Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Security Alerts Popup (DDS & Attach log attached)


  • This topic is locked This topic is locked
4 replies to this topic

#1 snair13

snair13

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 29 April 2009 - 01:29 PM

I get Windows Security Alerts popup screens every few seconds alerting me of different threats like Net-worm.win32.Mytob.t, Backdoor-win32.kbot.al etc.. I have Trend Micro installed on my box and its unable to detect any of these. So i think its a malware. So i searched different forums, and reached here. As per the instructions I am attaching the HijackThis Log.
Any help in resolving this is greatly appreciated.

System: XP pro, 2002, service pack 3


DDS (Ver_09-03-16.01) - NTFSx86
Run by AP230042 at 11:07:12.95 on Wed 04/29/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.366 [GMT -7:00]

AV: Coreguard Antivirus 2009 *On-access scanning enabled* (Outdated)
FW: Trend Micro OfficeScan Enterprise Client Firewall *enabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ENDFORCE\AgentAPI.exe
C:\Program Files\Common Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Common Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Common Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\ENDFORCE\AgntTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\TEMP\HRF80.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\Program Files\Common Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\wscsvc32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\ap230042\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://iis.teradatanet.teradata.com/teradatanet/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://iis.teradatanet.teradata.com/teradatanet/
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Coreguard Antivirus 2009] c:\program files\coreguard antivirus 2009\Coreguard 2009.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [<NO NAME>]
mRun: [Teradata-Netmeeting Check] c:\windows\NMTRepair.EXE
mRun: [OfficeScanNT Monitor] "c:\program files\common files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [ENDFORCEAgent] "c:\program files\endforce\AgntTray.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\trendc~1.lnk - c:\program files\common files\trend micro\officescan client\TRCONFIG.EXE
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1)
mPolicies-explorer: NoWindowsUpdate = 1 (0x1)
dPolicies-explorer: NoActiveDesktop = 1 (0x1)
dPolicies-explorer: NoWindowsUpdate = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: teradata.com
Trusted Zone: teradata.com
TCP: {F8DAFC89-73DC-48E7-8A23-15D48FB6ED7A} = 153.65.2.12,153.65.2.111
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ap230042\applic~1\mozilla\firefox\profiles\t78muwpw.default\

============= SERVICES / DRIVERS ===============

R1 Appfilt;Appfilt;c:\windows\system32\drivers\appfilt.sys [2007-1-25 71192]
R1 efpktftr;ENDFORCE Quarantine Filter;c:\windows\system32\drivers\efPktFtr.sys [2007-6-27 37808]
R2 ENDFORCE Agent API;ENDFORCE Agent API;c:\program files\endforce\AgentAPI.exe [2007-6-27 2945024]
R2 OfcPfwSvc;OfficeScanNT Personal Firewall;c:\program files\common files\trend micro\officescan client\OfcPfwSvc.exe [2009-2-3 233552]
R2 TmFilter;Trend Micro Filter;c:\program files\common files\trend micro\officescan client\tmxpflt.sys [2009-2-3 205328]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\common files\trend micro\officescan client\tmpreflt.sys [2009-2-3 36368]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2009-2-3 26137]
S3 ExtranetAccess;Contivity VPN Service;c:\program files\nortel networks\Extranet_serv.exe [2009-2-3 811008]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2009-2-3 155152]

=============== Created Last 30 ================

2009-04-29 10:41 <DIR> --d----- c:\program files\Trend Micro
2009-04-29 10:17 131,072 a------- c:\windows\system32\Installer.exe
2009-04-28 17:11 81,920 -c------ c:\windows\system32\dllcache\ieencode.dll
2009-04-28 17:07 354,304 -c------ c:\windows\system32\dllcache\winhttp.dll
2009-04-28 15:22 <DIR> --d----- c:\program files\Coreguard Antivirus 2009
2009-04-28 15:17 123,392 a------- c:\windows\system32\wscsvc32.exe
2009-04-28 15:17 82,432 a------- c:\windows\system32\resdll.dll
2009-04-21 14:21 <DIR> --ds---- c:\documents and settings\ap230042\UserData
2009-03-31 14:24 1,846,784 -c------ c:\windows\system32\dllcache\win32k.sys

==================== Find3M ====================

2009-02-20 01:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 01:10 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-03 11:47 49,152 a------- c:\windows\system32\NCRFixPst.dll
2009-02-03 10:16 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-02 17:39 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 11:08:02.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 30 April 2009 - 07:04 AM

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....



