppInit_DLLs: ,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jen\applic~1\mozilla\firefox\profiles\btcccm5e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\trend micro\trendsecure\tisprotoolbar\firefoxextension\components\FFTMUFEHelper.dll
FF - component: c:\program files\trend micro\trendsecure\tisprotoolbar\firefoxextension\components\FFToolbarComm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - HiddenExtension: XUL Cache: {3ABFD4E4-09D5-46AD-A8EE-A2E017703B4B} - c:\documents and settings\jen\local settings\application data\{3ABFD4E4-09D5-46AD-A8EE-A2E017703B4B}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-10 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\trend micro\trendsecure\securityactivitydashboard\tmarsvc.exe [2009-4-12 181584]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-4-12 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-4-12 497008]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-4-12 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-4-12 677128]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-8-14 335376]
S3 lac97inf;lac97inf;\??\c:\docume~1\jen\locals~1\temp\lac97inf.sys --> c:\docume~1\jen\locals~1\temp\lac97inf.sys [?]

=============== Created Last 30 ================

2009-04-16 11:06 <DIR> --d----- C:\Fport-2.0
2009-04-15 19:13 <DIR> --d----- c:\windows\system32\scripting
2009-04-15 19:13 <DIR> --d----- c:\windows\l2schemas
2009-04-15 19:13 <DIR> --d----- c:\windows\system32\en
2009-04-15 19:13 <DIR> --d----- c:\windows\system32\bits
2009-04-15 19:09 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-15 17:16 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 17:16 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 17:16 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-12 01:41 <DIR> --d----- c:\windows\system32\Service
2009-04-12 01:26 <DIR> --d----- c:\windows\LocalSSL
2009-04-12 01:25 50,192 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-04-12 01:25 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-04-12 01:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trend Micro
2009-04-12 01:23 <DIR> --d----- c:\program files\Trend Micro
2009-04-12 01:21 153,104 a------- c:\windows\system32\drivers\tmcomm.sys
2009-04-12 01:20 1,195,512 a------- c:\windows\system32\drivers\vsapint.sys
2009-04-12 01:20 205,328 a------- c:\windows\system32\drivers\tmxpflt.sys
2009-04-12 01:20 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys
2009-04-11 16:48 136,192 -------- c:\windows\system32\aaclient.dll
2009-04-11 16:48 4,255 -------- c:\windows\system32\drivers\adv01nt5.dll
2009-04-11 16:48 3,967 -------- c:\windows\system32\drivers\adv02nt5.dll
2009-04-11 16:48 3,775 -------- c:\windows\system32\drivers\adv11nt5.dll
2009-04-11 16:48 3,711 -------- c:\windows\system32\drivers\adv09nt5.dll
2009-04-11 16:48 3,647 -------- c:\windows\system32\drivers\adv07nt5.dll
2009-04-11 16:48 3,615 -------- c:\windows\system32\drivers\adv05nt5.dll
2009-04-11 16:48 3,135 -------- c:\windows\system32\drivers\adv08nt5.dll
2009-04-11 16:46 46,464 -------- c:\windows\system32\drivers\gagp30kx.sys
2009-04-11 16:45 397,312 -------- c:\windows\system32\mmcex.dll
2009-04-11 16:44 61,952 -------- c:\windows\system32\rasqec.dll
2009-04-11 16:38 1,309,184 -------- c:\windows\system32\drivers\mtlstrm.sys
2009-04-11 16:23 <DIR> --d----- c:\docume~1\jen\applic~1\Malwarebytes
2009-04-11 16:23 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-11 16:23 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-11 16:23 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-11 16:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-10 20:07 268,648 a------- c:\windows\system32\mucltui.dll
2009-04-10 20:07 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-04-10 18:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Applications
2009-04-10 17:37 24,524 a------- c:\windows\system32\AAWService_2009_04_10_17_37_38.dmp
2009-04-10 16:32 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-10 16:22 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-10 16:19 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-09 21:30 408 a------- c:\windows\Dxayatebiwe.dat
2009-04-09 21:30 0 a------- c:\windows\Wrodageya.bin
2009-04-09 21:17 1,405,990 ---sh--- c:\windows\system32\usefimuy.ini
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll

==================== Find3M ====================

2009-04-15 19:16 88,343 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-11 10:03 62,464 a--sh--- c:\windows\system32\wamejulu.exe
2009-04-10 14:18 109,056 a--sh--- c:\windows\system32\fofajivo.dll
2009-04-10 14:18 64,512 a--sh--- c:\windows\system32\vujigami.exe
2009-04-09 21:17 61,952 a--sh--- c:\windows\system32\nesimona.exe
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-03 19:12 80,400 a------- c:\windows\system32\drivers\tmtdi.sys
2009-03-03 05:08 335,376 a------- c:\windows\system32\drivers\TM_CFW.sys
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 06:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 06:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 01:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-12 03:01 52,736 a------- c:\windows\ipuninst.exe
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 08:10 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-02-09 08:10 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-02-09 08:10 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-02-09 08:10 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-09 08:10 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:11 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-02-06 07:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 07:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 07:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 06:39 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-02-06 06:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 06:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 06:10 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 15:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll

============= FINISH: 12:34:10.68 ===============


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, April 16, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, April 16, 2009 06:02:30
Records in database: 2049653
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Jen\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 85225
Threat name: 3
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 01:19:56


File name / Threat name / Threats count
C:\Program Files\Trend Micro\Internet Security\Quarantine\23.tmp Infected: Trojan-Dropper.MSPPoint.Agent.ay 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\24.tmp Infected: Trojan-Dropper.MSPPoint.Agent.ay 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\25.tmp Infected: Trojan-Dropper.MSPPoint.Agent.ay 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\26.tmp Infected: Trojan-Dropper.MSPPoint.Agent.ay 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A0101887.exe Infected: Trojan-Dropper.MSPPoint.Agent.ay 1
C:\WINDOWS\SYSTEM32\nesimona.exe Infected: Packed.Win32.Mondera.c 1
C:\WINDOWS\SYSTEM32\vujigami.exe Infected: Trojan-Downloader.Win32.FraudLoad.edj 1

The selected area was scanned.

Attached Files


Edited by Marvelous23, 16 April 2009 - 11:54 AM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 17 April 2009 - 07:04 AM

Please download The Comedian.exe to your desktop
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Marvelous23

Marvelous23
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 17 April 2009 - 11:59 AM

Thank you for such a quick reply!

Here are the requested logs. I should note that while I was updating MBAM, Ad-Aware detected something running in the background and started a scan of its own. It found 2 instances of Win32Trojan.Qhost (an application and a file) and quarantined them. It recommended a reboot, but I went ahead with all scans first. Coincidentally, last night as I was turning off the computer, it said click the shut down button to install Windows updates. I was pretty sure there weren't any updates that were downloaded, however, two were installed. These two files?

First, the MBAM log. After, I will post the Ad-Aware log, too, in case that has any useful information.

Malwarebytes' Anti-Malware 1.36
Database version: 1992
Windows 5.1.2600 Service Pack 3

4/17/2009 11:00:46 AM
mbam-log-2009-04-17 (11-00-46).txt

Scan type: Full Scan (C:\|)
Objects scanned: 203571
Time elapsed: 1 hour(s), 5 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile created: 4/17/2009 9:40:20
Lavasoft Ad-Aware version: 8.0.3
Extended engine version: 8.1
User performing scan: Jen

*********************** Definitions database information ***********************
Lavasoft definition file: 148.8
Extended engine definition file: 8.1

******************************** Scan results: *********************************
Scan profile name: Smart Scan (ID: smart)
Objects scanned: 45190
Objects detected: 2


Type Detected
==========================
Processes.......: 1
Registry entries: 0
Hostfile entries: 0
Files...........: 1
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0



Quarantined items:
Description: c:\docume~1\jen\locals~1\temp\23.tmp\b2e.dll Family Name: Win32.Trojan.Qhost Clean status: Success Item ID: 453768 Family ID: 976
Description: C:\Documents and Settings\Jen\Local Settings\Temp\23.tmp\b2e.dll Family Name: Win32.Trojan.Qhost Clean status: Success Item ID: 453768 Family ID: 976

Scan and cleaning complete: Finished correctly after 308 seconds

*********************************** Settings ***********************************

Scan profile:
ID: smart, enabled:1, value: Smart Scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value:
ID: scanrootkits, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: displaystatus, enabled:1, value: false
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: autodetectproxy, enabled:1, value: false
ID: useautoconfigscript, enabled:1, value: false
ID: autoconfigurl, enabled:0, value:
ID: useproxy, enabled:1, value: false
ID: proxyserver, enabled:0, value:
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Fri Apr 10 16:22:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Fri Apr 10 16:22:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: true
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true
ID: loadatstartup, enabled:1, value: true
ID: usespywareheuristics, enabled:0, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: strict, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant


****************************** System information ******************************
Computer name: JEN
Processor name: Intel® Pentium® 4 CPU 3.60GHz
Processor identifier: x86 Family 15 Model 4 Stepping 1
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 1025, number of processors 2
Physical memory available: 601767936 bytes
Physical memory total: 1071738880 bytes
Virtual memory available: 2056896512 bytes
Virtual memory total: 2147352576 bytes
Memory load: 43%
Microsoft Windows XP Professional Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 964 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1032 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1064 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1108 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1120 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1380 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1400 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1488 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1612 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1720 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1896 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1984 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 340 name: C:\WINDOWS\Explorer.EXE owner: Jen domain: JEN
PID: 380 name: C:\WINDOWS\system32\LEXBCES.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 416 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 428 name: C:\WINDOWS\system32\LEXPPS.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 776 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 864 name: C:\Program Files\Trend Micro\BM\TMBMSRV.exe owner: SYSTEM domain: NT AUTHORITY
PID: 920 name: C:\WINDOWS\system32\CTsvcCDA.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 280 name: C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1288 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1524 name: C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe owner: Jen domain: JEN
PID: 1544 name: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe owner: Jen domain: JEN
PID: 1564 name: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe owner: Jen domain: JEN
PID: 1600 name: C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe owner: Jen domain: JEN
PID: 1684 name: C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE owner: Jen domain: JEN
PID: 1864 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Jen domain: JEN
PID: 2040 name: C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe owner: Jen domain: JEN
PID: 2028 name: C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 468 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Jen domain: JEN
PID: 1408 name: C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe owner: Jen domain: JEN
PID: 1364 name: C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe owner: SYSTEM domain: NT AUTHORITY
PID: 692 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Jen domain: JEN
PID: 784 name: C:\WINDOWS\system32\ctfmon.exe owner: Jen domain: JEN
PID: 868 name: C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe owner: Jen domain: JEN
PID: 1672 name: C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1844 name: C:\Program Files\Trend Micro\Internet Security\TmPfw.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2060 name: C:\Program Files\Trend Micro\Internet Security\TmProxy.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2276 name: C:\WINDOWS\system32\wdfmgr.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3300 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3348 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4060 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1744 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3108 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3832 name: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2124 name: C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe owner: Jen domain: JEN
PID: 3412 name: C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe owner: Jen domain: JEN
PID: 3144 name: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe owner: Jen domain: JEN
PID: 3316 name: C:\Documents and Settings\Jen\Desktop\Security Stuff\The_Comedian.exe owner: Jen domain: JEN
PID: 2496 name: C:\WINDOWS\system32\cmd.exe owner: Jen domain: JEN
PID: 304 name: C:\WINDOWS\system32\ping.exe owner: Jen domain: JEN
PID: 1512 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe owner: Jen domain: JEN