Please download The Comedian.exe to your desktop
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
Please rename the random filename into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 snair13

snair13
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 30 April 2009 - 03:05 PM

Thanks fenzodahl512,
i had some problems installing malwarebytes' anti-malware and i had to rename the setup file mbam-setup.exe to xyz.exe, and then the installation was successful. Later I had to rename the installed executable mbam.exe to abc.exe in order to get it running. Anit-Malware picked up an infected registry entry and an infected file and was able to remove it. After a restart, the pop-ups are no more appearing...
Then i ran the RSIT and GMER exes.

All logs are attached.

Thanks again for your help!!


Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/30/2009 11:04:57 AM
mbam-log-2009-04-30 (11-04-57).txt

Scan type: Full Scan (C:\|)
Objects scanned: 103340
Time elapsed: 20 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.



Logfile of random's system information tool 1.06 (written by random/random)
Run by AP230042 at 2009-04-30 11:18:11
Microsoft Windows XP Professional Service Pack 3
System drive C: has 69 GB (90%) free of 76 GB
Total RAM: 1023 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:16 AM, on 4/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ENDFORCE\AgentAPI.exe
C:\Program Files\Common Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Common Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Common Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TEMP\CE3370.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ENDFORCE\AgntTray.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\ap230042\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\AP230042.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://iis.teradatanet.teradata.com/teradatanet/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://iis.teradatanet.teradata.com/teradatanet/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Teradata-Netmeeting Check] C:\WINDOWS\NMTRepair.EXE
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Common Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [ENDFORCEAgent] "C:\Program Files\ENDFORCE\AgntTray.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Coreguard Antivirus 2009] C:\Program Files\Coreguard Antivirus 2009\Coreguard 2009.exe
O4 - Global Startup: Trend Configure.lnk = C:\Program Files\Common Files\Trend Micro\OfficeScan Client\TRCONFIG.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NCRNet - {D9E7E0F9-2E85-4048-9729-0822F92BB5BB} - http://iis.ncrnet.ncr.com/ncrnet (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://iis.teradatanet.teradata.com/teradatanet/
O15 - Trusted Zone: http://*.teradata.com
O15 - Trusted Zone: http://*.teradata.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TD.teradata.com
O17 - HKLM\Software\..\Telephony: DomainName = TD.teradata.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8DAFC89-73DC-48E7-8A23-15D48FB6ED7A}: NameServer = 153.65.2.12,153.65.2.111
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TD.teradata.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = td.teradata.com,pioneerstd.teradata.com,teradata.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = td.teradata.com,pioneerstd.teradata.com,teradata.com
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ENDFORCE Agent API - ENDFORCE, Inc. - C:\Program Files\ENDFORCE\AgentAPI.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Common Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Common Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Common Files\Trend Micro\OfficeScan Client\tmlisten.exe

--
End of file - 6266 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-21 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-21 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-21 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-21 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
""= []
"Teradata-Netmeeting Check"=C:\WINDOWS\NMTRepair.EXE [2007-08-14 164268]
"OfficeScanNT Monitor"=C:\Program Files\Common Files\Trend Micro\OfficeScan Client\pccntmon.exe [2007-01-08 356429]
"ENDFORCEAgent"=C:\Program Files\ENDFORCE\AgntTray.exe [2007-06-27 1650688]
"Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-04-21 68592]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-21 39408]
"Coreguard Antivirus 2009"=C:\Program Files\Coreguard Antivirus 2009\Coreguard 2009.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Trend Configure.lnk - C:\Program Files\Common Files\Trend Micro\OfficeScan Client\TRCONFIG.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-31 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1
"disablecad"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"Btn_Back"=0
"Btn_Forward"=0
"Btn_Stop"=0
"Btn_Refresh"=0
"Btn_Home"=0
"Btn_Search"=0
"Btn_History"=0
"Btn_Favorites"=0
"Btn_Media"=0
"Btn_Folders"=0
"Btn_Fullscreen"=0
"Btn_Tools"=0
"Btn_MailNews"=0
"Btn_Size"=0
"Btn_Print"=0
"Btn_Edit"=0
"Btn_Discussions"=0
"Btn_Cut"=0
"Btn_Copy"=0
"Btn_Paste"=0
"Btn_Encoding"=0
"Btn_PrintPreview"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=0
"NoDesktop"=0
"NoFavoritesMenu"=0
"NoFind"=0
"NoRun"=0
"NoSetActiveDesktop"=0
"NoWindowsUpdate"=1
"NoFolderOptions"=0
"NoLogoff"=0
"NoClose"=0
"NoSetFolders"=0
"NoTrayContextMenu"=0
"NoViewContextMenu"=0
"EnforceShellExtensionSecurity"=0
"NoDrives"=0
"NoDeletePrinter"=0
"NoAddPrinter"=0
"NoPrinterTabs"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoMSAppLogo5ChannelNotify"=
"NoToolbarCustomize"=
"NoBandCustomize"=
"NoWindowsUpdate"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-04-30 11:18:11 ----D---- C:\rsit
2009-04-30 11:09:55 ----D---- C:\Avenger
2009-04-30 10:41:45 ----D---- C:\Documents and Settings\ap230042\Application Data\Malwarebytes
2009-04-30 10:40:13 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-30 09:58:35 ----SHD---- C:\RECYCLER
2009-04-30 09:57:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-30 09:54:25 ----D---- C:\WINDOWS\ERDNT
2009-04-30 09:53:28 ----D---- C:\Program Files\ERUNT
2009-04-29 10:41:59 ----D---- C:\Program Files\Trend Micro
2009-04-29 10:17:01 ----A---- C:\WINDOWS\system32\Installer.exe
2009-04-28 17:11:24 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-04-28 17:07:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-28 17:05:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-28 15:17:29 ----A---- C:\WINDOWS\system32\wscsvc32.exe
2009-04-28 15:17:29 ----A---- C:\WINDOWS\system32\resdll.dll
2009-04-27 08:13:22 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-04-27 07:59:14 ----D---- C:\Program Files\Common Files\Adobe
2009-04-27 07:59:14 ----D---- C:\Program Files\Adobe
2009-04-27 00:58:58 ----D---- C:\Documents and Settings\ap230042\Application Data\Help
2009-04-21 17:34:12 ----A---- C:\WINDOWS\ModemLog_Conexant D480 MDC V.92 Modem.txt
2009-04-21 14:25:55 ----D---- C:\Documents and Settings\ap230042\Application Data\Mozilla
2009-04-21 14:25:43 ----D---- C:\Program Files\Mozilla Firefox
2009-04-21 14:23:02 ----D---- C:\Documents and Settings\ap230042\Application Data\Google
2009-04-21 14:22:21 ----D---- C:\Program Files\Google
2009-04-21 14:22:21 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-04-21 14:21:12 ----D---- C:\Documents and Settings\ap230042\Application Data\Adobe
2009-04-04 18:52:19 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-03-31 14:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-18 09:53:18 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-03-18 09:53:17 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-03-18 09:53:09 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-02-05 13:58:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-02-05 13:55:48 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-02-05 13:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-02-05 13:49:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-02-05 13:42:59 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-02-05 13:39:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-02-05 13:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-02-05 13:33:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-02-05 13:30:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-02-05 13:27:43 ----D---- C:\Program Files\MSXML 4.0