Startup items:
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: IAAnotif
imagepath: C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
Name: ATIPTA
imagepath: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Name: IntelMeM
imagepath: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
Name: DVDLauncher
imagepath: "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
Name: CTSysVol
imagepath: C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
Name: CTDVDDET
imagepath: "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
Name: iTunesHelper
imagepath: C:\Program Files\iTunes\iTunesHelper.exe
Name: ddoctorv2
imagepath: "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
Name:
Name: Ad-Watch
imagepath: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Name: UfSeAgnt.exe
imagepath: "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe"
Name: OE
imagepath: C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name:
imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
Name:
imagepath: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\DESKTOP.INI

Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete

Running services:
Name: ALG
displayname: Application Layer Gateway Service
Name: Ati HotKey Poller
displayname: Ati HotKey Poller
Name: AudioSrv
displayname: Windows Audio
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Browser
displayname: Computer Browser
Name: Creative Service for CDROM Access
displayname: Creative Service for CDROM Access
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: dmserver
displayname: Logical Disk Manager
Name: Dnscache
displayname: DNS Client
Name: ERSvc
displayname: Error Reporting Service
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FastUserSwitchingCompatibility
displayname: Fast User Switching Compatibility
Name: helpsvc
displayname: Help and Support
Name: HidServ
displayname: HID Input Service
Name: HTTPFilter
displayname: HTTP SSL
Name: IAANTMon
displayname: IAA Event Monitor
Name: iPodService
displayname: iPod Service
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LexBceS
displayname: LexBce Server
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: Security Activity Dashboard Service
displayname: Security Activity Dashboard Service
Name: SENS
displayname: System Event Notification
Name: SfCtlCom
displayname: Trend Micro Central Control Component
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: sprtsvc_ddoctorv2
displayname: SupportSoft Sprocket Service (ddoctorv2)
Name: srservice
displayname: System Restore Service
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TMBMServer
displayname: Trend Micro Unauthorized Change Prevention Service
Name: TmPfw
displayname: Trend Micro Personal Firewall
Name: TmProxy
displayname: Trend Micro Proxy Service
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: UMWdf
displayname: Windows User Mode Driver Framework
Name: w32time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wscsvc
displayname: Security Center
Name: wuauserv
displayname: Automatic Updates
Name: WZCSVC
displayname: Wireless Zero Configuration

#4 Marvelous23

Marvelous23
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 17 April 2009 - 12:01 PM

Here are the RSIT logs.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jen at 2009-04-17 11:01:42
Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (20%) free of 73 GB
Total RAM: 1022 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:02 AM, on 4/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Documents and Settings\Jen\Desktop\RSIT.exe
C:\Documents and Settings\Jen\Desktop\Security Stuff\Jen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239389739609
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) - http://quickscan.bitdefender.com/cab/ActiveQscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{430E36FC-8A76-490B-948A-9CA446300DEF}: NameServer = 4.2.2.2,4.2.2.1
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O20 - AppInit_DLLs: ,
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 8393 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\LifeChatTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43C6D902-A1C5-45c9-91F6-FD9E90337E18}]
TSToolbarBHO - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll [2009-02-12 144720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCAC5586-44D7-4c43-B64A-F042461A97D2} - Trend Micro Toolbar - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll [2009-02-12 144720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe [2004-06-29 135168]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-25 339968]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-08-23 57344]
"CTSysVol"=C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"CTDVDDET"=C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE [2003-06-18 45056]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2004-12-18 278528]
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
""= []
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-09 515416]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2009-03-31 995528]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2008-08-14 497008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" , "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-05-23 402736]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Ares Lite Edition\AresLite.exe"="C:\Program Files\Ares Lite Edition\AresLite.exe:*:Enabled:Ares Lite Edition"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\The Princeton Review\Practice Test System\Practice Test System\Practice Test System.exe"="C:\Program Files\The Princeton Review\Practice Test System\Practice Test System\Practice Test System.exe:*:Enabled:Macromedia Projector"
"C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe"="C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares"
"C:\Program Files\Sony\Station\Launchpad\LaunchPad.exe"="C:\Program Files\Sony\Station\Launchpad\LaunchPad.exe:*:Enabled:LaunchPad"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\A Tale in the Desert\eclientc.exe"="C:\Program Files\A Tale in the Desert\eclientc.exe:*:Enabled:eclientc"
"C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe"="C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\SYSTEM32\LOGONUI.EXE"="C:\WINDOWS\SYSTEM32\LOGONUI.EXE:*:Enabled:logonui"
"C:\WINDOWS\SYSTEM32\WINLOGON.EXE"="C:\WINDOWS\SYSTEM32\WINLOGON.EXE:*:Enabled:winlogon"
"C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE"="C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE:*:Enabled:unsecapp"
"C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe:*:Enabled:sprtsvc"
"C:\WINDOWS\SYSTEM32\spoolsv.exe"="C:\WINDOWS\SYSTEM32\spoolsv.exe:*:Enabled:spoolsv"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{276c6ed1-f614-11dc-8915-0011117b02e2}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d115dd4a-264a-11de-8ac2-0011117b02e2}]
shell\AutoRun\command - F:\InstallSeagateManager.exe


======List of files/folders created in the last 3 months======

2009-04-17 11:01:42 ----D---- C:\rsit
2009-04-17 09:46:50 ----AH---- C:\aaw7boot.cmd
2009-04-17 02:37:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-04-17 02:36:48 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-04-16 16:57:05 ----D---- C:\Documents and Settings\Jen\Application Data\QuickScan
2009-04-16 11:06:05 ----D---- C:\Fport-2.0
2009-04-15 20:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-15 20:00:03 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-15 19:56:50 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-15 19:56:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-15 19:56:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-15 19:55:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-15 19:54:46 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-15 19:32:20 ----D---- C:\WINDOWS\Prefetch
2009-04-15 19:22:28 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-04-15 19:22:15 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-04-15 19:22:04 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-15 19:21:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-04-15 19:21:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-04-15 19:21:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-04-15 19:21:19 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-04-15 19:21:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-04-15 19:20:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-04-15 19:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-04-15 19:20:27 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-04-15 19:20:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-04-15 19:20:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-04-15 19:19:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-04-15 19:19:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-04-15 19:19:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-04-15 19:19:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-04-15 19:19:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-04-15 19:18:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-04-15 19:18:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-04-15 19:18:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-04-15 19:18:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-04-15 19:18:07 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-04-15 19:17:56 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-04-15 19:13:04 ----D---- C:\WINDOWS\system32\scripting
2009-04-15 19:13:03 ----D---- C:\WINDOWS\l2schemas
2009-04-15 19:13:02 ----D---- C:\WINDOWS\system32\en
2009-04-15 19:13:02 ----D---- C:\WINDOWS\system32\bits
2009-04-15 19:09:01 ----D---- C:\WINDOWS\ServicePackFiles
2009-04-15 19:03:42 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-04-15 17:16:49 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-12 01:41:20 ----D---- C:\WINDOWS\system32\Service
2009-04-12 01:26:25 ----D---- C:\WINDOWS\LocalSSL
2009-04-12 01:25:06 ----D---- C:\Documents and Settings\All Users\Application Data\Trend Micro
2009-04-12 01:23:24 ----D---- C:\Program Files\Trend Micro
2009-04-11 16:48:09 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-04-11 16:47:57 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-04-11 16:47:57 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-04-11 16:47:56 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-04-11 16:47:55 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-04-11 16:47:55 ----N---- C:\WINDOWS\system32\azroles.dll
2009-04-11 16:47:41 ----N---- C:\WINDOWS\system32\credssp.dll
2009-04-11 16:47:34 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-04-11 16:47:33 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-04-11 16:47:33 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-04-11 16:47:30 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-04-11 16:47:30 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-04-11 16:47:30 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-04-11 16:47:30 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-04-11 16:47:30 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-04-11 16:47:30 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-04-11 16:47:29 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-04-11 16:47:10 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-04-11 16:47:10 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-04-11 16:47:10 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-04-11 16:47:10 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-04-11 16:47:10 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-04-11 16:47:09 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-04-11 16:47:09 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-04-11 16:47:09 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-04-11 16:47:06 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-04-11 16:47:05 ----A---- C:\WINDOWS\003126_.tmp
2009-04-11 16:46:49 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-04-11 16:46:37 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-04-11 16:46:32 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-04-11 16:46:31 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-04-11 16:46:17 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-04-11 16:46:17 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-04-11 16:46:17 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-04-11 16:46:17 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-04-11 16:46:16 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-04-11 16:46:14 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-04-11 16:46:00 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-04-11 16:45:55 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-04-11 16:45:55 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-04-11 16:45:55 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-04-11 16:45:54 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-04-11 16:45:32 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-04-11 16:45:32 ----N---- C:\WINDOWS\system32\mssha.dll
2009-04-11 16:45:23 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-04-11 16:45:23 ----A---- C:\WINDOWS\system32\msxml6r.dll
2009-04-11 16:45:22 ----N---- C:\WINDOWS\system32\napstat.exe
2009-04-11 16:45:22 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-04-11 16:45:22 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-04-11 16:45:09 ----N---- C:\WINDOWS\system32\onex.dll
2009-04-11 16:45:02 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-04-11 16:45:02 ----N---- C:\WINDOWS\system32\qagent.dll
2009-04-11 16:45:01 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-04-11 16:45:00 ----N---- C:\WINDOWS\system32\qutil.dll
2009-04-11 16:44:59 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-04-11 16:44:57 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-04-11 16:44:56 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-04-11 16:44:52 ----N---- C:\WINDOWS\system32\setupn.exe
2009-04-11 16:44:43 ----N---- C:\WINDOWS\system32\slserv.exe
2009-04-11 16:44:43 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-04-11 16:44:43 ----N---- C:\WINDOWS\system32\slgen.dll
2009-04-11 16:44:43 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-04-11 16:44:43 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-04-11 16:44:43 ----N---- C:\WINDOWS\slrundll.exe
2009-04-11 16:44:39 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-04-11 16:44:37 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-04-11 16:44:21 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-04-11 16:44:21 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-04-11 16:44:06 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-04-11 16:30:01 ----D---- C:\WINDOWS\ERDNT
2009-04-11 16:23:45 ----D---- C:\Documents and Settings\Jen\Application Data\Malwarebytes
2009-04-11 16:23:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-11 16:23:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-11 16:21:26 ----D---- C:\Program Files\ERUNT
2009-04-11 14:28:40 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-11 10:13:22 ----A---- C:\VundoFix.txt
2009-04-10 20:07:47 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-04-10 20:07:47 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-04-10 19:49:27 ----D---- C:\WINDOWS\SoftwareDistribution
2009-04-10 18:59:24 ----D---- C:\Documents and Settings\All Users\Application Data\Applications
2009-04-10 16:32:56 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-04-10 16:19:53 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-10 16:19:45 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-04-10 16:07:15 ----D---- C:\Program Files\Windows Live Safety Center
2009-04-09 21:17:48 ----SH---- C:\WINDOWS\system32\usefimuy.ini
2009-03-12 02:38:17 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-03-12 02:38:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2009-02-27 12:19:18 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-02-26 04:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-02-24 21:05:10 ----D---- C:\Documents and Settings\All Users\Application Data\2DBoy
2009-02-12 04:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-12 02:59:14 ----D---- C:\Program Files\BlackIsle
2009-02-12 02:58:38 ----A---- C:\WINDOWS\ipuninst.exe
2009-02-12 02:53:03 ----D---- C:\Program Files\Interplay
2009-01-28 21:19:49 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE

======List of files/folders modified in the last 3 months======

2009-04-17 09:20:36 ----D---- C:\Program Files\Mozilla Firefox
2009-04-17 09:19:39 ----D---- C:\WINDOWS\Temp
2009-04-17 09:19:06 ----D---- C:\Program Files\Mozilla Thunderbird
2009-04-17 09:18:39 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-17 09:18:37 ----D---- C:\WINDOWS
2009-04-17 09:18:35 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt
2009-04-17 02:37:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-17 02:37:08 ----HD---- C:\WINDOWS\INF
2009-04-17 02:37:05 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-04-17 02:37:04 ----D---- C:\WINDOWS\SYSTEM32
2009-04-17 02:36:55 ----A---- C:\WINDOWS\imsins.BAK
2009-04-17 02:36:49 ----D---- C:\WINDOWS\WinSxS
2009-04-17 00:22:40 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-16 17:24:51 ----RD---- C:\Program Files
2009-04-16 16:56:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-16 13:01:34 ----D---- C:\Program Files\Lavasoft
2009-04-16 13:01:33 ----D---- C:\Documents and Settings\Jen\Application Data\Lavasoft
2009-04-16 13:01:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-16 10:40:30 ----D---- C:\WINDOWS\system32\DRIVERS
2009-04-15 21:22:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-15 21:17:43 ----D---- C:\WINDOWS\system32\WBEM
2009-04-15 21:17:42 ----D---- C:\WINDOWS\AppPatch
2009-04-15 19:59:43 ----D---- C:\WINDOWS\system32\en-US
2009-04-15 19:59:43 ----D---- C:\Program Files\Internet Explorer
2009-04-15 19:59:32 ----D---- C:\WINDOWS\ie7updates
2009-04-15 19:56:00 ----SHD---- C:\WINDOWS\Installer
2009-04-15 19:55:58 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-04-15 19:41:36 ----D---- C:\Program Files\Java
2009-04-15 19:33:57 ----A---- C:\WINDOWS\OEWABLog.txt
2009-04-15 19:32:24 ----A---- C:\WINDOWS\setuplog.txt
2009-04-15 19:31:56 ----D---- C:\WINDOWS\system32\Setup
2009-04-15 19:31:55 ----RSD---- C:\WINDOWS\Fonts
2009-04-15 19:22:31 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-15 19:18:09 ----D---- C:\Program Files\Messenger
2009-04-15 19:17:36 ----D---- C:\WINDOWS\SECURITY
2009-04-15 19:13:27 ----D---- C:\WINDOWS\system32\INETSRV
2009-04-15 19:13:26 ----D---- C:\WINDOWS\network diagnostic
2009-04-15 19:13:26 ----D---- C:\WINDOWS\IME
2009-04-15 19:13:26 ----D---- C:\WINDOWS\Help
2009-04-15 19:13:06 ----D---- C:\WINDOWS\system32\USMT
2009-04-15 19:13:02 ----D---- C:\WINDOWS\PeerNet
2009-04-15 19:13:02 ----D---- C:\Program Files\Movie Maker
2009-04-15 19:08:49 ----D---- C:\WINDOWS\system32\Restore
2009-04-15 19:08:49 ----D---- C:\WINDOWS\system32\NPP
2009-04-15 19:08:49 ----D---- C:\WINDOWS\MUI
2009-04-15 19:08:48 ----D---- C:\WINDOWS\MSAGENT
2009-04-15 19:08:46 ----D---- C:\WINDOWS\SRCHASST
2009-04-15 19:08:43 ----D---- C:\Program Files\NetMeeting
2009-04-15 19:08:42 ----D---- C:\WINDOWS\system32\Com
2009-04-15 19:08:38 ----D---- C:\Program Files\Windows NT
2009-04-15 19:08:38 ----D---- C:\Program Files\Windows Media Player
2009-04-15 19:08:38 ----D---- C:\Program Files\Outlook Express
2009-04-15 19:08:35 ----D---- C:\Program Files\Common Files\System
2009-04-15 19:08:18 ----D---- C:\WINDOWS\system32\OOBE
2009-04-15 19:08:16 ----D---- C:\WINDOWS\SYSTEM
2009-04-15 19:05:34 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-15 19:03:39 ----D---- C:\WINDOWS\EHOME
2009-04-14 20:29:22 ----D---- C:\Program Files\World of Warcraft
2009-04-14 19:08:31 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-14 19:08:28 ----D---- C:\Program Files\Activision
2009-04-12 04:03:59 ----RSD---- C:\WINDOWS\ASSEMBLY
2009-04-12 04:02:47 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-11 16:14:52 ----A---- C:\WINDOWS\dellstat.ini
2009-04-11 16:03:47 ----D---- C:\Documents and Settings\Jen\Application Data\OpenOffice.org2
2009-04-11 10:03:37 ----ASH---- C:\WINDOWS\system32\wamejulu.exe
2009-04-10 19:11:34 ----D---- C:\Program Files\Common Files\NSV
2009-04-10 17:38:50 ----D---- C:\Program Files\Steam
2009-04-10 16:22:41 ----SD---- C:\WINDOWS\Tasks
2009-04-10 16:22:29 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-10 14:55:49 ----D---- C:\WINDOWS\SoftwareDistribution.old
2009-04-10 14:18:09 ----ASH---- C:\WINDOWS\system32\fofajivo.dll
2009-04-10 14:18:08 ----ASH---- C:\WINDOWS\system32\vujigami.exe
2009-04-09 21:17:38 ----ASH---- C:\WINDOWS\system32\nesimona.exe
2009-03-25 21:49:47 ----D---- C:\Documents and Settings\Jen\Application Data\gtk-2.0
2009-03-21 10:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-06 10:22:18 ----A---- C:\WINDOWS\system32\pdh.dll
2009-03-02 20:18:25 ----A---- C:\WINDOWS\system32\wininet.dll
2009-02-27 12:19:18 ----D---- C:\Program Files\Common Files
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\url.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\occache.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\mstime.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\msrating.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-02-20 14:09:37 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-02-20 14:09:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-02-20 14:09:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-02-20 14:09:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-02-20 14:09:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-02-20 14:09:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\icardie.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-02-20 14:09:35 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-02-20 14:09:35 ----A---- C:\WINDOWS\system32\advpack.dll
2009-02-20 06:20:49 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-02-20 06:20:49 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-02-20 01:14:12 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-02-16 23:45:20 ----D---- C:\Program Files\Tropico
2009-02-09 08:10:49 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-02-09 08:10:48 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-02-09 08:10:48 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-02-09 08:10:48 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-02-06 07:11:05 ----A---- C:\WINDOWS\system32\services.exe
2009-02-06 07:06:41 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-02-06 06:39:08 ----A---- C:\WINDOWS\system32\sc.exe
2009-02-06 06:32:56 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-02-03 15:59:07 ----A---- C:\WINDOWS\system32\secur32.dll
2009-01-28 21:20:05 ----D---- C:\WINDOWS\system32\DirectX
2009-01-28 10:33:39 ----D---- C:\Program Files\Trillian
2009-01-28 10:30:41 ----D---- C:\Program Files\MSN Games

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2009-03-03 80400]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
R2 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2009-03-05 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2009-03-05 205328]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2009-03-05 1195512]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-05-29 186112]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2004-07-13 645360]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2004-08-06 366384]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2004-07-13 6096]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2004-07-13 130288]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2004-07-13 145488]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2004-08-12 904752]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2004-07-13 148432]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-06 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-06 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-16 61157]
R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2004-10-21 54851]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2004-10-21 71535]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-06 37048]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2004-07-13 178672]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2009-03-03 335376]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [2003-08-28 4272]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2003-11-12 333600]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 lac97inf;lac97inf; \??\C:\DOCUME~1\Jen\LOCALS~1\Temp\lac97inf.sys []
S3 netrcacm;RCA USB Digital Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\639563.sys [2005-03-06 20648]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbser;Susteen USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 IAANTMon;IAA Event Monitor; C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [2004-06-29 73852]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296]
R2 Security Activity Dashboard Service;Security Activity Dashboard Service; C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [2009-02-12 181584]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2009-03-31 711248]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2009-03-03 341256]
R2 TmPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2009-03-31 497008]
R2 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-03-31 677128]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-15 38912]
R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-12-18 327680]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-04-17 11:02:08

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy2ZS\Program\Ctzapxx.EXE" /W /U /S
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Banctec Service Agreement-->MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
Bink and Smacker-->C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG
Broadcom Advanced Control Suite 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033
CEP - Color Enable Package-->"C:\PROGRA~1\EAGAME~1\zCEP_Uninstaller\unins000.exe"
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Comcast Universal Installer v1.2-->MsiExec.exe /I{54AE3C08-D7D8-45FF-9348-0B4BE0D5A6CB}
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.exe" -l0x9 /remove
DataPilot Pix 'n Tunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9E0BD09B-0B31-4952-AE64-D4428A85C9F3}
DataPilot USB Driver Pack-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4F02C4F5-0FE6-42E0-B440-0E5D3F939790}
dBpowerAMP Musepack Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Musepack Codec.dat
dBpowerAMP Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Photo Printer 720-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720
Desktop Doctor-->MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Fallout-->C:\WINDOWS\ipuninst.exe -fC:\Program Files\Interplay\Fallout\uninst.log
Fallout2-->C:\WINDOWS\ipuninst.exe -fC:\Program Files\BlackIsle\Fallout2\uninst.log
Fate-->"C:\Program Files\MSN Games\Fate\Uninstall.exe" "C:\Program Files\MSN Games\Fate\install.log"
GTK+ 2.10.13 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Jen\Desktop\Security Stuff\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Intel® 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iPod Updater 2004-11-15-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{06E73C0B-7DE7-4F41-860B-587033B75BD9} /l1033
iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3CB41017-F5CA-4C56-934C-ED02156251E6}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Kisses 1.03-->"C:\Program Files\Kisses\unins000.exe"
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9
Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9
Macromedia Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Mah Jong Tiles Deluxe-->"C:\Program Files\MSN Games\Mah Jong Tiles Deluxe\Uninstall.exe" "C:\Program Files\MSN Games\Mah Jong Tiles Deluxe\install.log"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{59E4543A-D49D-4489-B445-473D763C79AF}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.21)-->C:\PROGRA~1\Mozilla Thunderbird\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
OpenOffice.org 2.0-->MsiExec.exe /I{686BB230-DE5B-44F4-8DB0-4F9BEE7310F7}
PowerDVD 5.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sims2Pack Clean Installer -->C:\Program Files\Sims2Pack Clean Installer\uninstall.exe
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sound Blaster Audigy 2 ZS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E2514D9-DC24-4634-B348-61F3EF0F1628}\setup.exe" -l0x9
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
The GIMP 2.2.17-->"C:\Program Files\GIMP-2.0\unins000.exe"
The Sims 2 Family Fun Stuff-->C:\Program Files\EA GAMES\The Sims 2 Family Fun Stuff\EAUninstall.exe
The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims™ 2 Apartment Life-->C:\Program Files\EA GAMES\The Sims 2 Apartment Life\EAUninstall.exe
The Sims™ 2 FreeTime-->C:\Program Files\EA GAMES\The Sims 2 FreeTime\EAUninstall.exe
The Sims™ 2 Kitchen & Bath Interior Design Stuff-->C:\Program Files\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\EAUninstall.exe
The Sims™ 2 Seasons-->C:\Program Files\EA GAMES\The Sims 2 Seasons\EAUninstall.exe
The Sims™ 2 Teen Style Stuff-->C:\Program Files\EA GAMES\The Sims 2 Teen Style Stuff\EAUninstall.exe
Trend Micro Internet Security Pro-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security Pro-->MsiExec.exe /X{40E12A55-C504-4223-AFAC-7672DBF1ACDE}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
USB Mini Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9A447261-D079-4165-933F-6B03D3FF356B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
World of Goo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/22000
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"