2009-02-05 13:23:51 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-02-05 13:20:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-02-05 13:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-02-05 12:59:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-02-05 12:55:54 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-02-05 12:51:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-02-04 15:37:12 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-02-04 15:37:11 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-04 15:18:17 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-02-04 15:18:17 ----A---- C:\WINDOWS\system32\wups2.dll
2009-02-04 14:13:41 ----D---- C:\Documents and Settings\ap230042\Application Data\Macromedia
2009-02-03 12:57:58 ----D---- C:\Documents and Settings\All Users\Application Data\Attachmate
2009-02-03 12:57:51 ----D---- C:\Program Files\Attachmate
2009-02-03 12:53:39 ----D---- C:\~atq140rx
2009-02-03 12:12:23 ----A---- C:\WINDOWS\system32\dneinobj.dll
2009-02-03 12:12:18 ----D---- C:\Program Files\Common Files\PostureAgent
2009-02-03 12:12:18 ----D---- C:\Program Files\Common Files\Deterministic Networks
2009-02-03 12:12:17 ----D---- C:\Program Files\ENDFORCE
2009-02-03 12:11:32 ----D---- C:\WINDOWS\system32\VPCache
2009-02-03 11:50:12 ----A---- C:\WINDOWS\ODBC.INI
2009-02-03 11:50:04 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-02-03 11:49:15 ----D---- C:\Program Files\Common Files\L&H
2009-02-03 11:48:56 ----D---- C:\Program Files\Microsoft ActiveSync
2009-02-03 11:48:43 ----D---- C:\Program Files\Common Files\DESIGNER
2009-02-03 11:48:37 ----D---- C:\Program Files\Microsoft Works
2009-02-03 11:48:25 ----D---- C:\Program Files\Microsoft Visual Studio
2009-02-03 11:47:52 ----D---- C:\WINDOWS\SHELLNEW
2009-02-03 11:47:42 ----D---- C:\Program Files\Microsoft Office
2009-02-03 11:47:36 ----A---- C:\WINDOWS\system32\NCRFixPst.dll
2009-02-03 11:45:18 ----A---- C:\WINDOWS\Chkutils.exe
2009-02-03 11:45:06 ----ASH---- C:\Documents and Settings\ap230042\Application Data\desktop.ini
2009-02-03 11:45:05 ----SD---- C:\Documents and Settings\ap230042\Application Data\Microsoft
2009-02-03 11:45:05 ----D---- C:\Documents and Settings\ap230042\Application Data\Identities
2009-02-03 10:56:35 ----SHD---- C:\WINDOWS\CSC
2009-02-03 10:54:21 ----D---- C:\WINDOWS\SchCache
2009-02-03 10:50:03 ----A---- C:\WINDOWS\cfgall.ini
2009-02-03 10:34:42 ----D---- C:\Program Files\Common Files\Trend Micro
2009-02-03 10:34:20 ----A---- C:\WINDOWS\IsUninst.exe
2009-02-03 10:32:41 ----D---- C:\WINDOWS\ms
2009-02-03 10:32:41 ----A---- C:\WINDOWS\SMSCFG.ini
2009-02-03 10:31:51 ----D---- C:\NCRAPPS
2009-02-03 10:31:42 ----SHD---- C:\Config.Msi
2009-02-03 10:31:42 ----D---- C:\USMT
2009-02-03 10:31:39 ----A---- C:\WINDOWS\NMTRepair.EXE
2009-02-03 10:29:13 ----N---- C:\WINDOWS\system32\exthook.dll
2009-02-03 10:29:13 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-03 10:29:13 ----D---- C:\Program Files\Nortel Networks
2009-02-03 10:29:13 ----A---- C:\WINDOWS\system32\eacfilt.dll
2009-02-03 10:29:10 ----D---- C:\Program Files\Common Files\InstallShield
2009-02-03 10:29:04 ----D---- C:\Program Files\AT&T Global Network Client
2009-02-03 10:27:13 ----D---- C:\WINDOWS\system32\ar-sa
2009-02-03 10:27:12 ----D---- C:\WINDOWS\system32\bg-bg
2009-02-03 10:27:11 ----D---- C:\WINDOWS\system32\pt-br
2009-02-03 10:27:10 ----D---- C:\WINDOWS\system32\zh-cn
2009-02-03 10:27:08 ----D---- C:\WINDOWS\system32\zh-tw
2009-02-03 10:27:06 ----D---- C:\WINDOWS\system32\cs-cz
2009-02-03 10:27:04 ----D---- C:\WINDOWS\system32\da-dk
2009-02-03 10:27:02 ----D---- C:\WINDOWS\system32\el-gr
2009-02-03 10:27:00 ----D---- C:\WINDOWS\system32\es-es
2009-02-03 10:26:58 ----D---- C:\WINDOWS\system32\fi-fi
2009-02-03 10:26:58 ----D---- C:\WINDOWS\system32\et-ee
2009-02-03 10:26:56 ----D---- C:\WINDOWS\system32\fr-fr
2009-02-03 10:26:54 ----D---- C:\WINDOWS\system32\de-de
2009-02-03 10:26:52 ----D---- C:\WINDOWS\system32\he-il
2009-02-03 10:26:51 ----D---- C:\WINDOWS\system32\hr-hr
2009-02-03 10:26:50 ----D---- C:\WINDOWS\system32\hu-hu
2009-02-03 10:26:49 ----D---- C:\WINDOWS\system32\it-it
2009-02-03 10:26:47 ----D---- C:\WINDOWS\system32\ja-jp
2009-02-03 10:26:45 ----D---- C:\WINDOWS\system32\ko-kr
2009-02-03 10:26:43 ----D---- C:\WINDOWS\system32\nl-nl
2009-02-03 10:26:43 ----D---- C:\WINDOWS\system32\lv-lv
2009-02-03 10:26:43 ----D---- C:\WINDOWS\system32\lt-lt
2009-02-03 10:26:41 ----D---- C:\WINDOWS\system32\nb-no
2009-02-03 10:26:39 ----D---- C:\WINDOWS\system32\pl-pl
2009-02-03 10:26:37 ----D---- C:\WINDOWS\system32\pt-pt
2009-02-03 10:26:35 ----D---- C:\WINDOWS\system32\ru-ru
2009-02-03 10:26:35 ----D---- C:\WINDOWS\system32\ro-ro
2009-02-03 10:26:33 ----D---- C:\WINDOWS\system32\sl-si
2009-02-03 10:26:33 ----D---- C:\WINDOWS\system32\sk-sk
2009-02-03 10:26:32 ----D---- C:\WINDOWS\system32\sv-se
2009-02-03 10:26:29 ----D---- C:\WINDOWS\system32\tr-tr
2009-02-03 10:26:29 ----D---- C:\WINDOWS\system32\th-th
2009-02-03 10:25:09 ----D---- C:\WINDOWS\system32\GroupPolicy