=====HijackThis Backups=====

O2 - BHO: (no name) - {04c1c39a-715c-46d9-997b-df182a0f4d4f} - C:\WINDOWS\system32\kisijegu.dll [2009-04-10]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast [2009-04-10]
O1 - Hosts: 82.98.231.89 onlinenotifyq.net [2009-04-10]
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll [2009-04-10]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2009-04-10]
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com [2009-04-10]
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com [2009-04-10]
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com [2009-04-10]
O1 - Hosts: 82.98.231.89 best-click-scanner.info [2009-04-10]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-04-10]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-04-10]
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com [2009-04-10]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 [2009-04-10]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-04-10]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ [2009-04-10]
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com [2009-04-10]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ [2009-04-10]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway [2009-04-10]
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com [2009-04-10]
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-10]
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 [2009-04-10]
O4 - HKUS\S-1-5-19\..\Run: [biluyenuye] Rundll32.exe "C:\WINDOWS\system32\fumugatu.dll",s (User 'LOCAL SERVICE') [2009-04-10]
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" [2009-04-10]
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) [2009-04-10]
O4 - HKLM\..\Run: [08dd8ce1] rundll32.exe "C:\WINDOWS\system32\sakabuji.dll",b [2009-04-10]
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe [2009-04-10]
O4 - HKLM\..\Run: [CPM0beebf7d] Rundll32.exe "c:\windows\system32\fofajivo.dll",a [2009-04-10]
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-10]
O4 - HKCU\..\Run: [Universal Installer] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden [2009-04-10]
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe [2009-04-10]
O4 - HKLM\..\Run: [biluyenuye] Rundll32.exe "C:\WINDOWS\system32\fumugatu.dll",s [2009-04-10]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [2009-04-10]
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE [2009-04-10]
O4 - HKUS\S-1-5-20\..\Run: [biluyenuye] Rundll32.exe "C:\WINDOWS\system32\fumugatu.dll",s (User 'NETWORK SERVICE') [2009-04-10]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2009-04-10]
O4 - HKLM\..\Run: [Nvuwesabejuko] rundll32.exe "C:\WINDOWS\Gvaqet.dll",e [2009-04-10]
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE [2009-04-10]
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r [2009-04-10]
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll [2009-04-10]
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [2009-04-10]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL [2009-04-10]
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent [2009-04-10]
O4 - HKLM\..\Run: [Qmaxuli] rundll32.exe "C:\WINDOWS\oroqujarowij.dll",e [2009-04-10]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-04-10]
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-04-10]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-04-10]
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-04-10]
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab [2009-04-10]
O16 - DPF: {6F62CED5-A582-4D29-8D59-CAB5FE257978} (ATTMMDM DLMCtl Class) - https://musicstore.mymmode.com/ATTMMDM.ocx [2009-04-10]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab [2009-04-10]
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab [2009-04-10]
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fofajivo.dll [2009-04-10]
O20 - AppInit_DLLs: c:\windows\system32\fofajivo.dll,C:\WINDOWS\system32\ruzunife.dll [2009-04-10]
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2009-04-10]
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fofajivo.dll [2009-04-10]
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2009-04-10]
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fofajivo.dll [2009-04-11]
O20 - AppInit_DLLs: c:\windows\system32\fofajivo.dll,C:\WINDOWS\system32\ruzunife.dll [2009-04-11]
O4 - HKLM\..\Run: [Qmaxuli] rundll32.exe "C:\WINDOWS\oroqujarowij.dll",e [2009-04-11]
O4 - HKUS\S-1-5-20\..\Run: [biluyenuye] Rundll32.exe "C:\WINDOWS\system32\fumugatu.dll",s (User 'NETWORK SERVICE') [2009-04-11]
O4 - HKLM\..\Run: [biluyenuye] Rundll32.exe "C:\WINDOWS\system32\fumugatu.dll",s [2009-04-11]
O4 - HKUS\S-1-5-19\..\Run: [biluyenuye] Rundll32.exe "C:\WINDOWS\system32\fumugatu.dll",s (User 'LOCAL SERVICE') [2009-04-11]
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fofajivo.dll [2009-04-11]
O4 - HKLM\..\Run: [08dd8ce1] rundll32.exe "C:\WINDOWS\system32\sakabuji.dll",b [2009-04-11]
O4 - HKLM\..\Run: [CPM0beebf7d] Rundll32.exe "c:\windows\system32\fofajivo.dll",a [2009-04-11]
O4 - HKUS\S-1-5-20\..\Run: [biluyenuye] Rundll32.exe "C:\WINDOWS\system32\fumugatu.dll",s (User 'NETWORK SERVICE') [2009-04-14]
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com [2009-04-14]
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com [2009-04-14]
O1 - Hosts: 82.98.231.89 best-click-scanner.info [2009-04-14]
O1 - Hosts: 82.98.231.89 onlinenotifyq.net [2009-04-14]
O4 - HKUS\S-1-5-19\..\Run: [biluyenuye] Rundll32.exe "C:\WINDOWS\system32\fumugatu.dll",s (User 'LOCAL SERVICE') [2009-04-14]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [2009-04-15]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [2009-04-15]

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Trend Micro Internet Security Pro
FW: Trend Micro Personal Firewall

======System event log======

Computer Name: JEN
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 6694
Source Name: Tcpip
Time Written: 20090302153908.000000-300
Event Type: warning
User:

Computer Name: JEN
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 6642
Source Name: W32Time
Time Written: 20090301052639.000000-300
Event Type: warning
User:

Computer Name: JEN
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 6615
Source Name: Tcpip
Time Written: 20090227224759.000000-300
Event Type: warning
User:

Computer Name: JEN
Event Code: 19
Message: Sharing printer failed + 1722, Printer Dell Photo Printer 720 share name Printer.

Record Number: 6565
Source Name: Print
Time Written: 20090227092259.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: JEN
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 6557
Source Name: W32Time
Time Written: 20090226164556.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: D3P32761
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0

Record Number: 1766
Source Name: MsiInstaller
Time Written: 20061029132410.000000-240
Event Type: warning
User: JEN\Jen

Computer Name: D3P32761
Event Code: 1000
Message: Faulting application oblivion.exe, version 1.1.0.511, faulting module oblivion.exe, version 1.1.0.511, fault address 0x0000265a.

Record Number: 1765
Source Name: Application Error
Time Written: 20061028160829.000000-240
Event Type: error
User:

Computer Name: D3P32761
Event Code: 1517
Message: Windows saved user D3P32761\Jen registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1761
Source Name: Userenv
Time Written: 20061028031941.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: D3P32761
Event Code: 1517
Message: Windows saved user D3P32761\Jen registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1757
Source Name: Userenv
Time Written: 20061027011130.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: D3P32761
Event Code: 1000
Message: Faulting application oblivion.exe, version 1.1.0.511, faulting module oblivion.exe, version 1.1.0.511, fault address 0x000c0aa0.

Record Number: 1750
Source Name: Application Error
Time Written: 20061025114600.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\GTK\2.0\bin
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip

-----------------EOF-----------------

#5 Marvelous23

Marvelous23
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 17 April 2009 - 12:02 PM

And finally, the GMER attachment.

Thanks again!

Attached Files



#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 17 April 2009 - 08:59 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 Marvelous23

Marvelous23
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 17 April 2009 - 10:50 PM

Oh no - when I try to run combofix, nothing happens. I downloaded it twice, from two different mirrors, with the same result: I get a small command prompt window with a blue screen and a flashing cursor.

What should I do?

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 17 April 2009 - 11:04 PM

Delete your version of ComboFix, then find and delete C:\qoobox folder. Then do below..

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 Marvelous23

Marvelous23
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 17 April 2009 - 11:14 PM

Thank you so much fenzodahl! I did as you suggested, and have disabled my firewall/antivirus and Ad-Aware before each attempt at using Combofix. Even with renaming the file, though, it is just as before. Should I try running it in safe mode?

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 17 April 2009 - 11:31 PM

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Ask Toolbar
2. Lavasoft Ad-Aware
3. Spybot - Search & Destroy
4. Viewpoint (all of them..)




Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    lac97inf
    
    :files
    C:\aaw7boot.cmd
    C:\WINDOWS\system32\usefimuy.ini
    C:\WINDOWS\system32\fofajivo.dll
    C:\WINDOWS\system32\vujigami.exe
    C:\WINDOWS\system32\nesimona.exe
    C:\Documents and Settings\jen\Local Settings\temp\lac97inf.sys
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 Marvelous23

Marvelous23
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 17 April 2009 - 11:57 PM

Okay, here we go. After running OTMoveIt3, I had to reboot. Something called UfSeAgnt.exe was still running, and I had to press end now. And after everything came back up again, I was notified that there was an error loading C:/windows/system32/fofajivo.dll specified module not found.

Do I have something really nasty, like a rootkit?

Anyways, here are the logs; I'm so thankful for all the work you guys do!