2009-02-03 10:25:08 ----D---- C:\WINDOWS\system32\CCM
2009-02-03 10:25:00 ----D---- C:\Program Files\EuroTool
2009-02-03 10:24:44 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-02-03 10:24:31 ----D---- C:\Program Files\Windows Media Connect 2
2009-02-03 10:23:16 ----D---- C:\WINDOWS\system32\LogFiles
2009-02-03 10:21:30 ----D---- C:\WINDOWS\Prefetch
2009-02-03 10:14:21 ----A---- C:\WINDOWS\system32\msxml6r.dll
2009-02-03 10:14:20 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-02-03 10:14:09 ----A---- C:\WINDOWS\system32\smtpapi.dll
2009-02-03 10:14:09 ----A---- C:\WINDOWS\system32\rwnh.dll
2009-02-03 10:14:09 ----A---- C:\WINDOWS\system32\comsdupd.exe
2009-02-03 10:14:08 ----A---- C:\WINDOWS\system32\ativtmxx.dll
2009-02-03 10:14:08 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2009-02-03 10:14:08 ----A---- C:\WINDOWS\system32\ati2dvaa.dll
2009-02-03 10:14:08 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\l2gpstore.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\kmsvc.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\kbdpash.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\kbdnepr.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\kbdiultn.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\kbdbhc.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\hsfcisp2.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\eapsvc.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\eapqec.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\eappprxy.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\eapphost.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\eappgnui.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\eappcfg.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\eapp3hst.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\eapolqec.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\dot3ui.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\dot3svc.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\dot3msm.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\dot3dlg.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\dot3cfg.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\dot3api.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\dimsroam.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\dimsntfy.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\dhcpqec.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\credssp.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-02-03 10:14:07 ----A---- C:\WINDOWS\system32\azroles.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\windowscodecsext.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\windowscodecs.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\verclsid.exe
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\tspkg.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\slserv.exe
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\slrundll.exe
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\slgen.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\slextspk.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\slcoinst.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\setupn.exe
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\s3gnb.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\rasqec.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\qutil.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\qcliprov.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\qagentrt.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\qagent.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\photometadatahandler.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\onex.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\napstat.exe
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\napmontr.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\napipsec.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\mtxparhd.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\msshavmsg.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\mssha.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\mmcperf.exe
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-02-03 10:14:06 ----A---- C:\WINDOWS\system32\mmcex.dll
2009-02-03 10:14:05 ----A---- C:\WINDOWS\system32\wmphoto.dll
2009-02-03 10:14:05 ----A---- C:\WINDOWS\system32\wlanapi.dll
2009-02-03 10:14:04 ----D---- C:\WINDOWS\system32\scripting
2009-02-03 10:14:04 ----D---- C:\WINDOWS\system32\en-us
2009-02-03 10:14:04 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-02-03 10:14:04 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-02-03 10:14:04 ----A---- C:\WINDOWS\slrundll.exe
2009-02-03 10:14:03 ----D---- C:\WINDOWS\system32\en
2009-02-03 10:14:03 ----D---- C:\WINDOWS\system32\bits
2009-02-03 10:14:03 ----D---- C:\WINDOWS\l2schemas
2009-02-03 10:14:03 ----D---- C:\Program Files\msn
2009-02-03 10:12:15 ----D---- C:\WINDOWS\ServicePackFiles
2009-02-03 10:10:16 ----D---- C:\WINDOWS\network diagnostic
2009-02-03 10:09:23 ----A---- C:\WINDOWS\002827_.tmp
2009-02-03 10:09:18 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-03 10:09:08 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-02-03 10:06:20 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-02-03 10:00:02 ----D---- C:\InstallCD
2009-02-03 09:58:52 ----D---- C:\TDAPPS
2009-02-02 17:47:39 ----HD---- C:\Program Files\Uninstall Information
2009-02-02 17:47:12 ----A---- C:\WINDOWS\system32\tzchange.exe
2009-02-02 17:46:55 ----D---- C:\Drivers
2009-02-02 17:46:22 ----D---- C:\WINDOWS\SoftwareDistribution
2009-02-02 17:46:16 ----SD---- C:\WINDOWS\system32\Microsoft
2009-02-02 17:46:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-02 17:45:45 ----SHD---- C:\System Volume Information
2009-02-02 17:42:40 ----D---- C:\WINDOWS\system32\xircom
2009-02-02 17:42:40 ----D---- C:\Program Files\xerox
2009-02-02 17:42:40 ----D---- C:\Program Files\msn gaming zone
2009-02-02 17:42:40 ----D---- C:\Program Files\microsoft frontpage
2009-02-02 17:42:08 ----A---- C:\WINDOWS\control.ini
2009-02-02 17:42:08 ----A---- C:\AUTOEXEC.BAT
2009-02-02 17:41:53 ----A---- C:\WINDOWS\OEWABLog.txt
2009-02-02 17:41:45 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-02-02 17:40:43 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-02 17:40:43 ----RD---- C:\WINDOWS\Offline Web Pages
2009-02-02 17:40:43 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-02-02 17:40:34 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-02-02 17:40:28 ----HD---- C:\Program Files\WindowsUpdate
2009-02-02 17:40:23 ----D---- C:\Program Files\Online Services
2009-02-02 17:40:12 ----D---- C:\WINDOWS\system32\DirectX
2009-02-02 17:40:08 ----A---- C:\WINDOWS\system32\atrace.dll
2009-02-02 17:40:07 ----A---- C:\WINDOWS\system32\desktop.ini
2009-02-02 17:40:07 ----A---- C:\WINDOWS\desktop.ini
2009-02-02 17:40:05 ----D---- C:\Program Files\Common Files\Services
2009-02-02 17:40:05 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-02-02 17:40:05 ----A---- C:\WINDOWS\system32\acctres.dll
2009-02-02 17:40:04 ----SD---- C:\WINDOWS\Tasks
2009-02-02 17:40:04 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-02-02 17:40:03 ----D---- C:\Program Files\Common Files\MSSoap
2009-02-02 17:40:02 ----D---- C:\WINDOWS\system32\Macromed
2009-02-02 17:40:02 ----D---- C:\WINDOWS\srchasst
2009-02-02 17:40:02 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-02-02 17:40:02 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-02-02 17:40:02 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-02-02 17:40:02 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-02-02 17:40:01 ----A---- C:\WINDOWS\system32\wups.dll
2009-02-02 17:40:01 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-02-02 17:40:01 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-02-02 17:40:01 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-02-02 17:40:01 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-02-02 17:40:01 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-02-02 17:40:01 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-02-02 17:40:01 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-02-02 17:40:01 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-02-02 17:39:59 ----D---- C:\Program Files\Movie Maker
2009-02-02 17:39:59 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-02-02 17:39:59 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-02-02 17:39:59 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-02-02 17:39:59 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-02-02 17:39:58 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-02-02 17:39:58 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-02-02 17:39:57 ----D---- C:\WINDOWS\system32\Restore
2009-02-02 17:39:57 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-02-02 17:39:57 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-02-02 17:39:57 ----A---- C:\WINDOWS\system32\srclient.dll
2009-02-02 17:39:57 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-02-02 17:39:57 ----A---- C:\WINDOWS\system32\msconf.dll
2009-02-02 17:39:57 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-02-02 17:39:57 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-02-02 17:39:57 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-02-02 17:39:57 ----A---- C:\WINDOWS\system32\ils.dll
2009-02-02 17:39:56 ----D---- C:\Program Files\Outlook Express
2009-02-02 17:39:56 ----D---- C:\Program Files\NetMeeting
2009-02-02 17:39:56 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-02-02 17:39:56 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-02-02 17:39:56 ----A---- C:\WINDOWS\system32\mstask.dll