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver lac97inf deleted successfully.
========== FILES ==========
File/Folder C:\aaw7boot.cmd not found.
C:\WINDOWS\system32\usefimuy.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fofajivo.dll
C:\WINDOWS\system32\fofajivo.dll NOT unregistered.
C:\WINDOWS\system32\fofajivo.dll moved successfully.
C:\WINDOWS\system32\vujigami.exe moved successfully.
C:\WINDOWS\system32\nesimona.exe moved successfully.
File/Folder C:\Documents and Settings\jen\Local Settings\temp\lac97inf.sys not found.
========== REGISTRY ==========
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Jen\LOCALS~1\Temp\TMFBE_2924\unif0000 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jen\LOCALS~1\Temp\etilqs_TaJHbvjGyRdpV0RqU3x4 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Jen\Local Settings\Temporary Internet Files\Content.IE5\3ILGHB77\Okay, I did it... scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jen\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6b4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Jen\Local Settings\Application Data\Mozilla\Firefox\Profiles\btcccm5e.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jen\Local Settings\Application Data\Mozilla\Firefox\Profiles\btcccm5e.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jen\Local Settings\Application Data\Mozilla\Firefox\Profiles\btcccm5e.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jen\Local Settings\Application Data\Mozilla\Firefox\Profiles\btcccm5e.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jen\Local Settings\Application Data\Mozilla\Firefox\Profiles\btcccm5e.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jen\Local Settings\Application Data\Mozilla\Firefox\Profiles\btcccm5e.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04182009_004123

Files moved on Reboot...
File C:\DOCUME~1\Jen\LOCALS~1\Temp\TMFBE_2924\unif0000 not found!
File C:\DOCUME~1\Jen\LOCALS~1\Temp\etilqs_TaJHbvjGyRdpV0RqU3x4 not found!
File C:\Documents and Settings\Jen\Local Settings\Temporary Internet Files\Content.IE5\3ILGHB77\Okay, I did it... not found!
File C:\WINDOWS\temp\Perflib_Perfdata_6b4.dat not found!
C:\Documents and Settings\Jen\Local Settings\Application Data\Mozilla\Firefox\Profiles\btcccm5e.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Jen\Local Settings\Application Data\Mozilla\Firefox\Profiles\btcccm5e.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Jen\Local Settings\Application Data\Mozilla\Firefox\Profiles\btcccm5e.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Jen\Local Settings\Application Data\Mozilla\Firefox\Profiles\btcccm5e.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Jen\Local Settings\Application Data\Mozilla\Firefox\Profiles\btcccm5e.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Jen\Local Settings\Application Data\Mozilla\Firefox\Profiles\btcccm5e.default\XUL.mfl moved successfully.


Logfile of random's system information tool 1.06 (written by random/random)
Run by Jen at 2009-04-18 00:49:21
Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (20%) free of 73 GB
Total RAM: 1022 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:33 AM, on 4/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Documents and Settings\Jen\Desktop\RSIT.exe
C:\Documents and Settings\Jen\Desktop\Security Stuff\Jen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CPM0beebf7d] Rundll32.exe "C:\WINDOWS\system32\fofajivo.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239389739609
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) - http://quickscan.bitdefender.com/cab/ActiveQscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{430E36FC-8A76-490B-948A-9CA446300DEF}: NameServer = 4.2.2.2,4.2.2.1
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fofajivo.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fofajivo.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 8540 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\LifeChatTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43C6D902-A1C5-45c9-91F6-FD9E90337E18}]
TSToolbarBHO - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll [2009-02-12 144720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCAC5586-44D7-4c43-B64A-F042461A97D2} - Trend Micro Toolbar - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll [2009-02-12 144720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe [2004-06-29 135168]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-25 339968]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-08-23 57344]
"CTSysVol"=C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"CTDVDDET"=C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE [2003-06-18 45056]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2004-12-18 278528]
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
""= []
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2009-03-31 995528]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"CPM0beebf7d"=C:\WINDOWS\system32\fofajivo.dll,a []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2008-08-14 497008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-05-23 402736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fofajivo.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fofajivo.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Ares Lite Edition\AresLite.exe"="C:\Program Files\Ares Lite Edition\AresLite.exe:*:Enabled:Ares Lite Edition"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\The Princeton Review\Practice Test System\Practice Test System\Practice Test System.exe"="C:\Program Files\The Princeton Review\Practice Test System\Practice Test System\Practice Test System.exe:*:Enabled:Macromedia Projector"
"C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe"="C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares"
"C:\Program Files\Sony\Station\Launchpad\LaunchPad.exe"="C:\Program Files\Sony\Station\Launchpad\LaunchPad.exe:*:Enabled:LaunchPad"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\A Tale in the Desert\eclientc.exe"="C:\Program Files\A Tale in the Desert\eclientc.exe:*:Enabled:eclientc"
"C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe"="C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\SYSTEM32\LOGONUI.EXE"="C:\WINDOWS\SYSTEM32\LOGONUI.EXE:*:Enabled:logonui"
"C:\WINDOWS\SYSTEM32\WINLOGON.EXE"="C:\WINDOWS\SYSTEM32\WINLOGON.EXE:*:Enabled:winlogon"
"C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE"="C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE:*:Enabled:unsecapp"
"C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe:*:Enabled:sprtsvc"
"C:\WINDOWS\SYSTEM32\spoolsv.exe"="C:\WINDOWS\SYSTEM32\spoolsv.exe:*:Enabled:spoolsv"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{276c6ed1-f614-11dc-8915-0011117b02e2}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d115dd4a-264a-11de-8ac2-0011117b02e2}]
shell\AutoRun\command - F:\InstallSeagateManager.exe


======List of files/folders created in the last 3 months======

2009-04-18 00:41:23 ----D---- C:\_OTMoveIt
2009-04-18 00:35:38 ----SHD---- C:\Config.Msi
2009-04-18 00:29:07 ----D---- C:\Combo-Fix
2009-04-18 00:29:07 ----A---- C:\WINDOWS\system32\CF8897.exe
2009-04-18 00:28:04 ----A---- C:\WINDOWS\system32\CF8688.exe
2009-04-18 00:25:15 ----A---- C:\WINDOWS\system32\CF8136.exe
2009-04-18 00:09:51 ----A---- C:\WINDOWS\system32\CF5119.exe
2009-04-17 23:46:08 ----D---- C:\ComboFix
2009-04-17 23:46:08 ----A---- C:\WINDOWS\system32\CF472.exe
2009-04-17 23:42:19 ----A---- C:\WINDOWS\system32\CF32489.exe
2009-04-17 23:41:20 ----A---- C:\WINDOWS\system32\CF32296.exe
2009-04-17 23:40:34 ----A---- C:\WINDOWS\system32\CF32142.exe
2009-04-17 11:01:42 ----D---- C:\rsit
2009-04-17 02:37:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-04-17 02:36:48 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-04-16 16:57:05 ----D---- C:\Documents and Settings\Jen\Application Data\QuickScan
2009-04-16 11:06:05 ----D---- C:\Fport-2.0
2009-04-15 20:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-15 20:00:03 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-15 19:56:50 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-15 19:56:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-15 19:56:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-15 19:55:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-15 19:54:46 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-15 19:32:20 ----D---- C:\WINDOWS\Prefetch
2009-04-15 19:22:28 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-04-15 19:22:15 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-04-15 19:22:04 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-15 19:21:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-04-15 19:21:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-04-15 19:21:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-04-15 19:21:19 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-04-15 19:21:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-04-15 19:20:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-04-15 19:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-04-15 19:20:27 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-04-15 19:20:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-04-15 19:20:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-04-15 19:19:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-04-15 19:19:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-04-15 19:19:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-04-15 19:19:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-04-15 19:19:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-04-15 19:18:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-04-15 19:18:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-04-15 19:18:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-04-15 19:18:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-04-15 19:18:07 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-04-15 19:17:56 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-04-15 19:13:04 ----D---- C:\WINDOWS\system32\scripting
2009-04-15 19:13:03 ----D---- C:\WINDOWS\l2schemas
2009-04-15 19:13:02 ----D---- C:\WINDOWS\system32\en
2009-04-15 19:13:02 ----D---- C:\WINDOWS\system32\bits
2009-04-15 19:09:01 ----D---- C:\WINDOWS\ServicePackFiles
2009-04-15 19:03:42 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-04-15 17:16:49 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-12 01:41:20 ----D---- C:\WINDOWS\system32\Service
2009-04-12 01:26:25 ----D---- C:\WINDOWS\LocalSSL
2009-04-12 01:25:06 ----D---- C:\Documents and Settings\All Users\Application Data\Trend Micro
2009-04-12 01:23:24 ----D---- C:\Program Files\Trend Micro
2009-04-11 16:48:09 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-04-11 16:47:57 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-04-11 16:47:57 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-04-11 16:47:56 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-04-11 16:47:55 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-04-11 16:47:55 ----N---- C:\WINDOWS\system32\azroles.dll
2009-04-11 16:47:41 ----N---- C:\WINDOWS\system32\credssp.dll
2009-04-11 16:47:34 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-04-11 16:47:33 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-04-11 16:47:33 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-04-11 16:47:30 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-04-11 16:47:30 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-04-11 16:47:30 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-04-11 16:47:30 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-04-11 16:47:30 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-04-11 16:47:30 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-04-11 16:47:29 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-04-11 16:47:10 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-04-11 16:47:10 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-04-11 16:47:10 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-04-11 16:47:10 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-04-11 16:47:10 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-04-11 16:47:09 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-04-11 16:47:09 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-04-11 16:47:09 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-04-11 16:47:06 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-04-11 16:47:05 ----A---- C:\WINDOWS\003126_.tmp
2009-04-11 16:46:49 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-04-11 16:46:37 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-04-11 16:46:32 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-04-11 16:46:31 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-04-11 16:46:17 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-04-11 16:46:17 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-04-11 16:46:17 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-04-11 16:46:17 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-04-11 16:46:16 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-04-11 16:46:14 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-04-11 16:46:00 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-04-11 16:45:55 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-04-11 16:45:55 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-04-11 16:45:55 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-04-11 16:45:54 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-04-11 16:45:32 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-04-11 16:45:32 ----N---- C:\WINDOWS\system32\mssha.dll
2009-04-11 16:45:23 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-04-11 16:45:23 ----A---- C:\WINDOWS\system32\msxml6r.dll
2009-04-11 16:45:22 ----N---- C:\WINDOWS\system32\napstat.exe
2009-04-11 16:45:22 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-04-11 16:45:22 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-04-11 16:45:09 ----N---- C:\WINDOWS\system32\onex.dll
2009-04-11 16:45:02 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-04-11 16:45:02 ----N---- C:\WINDOWS\system32\qagent.dll
2009-04-11 16:45:01 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-04-11 16:45:00 ----N---- C:\WINDOWS\system32\qutil.dll
2009-04-11 16:44:59 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-04-11 16:44:57 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-04-11 16:44:56 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-04-11 16:44:52 ----N---- C:\WINDOWS\system32\setupn.exe
2009-04-11 16:44:43 ----N---- C:\WINDOWS\system32\slserv.exe
2009-04-11 16:44:43 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-04-11 16:44:43 ----N---- C:\WINDOWS\system32\slgen.dll
2009-04-11 16:44:43 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-04-11 16:44:43 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-04-11 16:44:43 ----N---- C:\WINDOWS\slrundll.exe
2009-04-11 16:44:39 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-04-11 16:44:37 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-04-11 16:44:21 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-04-11 16:44:21 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-04-11 16:44:06 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-04-11 16:30:01 ----D---- C:\WINDOWS\ERDNT
2009-04-11 16:23:45 ----D---- C:\Documents and Settings\Jen\Application Data\Malwarebytes
2009-04-11 16:23:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-11 16:23:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-11 16:21:26 ----D---- C:\Program Files\ERUNT
2009-04-11 14:28:40 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-11 10:13:22 ----A---- C:\VundoFix.txt
2009-04-10 20:07:47 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-04-10 20:07:47 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-04-10 19:49:27 ----D---- C:\WINDOWS\SoftwareDistribution
2009-04-10 18:59:24 ----D---- C:\Documents and Settings\All Users\Application Data\Applications
2009-04-10 16:19:45 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-04-10 16:07:15 ----D---- C:\Program Files\Windows Live Safety Center
2009-03-12 02:38:17 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-03-12 02:38:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2009-02-27 12:19:18 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-02-26 04:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-02-24 21:05:10 ----D---- C:\Documents and Settings\All Users\Application Data\2DBoy
2009-02-12 04:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-12 02:59:14 ----D---- C:\Program Files\BlackIsle
2009-02-12 02:58:38 ----A---- C:\WINDOWS\ipuninst.exe
2009-02-12 02:53:03 ----D---- C:\Program Files\Interplay
2009-01-28 21:19:49 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE

======List of files/folders modified in the last 3 months======

2009-04-18 00:48:06 ----D---- C:\Program Files\Mozilla Firefox
2009-04-18 00:46:45 ----D---- C:\WINDOWS\Temp
2009-04-18 00:46:06 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt
2009-04-18 00:46:05 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-18 00:44:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-18 00:41:24 ----D---- C:\WINDOWS\SYSTEM32
2009-04-18 00:35:41 ----D---- C:\Program Files\Lavasoft
2009-04-18 00:35:38 ----SHD---- C:\WINDOWS\Installer
2009-04-18 00:35:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-18 00:35:18 ----D---- C:\WINDOWS\system32\DRIVERS
2009-04-17 20:08:23 ----D---- C:\Program Files\Mozilla Thunderbird
2009-04-17 09:18:37 ----D---- C:\WINDOWS
2009-04-17 02:37:08 ----HD---- C:\WINDOWS\INF
2009-04-17 02:37:05 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-04-17 02:36:55 ----A---- C:\WINDOWS\imsins.BAK
2009-04-17 02:36:49 ----D---- C:\WINDOWS\WinSxS
2009-04-17 00:22:40 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-16 17:24:51 ----RD---- C:\Program Files
2009-04-16 16:56:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-16 13:01:33 ----D---- C:\Documents and Settings\Jen\Application Data\Lavasoft
2009-04-16 13:01:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-15 21:22:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-15 21:17:43 ----D---- C:\WINDOWS\system32\WBEM
2009-04-15 21:17:42 ----D---- C:\WINDOWS\AppPatch
2009-04-15 19:59:43 ----D---- C:\WINDOWS\system32\en-US
2009-04-15 19:59:43 ----D---- C:\Program Files\Internet Explorer
2009-04-15 19:59:32 ----D---- C:\WINDOWS\ie7updates
2009-04-15 19:55:58 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-04-15 19:41:36 ----D---- C:\Program Files\Java
2009-04-15 19:33:57 ----A---- C:\WINDOWS\OEWABLog.txt
2009-04-15 19:32:24 ----A---- C:\WINDOWS\setuplog.txt
2009-04-15 19:31:56 ----D---- C:\WINDOWS\system32\Setup
2009-04-15 19:31:55 ----RSD---- C:\WINDOWS\Fonts
2009-04-15 19:22:31 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-15 19:18:09 ----D---- C:\Program Files\Messenger
2009-04-15 19:17:36 ----D---- C:\WINDOWS\SECURITY
2009-04-15 19:13:27 ----D---- C:\WINDOWS\system32\INETSRV
2009-04-15 19:13:26 ----D---- C:\WINDOWS\network diagnostic
2009-04-15 19:13:26 ----D---- C:\WINDOWS\IME
2009-04-15 19:13:26 ----D---- C:\WINDOWS\Help
2009-04-15 19:13:06 ----D---- C:\WINDOWS\system32\USMT
2009-04-15 19:13:02 ----D---- C:\WINDOWS\PeerNet
2009-04-15 19:13:02 ----D---- C:\Program Files\Movie Maker
2009-04-15 19:08:49 ----D---- C:\WINDOWS\system32\Restore
2009-04-15 19:08:49 ----D---- C:\WINDOWS\system32\NPP
2009-04-15 19:08:49 ----D---- C:\WINDOWS\MUI
2009-04-15 19:08:48 ----D---- C:\WINDOWS\MSAGENT
2009-04-15 19:08:46 ----D---- C:\WINDOWS\SRCHASST
2009-04-15 19:08:43 ----D---- C:\Program Files\NetMeeting
2009-04-15 19:08:42 ----D---- C:\WINDOWS\system32\Com
2009-04-15 19:08:38 ----D---- C:\Program Files\Windows NT
2009-04-15 19:08:38 ----D---- C:\Program Files\Windows Media Player
2009-04-15 19:08:38 ----D---- C:\Program Files\Outlook Express
2009-04-15 19:08:35 ----D---- C:\Program Files\Common Files\System
2009-04-15 19:08:18 ----D---- C:\WINDOWS\system32\OOBE
2009-04-15 19:08:16 ----D---- C:\WINDOWS\SYSTEM
2009-04-15 19:05:34 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-15 19:03:39 ----D---- C:\WINDOWS\EHOME
2009-04-14 20:29:22 ----D---- C:\Program Files\World of Warcraft
2009-04-14 19:08:31 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-14 19:08:28 ----D---- C:\Program Files\Activision
2009-04-12 04:03:59 ----RSD---- C:\WINDOWS\ASSEMBLY
2009-04-12 04:02:47 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-11 16:14:52 ----A---- C:\WINDOWS\dellstat.ini
2009-04-11 16:03:47 ----D---- C:\Documents and Settings\Jen\Application Data\OpenOffice.org2
2009-04-11 10:03:37 ----ASH---- C:\WINDOWS\system32\wamejulu.exe
2009-04-10 19:11:34 ----D---- C:\Program Files\Common Files\NSV
2009-04-10 17:38:50 ----D---- C:\Program Files\Steam
2009-04-10 16:22:41 ----SD---- C:\WINDOWS\Tasks
2009-04-10 14:55:49 ----D---- C:\WINDOWS\SoftwareDistribution.old
2009-03-25 21:49:47 ----D---- C:\Documents and Settings\Jen\Application Data\gtk-2.0
2009-03-21 10:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-06 10:22:18 ----A---- C:\WINDOWS\system32\pdh.dll
2009-03-02 20:18:25 ----A---- C:\WINDOWS\system32\wininet.dll
2009-02-27 12:19:18 ----D---- C:\Program Files\Common Files
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\url.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\occache.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\mstime.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\msrating.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-02-20 14:09:37 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-02-20 14:09:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-02-20 14:09:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-02-20 14:09:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-02-20 14:09:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-02-20 14:09:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\icardie.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-02-20 14:09:35 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-02-20 14:09:35 ----A---- C:\WINDOWS\system32\advpack.dll
2009-02-20 06:20:49 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-02-20 06:20:49 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-02-20 01:14:12 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-02-16 23:45:20 ----D---- C:\Program Files\Tropico
2009-02-09 08:10:49 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-02-09 08:10:48 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-02-09 08:10:48 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-02-09 08:10:48 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-02-06 07:11:05 ----A---- C:\WINDOWS\system32\services.exe
2009-02-06 07:06:41 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-02-06 06:39:08 ----A---- C:\WINDOWS\system32\sc.exe
2009-02-06 06:32:56 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-02-03 15:59:07 ----A---- C:\WINDOWS\system32\secur32.dll
2009-01-28 21:20:05 ----D---- C:\WINDOWS\system32\DirectX
2009-01-28 10:33:39 ----D---- C:\Program Files\Trillian
2009-01-28 10:30:41 ----D---- C:\Program Files\MSN Games

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2009-03-03 80400]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
R2 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2009-03-05 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2009-03-05 205328]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2009-03-05 1195512]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-05-29 186112]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2004-07-13 645360]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2004-08-06 366384]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2004-07-13 6096]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2004-07-13 130288]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2004-07-13 145488]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2004-08-12 904752]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2004-07-13 148432]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-06 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-06 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-16 61157]
R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2004-10-21 54851]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2004-10-21 71535]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-06 37048]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2004-07-13 178672]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2009-03-03 335376]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [2003-08-28 4272]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2003-11-12 333600]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 netrcacm;RCA USB Digital Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\639563.sys [2005-03-06 20648]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbser;Susteen USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 IAANTMon;IAA Event Monitor; C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [2004-06-29 73852]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296]
R2 Security Activity Dashboard Service;Security Activity Dashboard Service; C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [2009-02-12 181584]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2009-03-31 711248]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2009-03-03 341256]
R2 TmPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2009-03-31 497008]
R2 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-03-31 677128]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-15 38912]
R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-12-18 327680]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 18 April 2009 - 03:46 AM

Ok.. Delete your version of ComboFix and download a fresh one from below.. Run it and post the log here..

Link 2

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 Marvelous23

Marvelous23
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 18 April 2009 - 09:24 AM

I was unable to download from the link provided, so I used one of the ones posted previously. For some reason trend micro declares that page to be dangerous and simply will not let it open. Right clicking and selecting save target as only yielded something 5kbs in size.

However, this time combofix worked!
I got two errors while it was running: pv.cfexe has encountered an error and needs to close.

And here is the log. :thumbup2:

ComboFix 09-04-18.05 - Jen 04/18/2009 10:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.617 [GMT -4:00]
Running from: c:\documents and settings\Jen\Desktop\ComboFix.exe
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated)
FW: Trend Micro Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-18 04:41 . 2009-04-18 04:41 -------- d-----w C:\_OTMoveIt
2009-04-17 15:01 . 2009-04-17 15:02 -------- d-----w C:\rsit
2009-04-16 20:57 . 2009-04-16 20:57 -------- d-----w c:\documents and settings\Jen\Application Data\QuickScan
2009-04-16 15:06 . 2009-04-16 15:06 -------- d-----w C:\Fport-2.0
2009-04-15 23:13 . 2009-04-15 23:13 -------- d-----w c:\windows\system32\scripting
2009-04-15 23:13 . 2009-04-15 23:13 -------- d-----w c:\windows\l2schemas
2009-04-15 23:13 . 2009-04-15 23:13 -------- d-----w c:\windows\system32\en
2009-04-15 23:13 . 2009-04-15 23:13 -------- d-----w c:\windows\system32\bits
2009-04-15 23:09 . 2009-04-15 23:13 -------- d-----w c:\windows\ServicePackFiles
2009-04-15 21:21 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 21:21 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 21:21 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 21:21 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 21:21 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 21:21 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 21:21 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 21:21 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-15 21:21 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 21:21 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 21:16 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 21:16 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 21:16 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-12 05:41 . 2009-04-13 13:17 -------- d-----w c:\windows\system32\Service
2009-04-12 05:28 . 2009-04-12 05:28 -------- d-----w c:\documents and settings\Jen\Local Settings\Application Data\Trend Micro
2009-04-12 05:26 . 2009-04-12 05:26 -------- d-----w c:\windows\LocalSSL
2009-04-12 05:26 . 2009-04-12 05:26 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Trend Micro
2009-04-12 05:25 . 2009-04-02 23:08 50192 ----a-w c:\windows\system32\drivers\tmactmon.sys
2009-04-12 05:25 . 2009-04-02 23:08 50192 ----a-w c:\windows\system32\drivers\tmevtmgr.sys
2009-04-12 05:25 . 2009-04-12 05:31 -------- d-----w c:\documents and settings\All Users\Application Data\Trend Micro
2009-04-12 05:21 . 2009-04-02 23:08 153104 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-12 05:20 . 2009-03-06 02:17 36368 ----a-w c:\windows\system32\drivers\tmpreflt.sys
2009-04-12 05:20 . 2009-03-06 02:17 205328 ----a-w c:\windows\system32\drivers\tmxpflt.sys
2009-04-12 05:20 . 2009-03-06 02:17 1195512 ----a-w c:\windows\system32\drivers\vsapint.sys
2009-04-11 20:48 . 2008-04-14 00:11 136192 ------w c:\windows\system32\aaclient.dll
2009-04-11 20:48 . 2008-04-14 00:11 4255 ------w c:\windows\system32\drivers\adv01nt5.dll
2009-04-11 20:48 . 2008-04-14 00:11 3967 ------w c:\windows\system32\drivers\adv02nt5.dll
2009-04-11 20:48 . 2008-04-14 00:11 3775 ------w c:\windows\system32\drivers\adv11nt5.dll
2009-04-11 20:48 . 2008-04-14 00:11 3711 ------w c:\windows\system32\drivers\adv09nt5.dll
2009-04-11 20:48 . 2008-04-14 00:11 3647 ------w c:\windows\system32\drivers\adv07nt5.dll
2009-04-11 20:48 . 2008-04-14 00:11 3615 ------w c:\windows\system32\drivers\adv05nt5.dll
2009-04-11 20:48 . 2008-04-14 00:11 3135 ------w c:\windows\system32\drivers\adv08nt5.dll
2009-04-11 20:46 . 2008-04-13 18:36 46464 ------w c:\windows\system32\drivers\gagp30kx.sys
2009-04-11 20:45 . 2008-04-14 00:11 397312 ------w c:\windows\system32\mmcex.dll
2009-04-11 20:44 . 2008-04-14 00:12 61952 ------w c:\windows\system32\rasqec.dll
2009-04-11 20:38 . 2004-08-04 02:41 11868 ------w c:\windows\system32\drivers\mdmxsdk.sys
2009-04-11 20:23 . 2009-04-11 20:23 -------- d-----w c:\documents and settings\Jen\Application Data\Malwarebytes
2009-04-11 20:23 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-11 20:23 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-11 20:23 . 2009-04-11 20:23 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-11 00:07 . 2008-10-16 18:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-11 00:07 . 2008-10-16 18:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-10 22:59 . 2009-04-10 22:59 -------- d-----w c:\documents and settings\All Users\Application Data\Applications
2009-04-10 21:37 . 2009-04-10 21:37 24524 ----a-w c:\windows\system32\AAWService_2009_04_10_17_37_38.dmp
2009-04-10 20:19 . 2009-04-18 04:35 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-10 01:30 . 2009-04-11 19:34 408 ----a-w c:\windows\Dxayatebiwe.dat
2009-04-10 01:30 . 2009-04-11 04:00 0 ----a-w c:\windows\Wrodageya.bin
2009-04-10 01:30 . 2009-04-10 01:30 -------- d-----w c:\documents and settings\Jen\Local Settings\Application Data\{3ABFD4E4-09D5-46AD-A8EE-A2E017703B4B}
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 04:35 . 2006-10-12 01:36 -------- d-----w c:\program files\Lavasoft
2009-04-18 04:30 . 2009-04-10 21:38 6053 ----a-w C:\aaw7boot.log
2009-04-18 00:08 . 2006-06-06 23:54 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-17 13:41 . 2009-04-11 20:21 -------- d-----w c:\program files\ERUNT
2009-04-16 17:01 . 2004-12-10 01:04 -------- d-----w c:\documents and settings\Jen\Application Data\Lavasoft
2009-04-15 23:55 . 2007-11-27 22:09 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-15 23:49 . 2005-03-15 19:33 55256 ----a-w c:\documents and settings\Jen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-15 23:41 . 2004-12-06 05:39 -------- d-----w c:\program files\Java
2009-04-15 23:16 . 2004-08-11 23:25 88343 ----a-w c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-04-15 23:06 . 2004-08-04 11:00 250048 --sha-r C:\NTLDR
2009-04-15 00:29 . 2007-11-26 02:40 -------- d-----w c:\program files\World of Warcraft
2009-04-14 23:08 . 2004-12-06 05:40 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-14 23:08 . 2006-07-25 01:11 -------- d-----w c:\program files\Activision
2009-04-12 05:25 . 2009-04-12 05:23 -------- d-----w c:\program files\Trend Micro
2009-04-11 20:23 . 2009-04-11 20:23 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-11 20:03 . 2006-07-08 16:43 -------- d-----w c:\documents and settings\Jen\Application Data\OpenOffice.org2
2009-04-11 18:57 . 2009-04-11 14:13 376 ----a-w C:\VundoFix.txt
2009-04-11 14:03 . 2009-01-11 14:03 62464 --sha-w c:\windows\SYSTEM32\wamejulu.exe
2009-04-10 23:11 . 2005-06-06 05:18 -------- d-----w c:\program files\Common Files\NSV
2009-04-10 23:01 . 2009-04-10 20:07 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-10 21:38 . 2008-12-28 22:42 -------- d-----w c:\program files\Steam
2009-03-26 01:49 . 2007-10-10 01:50 -------- d-----w c:\documents and settings\Jen\Application Data\gtk-2.0
2009-03-16 17:40 . 2007-09-12 19:33 1196 ----a-w C:\net_save.dna
2009-03-06 14:22 . 2004-08-04 11:00 284160 ----a-w c:\windows\SYSTEM32\pdh.dll
2009-03-03 23:12 . 2008-08-14 17:23 80400 ----a-w c:\windows\system32\drivers\tmtdi.sys
2009-03-03 09:08 . 2008-08-14 17:23 335376 ----a-w c:\windows\system32\drivers\TM_CFW.sys
2009-03-03 00:18 . 2006-05-10 05:23 826368 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
2009-03-03 00:18 . 2004-08-04 11:00 826368 ----a-w c:\windows\SYSTEM32\wininet.dll
2009-02-28 04:54 . 2006-10-17 17:04 636072 ------w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2009-02-27 16:19 . 2009-02-27 16:19 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-02-25 01:05 . 2009-02-25 01:05 -------- d-----w c:\documents and settings\All Users\Application Data\2DBoy
2009-02-20 10:20 . 2007-05-09 01:25 13824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2009-02-20 10:20 . 2006-11-07 08:26 70656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2009-02-20 05:14 . 2006-11-07 08:25 161792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
2009-02-12 07:01 . 2009-02-12 06:58 52736 ----a-w c:\windows\ipuninst.exe
2009-02-09 12:10 . 2004-08-04 11:00 729088 ----a-w c:\windows\SYSTEM32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 11:00 714752 ----a-w c:\windows\SYSTEM32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 11:00 617472 ----a-w c:\windows\SYSTEM32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 11:00 401408 ----a-w c:\windows\SYSTEM32\rpcss.dll
2009-02-09 11:13 . 2008-10-16 04:17 1846784 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-02-09 11:13 . 2004-08-04 11:00 1846784 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-07 23:02 . 2008-10-16 04:16 2066048 ------w c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-04 11:00 110592 ----a-w c:\windows\SYSTEM32\services.exe
2009-02-06 11:08 . 2008-10-16 04:16 2189056 ------w c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-16 04:16 2145280 ------w c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2009-02-06 11:06 . 1980-01-01 06:00 2145280 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 11:00 35328 ----a-w c:\windows\SYSTEM32\sc.exe
2009-02-06 10:32 . 2008-10-16 04:16 2023936 ------w c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2009-02-06 10:32 . 1980-01-01 06:00 2023936 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\SYSTEM32\DLLCACHE\secur32.dll
2009-02-03 19:59 . 2004-08-04 11:00 56832 ----a-w c:\windows\SYSTEM32\secur32.dll
2008-12-29 17:30 . 2008-12-29 17:30 126960 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2007-04-22 20:07 . 2007-04-22 20:07 126 ----a-w c:\documents and settings\Jen\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-08-14 497008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-12-18 278528]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-08-14 497008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= ,

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"=
"c:\\WINDOWS\\SYSTEM32\\WBEM\\UNSECAPP.EXE"=
"c:\\Program Files\\Comcast\\Desktop Doctor\\bin\\sprtsvc.exe"=
"c:\\WINDOWS\\SYSTEM32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6883:TCP"= 6883:TCP:Bit Torrent
"6883:UDP"= 6883:UDP:Bit Torrent2
"18603:TCP"= 18603:TCP:BitComet 18603 TCP
"18603:UDP"= 18603:UDP:BitComet 18603 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6881:TCP"= 6881:TCP:Blizzard Downloader

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-04-02 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-04-01 497008]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-04-01 677128]
S2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [2009-02-12 181584]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2009-03-06 36368]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2009-03-03 335376]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{276c6ed1-f614-11dc-8915-0011117b02e2}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d115dd4a-264a-11de-8ac2-0011117b02e2}]
\Shell\AutoRun\command - F:\InstallSeagateManager.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-CPM0beebf7d - c:\windows\system32\fofajivo.dll


.
------- Supplementary Scan -------
.
TCP: {430E36FC-8A76-490B-948A-9CA446300DEF} = 4.2.2.2,4.2.2.1
FF - ProfilePath - c:\documents and settings\Jen\Application Data\Mozilla\Firefox\Profiles\btcccm5e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFTMUFEHelper.dll
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFToolbarComm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 10:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1484)
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\program files\Illustrate\dBpowerAMP\dBShell.dll
.
Completion time: 2009-04-18 10:14
ComboFix-quarantined-files.txt 2009-04-18 14:14

Pre-Run: 15,128,686,592 bytes free
Post-Run: 15,107,813,376 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

227 --- E O F --- 2009-04-17 06:37

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 18 April 2009 - 01:48 PM

Hello.. Just got a tip from ComboFix author.. Please remove your version of ComboFix and download a fresh one from below.. Run it and post the log here..

Link 2

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 Marvelous23

Marvelous23
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 18 April 2009 - 08:30 PM

Sorry for the delay. I was able to download from that link by forcing Trend Micro to accept it, and I disabled my antivirus and ran combofix again.