2009-02-02 17:39:56 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-02-02 17:39:56 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-02-02 17:39:56 ----A---- C:\WINDOWS\system32\inetres.dll
2009-02-02 17:39:56 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-02-02 17:39:55 ----A---- C:\WINDOWS\system32\isign32.dll
2009-02-02 17:39:55 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-02-02 17:39:55 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-02-02 17:39:55 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-02-02 17:39:54 ----D---- C:\Program Files\Internet Explorer
2009-02-02 17:39:54 ----D---- C:\Program Files\Common Files\System
2009-02-02 17:39:13 ----D---- C:\Program Files\ComPlus Applications
2009-02-02 17:39:11 ----A---- C:\WINDOWS\vbaddin.ini
2009-02-02 17:39:11 ----A---- C:\WINDOWS\vb.ini
2009-02-02 17:39:04 ----D---- C:\WINDOWS\Registration
2009-02-02 17:38:53 ----D---- C:\Program Files\Windows Media Player
2009-02-02 17:38:45 ----D---- C:\Program Files\Messenger
2009-02-02 17:38:45 ----A---- C:\WINDOWS\system32\write.exe
2009-02-02 17:38:44 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-02-02 17:38:44 ----A---- C:\WINDOWS\system32\hticons.dll
2009-02-02 17:38:43 ----A---- C:\WINDOWS\system32\winchat.exe
2009-02-02 17:38:43 ----A---- C:\WINDOWS\system32\avwav.dll
2009-02-02 17:38:43 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-02-02 17:38:43 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-02-02 17:38:42 ----A---- C:\WINDOWS\system32\sol.exe
2009-02-02 17:38:42 ----A---- C:\WINDOWS\system32\getuname.dll
2009-02-02 17:38:42 ----A---- C:\WINDOWS\system32\charmap.exe
2009-02-02 17:38:42 ----A---- C:\WINDOWS\system32\calc.exe
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\winmine.exe
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\tskill.exe
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\tscon.exe
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\shadow.exe
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\reset.exe
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\regini.exe
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\msg.exe
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\logoff.exe
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\freecell.exe
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-02-02 17:38:41 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-02-02 17:38:40 ----A---- C:\WINDOWS\system32\stclient.dll
2009-02-02 17:38:40 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-02-02 17:38:39 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-02-02 17:38:38 ----D---- C:\WINDOWS\system32\MsDtc
2009-02-02 17:38:38 ----D---- C:\Program Files\Windows NT
2009-02-02 17:38:38 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-02-02 17:38:38 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-02-02 17:38:38 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-02-02 17:38:38 ----A---- C:\WINDOWS\system32\spider.exe
2009-02-02 17:38:38 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-02-02 17:38:38 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-02-02 17:38:38 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-02-02 17:38:38 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-02-02 17:38:38 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-02-02 17:38:38 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-02-02 17:38:38 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-02-02 17:38:38 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-02-02 17:38:38 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-02-02 17:38:38 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-02-02 17:38:38 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-02-02 17:38:38 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-02-02 17:38:38 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-02-02 17:38:38 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-02-02 17:38:38 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-02-02 17:38:38 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-02-02 17:38:38 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-02-02 17:38:38 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-02-02 17:38:38 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-02-02 17:38:37 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-02-02 17:38:37 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-02-02 17:38:37 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-02-02 17:38:37 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-02-02 17:38:37 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-02-02 17:38:37 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-02-02 17:38:36 ----D---- C:\WINDOWS\system32\Com
2009-02-02 17:38:36 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-02-02 17:38:36 ----A---- C:\WINDOWS\system32\comuid.dll