Here is the new log! :thumbup2:

ComboFix 09-04-19.01 - Jen 04/18/2009 21:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.740 [GMT -4:00]
Running from: c:\documents and settings\Jen\Desktop\ComboFix.exe
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated)
FW: Trend Micro Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-18 04:41 . 2009-04-18 04:41 -------- d-----w C:\_OTMoveIt
2009-04-17 15:01 . 2009-04-17 15:02 -------- d-----w C:\rsit
2009-04-16 20:57 . 2009-04-16 20:57 -------- d-----w c:\documents and settings\Jen\Application Data\QuickScan
2009-04-16 15:06 . 2009-04-16 15:06 -------- d-----w C:\Fport-2.0
2009-04-15 23:13 . 2009-04-15 23:13 -------- d-----w c:\windows\system32\scripting
2009-04-15 23:13 . 2009-04-15 23:13 -------- d-----w c:\windows\l2schemas
2009-04-15 23:13 . 2009-04-15 23:13 -------- d-----w c:\windows\system32\en
2009-04-15 23:13 . 2009-04-15 23:13 -------- d-----w c:\windows\system32\bits
2009-04-15 23:09 . 2009-04-15 23:13 -------- d-----w c:\windows\ServicePackFiles
2009-04-15 21:21 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 21:21 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 21:21 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 21:21 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 21:21 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 21:21 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 21:21 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 21:21 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-15 21:21 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 21:21 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 21:16 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 21:16 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 21:16 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-12 05:41 . 2009-04-13 13:17 -------- d-----w c:\windows\system32\Service
2009-04-12 05:28 . 2009-04-12 05:28 -------- d-----w c:\documents and settings\Jen\Local Settings\Application Data\Trend Micro
2009-04-12 05:26 . 2009-04-12 05:26 -------- d-----w c:\windows\LocalSSL
2009-04-12 05:26 . 2009-04-12 05:26 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Trend Micro
2009-04-12 05:25 . 2009-04-02 23:08 50192 ----a-w c:\windows\system32\drivers\tmactmon.sys
2009-04-12 05:25 . 2009-04-02 23:08 50192 ----a-w c:\windows\system32\drivers\tmevtmgr.sys
2009-04-12 05:25 . 2009-04-12 05:31 -------- d-----w c:\documents and settings\All Users\Application Data\Trend Micro
2009-04-12 05:21 . 2009-04-02 23:08 153104 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-12 05:20 . 2009-03-06 02:17 36368 ----a-w c:\windows\system32\drivers\tmpreflt.sys
2009-04-12 05:20 . 2009-03-06 02:17 205328 ----a-w c:\windows\system32\drivers\tmxpflt.sys
2009-04-12 05:20 . 2009-03-06 02:17 1195512 ----a-w c:\windows\system32\drivers\vsapint.sys
2009-04-11 20:48 . 2008-04-14 00:11 136192 ------w c:\windows\system32\aaclient.dll
2009-04-11 20:48 . 2008-04-14 00:11 4255 ------w c:\windows\system32\drivers\adv01nt5.dll
2009-04-11 20:48 . 2008-04-14 00:11 3967 ------w c:\windows\system32\drivers\adv02nt5.dll
2009-04-11 20:48 . 2008-04-14 00:11 3775 ------w c:\windows\system32\drivers\adv11nt5.dll
2009-04-11 20:48 . 2008-04-14 00:11 3711 ------w c:\windows\system32\drivers\adv09nt5.dll
2009-04-11 20:48 . 2008-04-14 00:11 3647 ------w c:\windows\system32\drivers\adv07nt5.dll
2009-04-11 20:48 . 2008-04-14 00:11 3615 ------w c:\windows\system32\drivers\adv05nt5.dll
2009-04-11 20:48 . 2008-04-14 00:11 3135 ------w c:\windows\system32\drivers\adv08nt5.dll
2009-04-11 20:46 . 2008-04-13 18:36 46464 ------w c:\windows\system32\drivers\gagp30kx.sys
2009-04-11 20:45 . 2008-04-14 00:11 397312 ------w c:\windows\system32\mmcex.dll
2009-04-11 20:44 . 2008-04-14 00:12 61952 ------w c:\windows\system32\rasqec.dll
2009-04-11 20:38 . 2004-08-04 02:41 11868 ------w c:\windows\system32\drivers\mdmxsdk.sys
2009-04-11 20:23 . 2009-04-11 20:23 -------- d-----w c:\documents and settings\Jen\Application Data\Malwarebytes
2009-04-11 20:23 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-11 20:23 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-11 20:23 . 2009-04-11 20:23 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-11 00:07 . 2008-10-16 18:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-11 00:07 . 2008-10-16 18:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-10 22:59 . 2009-04-10 22:59 -------- d-----w c:\documents and settings\All Users\Application Data\Applications
2009-04-10 21:37 . 2009-04-10 21:37 24524 ----a-w c:\windows\system32\AAWService_2009_04_10_17_37_38.dmp
2009-04-10 20:19 . 2009-04-18 04:35 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-10 01:30 . 2009-04-11 19:34 408 ----a-w c:\windows\Dxayatebiwe.dat
2009-04-10 01:30 . 2009-04-11 04:00 0 ----a-w c:\windows\Wrodageya.bin
2009-04-10 01:30 . 2009-04-10 01:30 -------- d-----w c:\documents and settings\Jen\Local Settings\Application Data\{3ABFD4E4-09D5-46AD-A8EE-A2E017703B4B}
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 14:34 . 2006-06-06 23:54 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-18 14:18 . 2005-03-15 19:33 55256 ----a-w c:\documents and settings\Jen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-18 04:35 . 2006-10-12 01:36 -------- d-----w c:\program files\Lavasoft
2009-04-18 04:30 . 2009-04-10 21:38 6053 ----a-w C:\aaw7boot.log
2009-04-17 13:41 . 2009-04-11 20:21 -------- d-----w c:\program files\ERUNT
2009-04-16 17:01 . 2004-12-10 01:04 -------- d-----w c:\documents and settings\Jen\Application Data\Lavasoft
2009-04-15 23:55 . 2007-11-27 22:09 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-15 23:41 . 2004-12-06 05:39 -------- d-----w c:\program files\Java
2009-04-15 23:16 . 2004-08-11 23:25 88343 ----a-w c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-04-15 23:06 . 2004-08-04 11:00 250048 --sha-r C:\NTLDR
2009-04-15 00:29 . 2007-11-26 02:40 -------- d-----w c:\program files\World of Warcraft
2009-04-14 23:08 . 2004-12-06 05:40 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-14 23:08 . 2006-07-25 01:11 -------- d-----w c:\program files\Activision
2009-04-12 05:25 . 2009-04-12 05:23 -------- d-----w c:\program files\Trend Micro
2009-04-11 20:23 . 2009-04-11 20:23 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-11 20:03 . 2006-07-08 16:43 -------- d-----w c:\documents and settings\Jen\Application Data\OpenOffice.org2
2009-04-11 18:57 . 2009-04-11 14:13 376 ----a-w C:\VundoFix.txt
2009-04-11 14:03 . 2009-01-11 14:03 62464 --sha-w c:\windows\SYSTEM32\wamejulu.exe
2009-04-10 23:11 . 2005-06-06 05:18 -------- d-----w c:\program files\Common Files\NSV
2009-04-10 23:01 . 2009-04-10 20:07 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-10 21:38 . 2008-12-28 22:42 -------- d-----w c:\program files\Steam
2009-03-26 01:49 . 2007-10-10 01:50 -------- d-----w c:\documents and settings\Jen\Application Data\gtk-2.0
2009-03-16 17:40 . 2007-09-12 19:33 1196 ----a-w C:\net_save.dna
2009-03-06 14:22 . 2004-08-04 11:00 284160 ----a-w c:\windows\SYSTEM32\pdh.dll
2009-03-03 23:12 . 2008-08-14 17:23 80400 ----a-w c:\windows\system32\drivers\tmtdi.sys
2009-03-03 09:08 . 2008-08-14 17:23 335376 ----a-w c:\windows\system32\drivers\TM_CFW.sys
2009-03-03 00:18 . 2006-05-10 05:23 826368 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
2009-03-03 00:18 . 2004-08-04 11:00 826368 ----a-w c:\windows\SYSTEM32\wininet.dll
2009-02-28 04:54 . 2006-10-17 17:04 636072 ------w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2009-02-27 16:19 . 2009-02-27 16:19 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-02-25 01:05 . 2009-02-25 01:05 -------- d-----w c:\documents and settings\All Users\Application Data\2DBoy
2009-02-20 10:20 . 2007-05-09 01:25 13824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2009-02-20 10:20 . 2006-11-07 08:26 70656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2009-02-20 05:14 . 2006-11-07 08:25 161792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
2009-02-12 07:01 . 2009-02-12 06:58 52736 ----a-w c:\windows\ipuninst.exe
2009-02-09 12:10 . 2004-08-04 11:00 729088 ----a-w c:\windows\SYSTEM32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 11:00 714752 ----a-w c:\windows\SYSTEM32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 11:00 617472 ----a-w c:\windows\SYSTEM32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 11:00 401408 ----a-w c:\windows\SYSTEM32\rpcss.dll
2009-02-09 11:13 . 2008-10-16 04:17 1846784 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-02-09 11:13 . 2004-08-04 11:00 1846784 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-07 23:02 . 2008-10-16 04:16 2066048 ------w c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-04 11:00 110592 ----a-w c:\windows\SYSTEM32\services.exe
2009-02-06 11:08 . 2008-10-16 04:16 2189056 ------w c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-16 04:16 2145280 ------w c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2009-02-06 11:06 . 1980-01-01 06:00 2145280 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 11:00 35328 ----a-w c:\windows\SYSTEM32\sc.exe
2009-02-06 10:32 . 2008-10-16 04:16 2023936 ------w c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2009-02-06 10:32 . 1980-01-01 06:00 2023936 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\SYSTEM32\DLLCACHE\secur32.dll
2009-02-03 19:59 . 2004-08-04 11:00 56832 ----a-w c:\windows\SYSTEM32\secur32.dll
2008-12-29 17:30 . 2008-12-29 17:30 126960 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2007-04-22 20:07 . 2007-04-22 20:07 126 ----a-w c:\documents and settings\Jen\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-18_14.13.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-18 16:23 . 2009-04-18 16:23 16384 c:\windows\Temp\Perflib_Perfdata_6e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-08-14 497008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-12-18 278528]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-08-14 497008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= ,

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"=
"c:\\WINDOWS\\SYSTEM32\\WBEM\\UNSECAPP.EXE"=
"c:\\Program Files\\Comcast\\Desktop Doctor\\bin\\sprtsvc.exe"=
"c:\\WINDOWS\\SYSTEM32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6883:TCP"= 6883:TCP:Bit Torrent
"6883:UDP"= 6883:UDP:Bit Torrent2
"18603:TCP"= 18603:TCP:BitComet 18603 TCP
"18603:UDP"= 18603:UDP:BitComet 18603 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6881:TCP"= 6881:TCP:Blizzard Downloader

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-04-02 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-04-01 497008]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-04-01 677128]
S2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [2009-02-12 181584]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2009-03-06 36368]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2009-03-03 335376]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{276c6ed1-f614-11dc-8915-0011117b02e2}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d115dd4a-264a-11de-8ac2-0011117b02e2}]
\Shell\AutoRun\command - F:\InstallSeagateManager.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
TCP: {430E36FC-8A76-490B-948A-9CA446300DEF} = 4.2.2.2,4.2.2.1
FF - ProfilePath - c:\documents and settings\Jen\Application Data\Mozilla\Firefox\Profiles\btcccm5e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFTMUFEHelper.dll
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFToolbarComm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 21:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-19 21:24
ComboFix-quarantined-files.txt 2009-04-19 01:24
ComboFix2.txt 2009-04-18 14:15

Pre-Run: 15,079,534,592 bytes free
Post-Run: 15,058,612,224 bytes free

218 --- E O F --- 2009-04-17 06:37




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users