2009-02-02 17:38:36 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-02-02 17:38:36 ----A---- C:\WINDOWS\system32\colbact.dll
2009-02-02 17:38:36 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-02-02 17:38:36 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-02-02 17:38:36 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-02-02 17:38:36 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-02-02 17:38:36 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-02-02 17:38:34 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-02-02 17:38:34 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-02-02 17:38:34 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-02-02 17:38:33 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-02-02 09:37:10 ----A---- C:\WINDOWS\system32\h323log.txt
2009-02-02 09:35:07 ----D---- C:\Program Files\Apoint
2009-02-02 09:34:28 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-02-02 09:34:23 ----D---- C:\Program Files\CONEXANT
2009-02-02 09:34:20 ----A---- C:\WINDOWS\system32\usbui.dll
2009-02-02 09:32:50 ----A---- C:\WINDOWS\imsins.BAK
2009-02-02 09:32:44 ----SHD---- C:\WINDOWS\Installer
2009-02-02 09:32:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-02 09:32:43 ----D---- C:\Program Files\Common Files\ODBC
2009-02-02 09:32:43 ----A---- C:\WINDOWS\ODBCINST.INI
2009-02-02 09:32:40 ----RD---- C:\Program Files
2009-02-02 09:32:40 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-02-02 09:32:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-02-02 09:32:40 ----D---- C:\Program Files\Common Files
2009-02-02 09:32:35 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-02-02 09:32:35 ----A---- C:\WINDOWS\system32\irclass.dll
2009-02-02 09:32:35 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-02-02 09:32:35 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-02-02 09:32:35 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-02-02 09:32:34 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-02-02 09:32:34 ----A---- C:\WINDOWS\system32\CONFIG.TMP
2009-02-02 09:32:33 ----A---- C:\WINDOWS\system32\batt.dll
2009-02-02 09:32:33 ----A---- C:\WINDOWS\notepad.exe
2009-02-02 09:32:32 ----A---- C:\WINDOWS\system32\storprop.dll
2009-02-02 09:32:16 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-02-02 09:32:05 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-02 09:32:05 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-02 09:31:59 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-02 09:31:49 ----A---- C:\WINDOWS\setuplog.txt
2009-02-02 09:31:46 ----D---- C:\Documents and Settings
2009-02-02 09:30:19 ----D---- C:\SYSPREP
2009-02-02 09:28:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-02 09:28:35 ----RSD---- C:\WINDOWS\Fonts
2009-02-02 09:28:35 ----RD---- C:\WINDOWS\Web
2009-02-02 09:28:35 ----HD---- C:\WINDOWS\inf
2009-02-02 09:28:35 ----D---- C:\WINDOWS\WinSxS
2009-02-02 09:28:35 ----D---- C:\WINDOWS\twain_32
2009-02-02 09:28:35 ----D---- C:\WINDOWS\Temp
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\wins
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\wbem
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\usmt
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\spool
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\ShellExt
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\Setup
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\ras
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\oobe
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\npp
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\mui
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\inetsrv
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\IME
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\icsxml
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\ias
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\export
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\drivers
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\dhcp
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\config
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\3com_dmi
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\3076
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\2052
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\1054
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\1042
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\1041
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\1037
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\1033
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\1031
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\1028
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32\1025
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system32
2009-02-02 09:28:35 ----D---- C:\WINDOWS\system
2009-02-02 09:28:35 ----D---- C:\WINDOWS\security
2009-02-02 09:28:35 ----D---- C:\WINDOWS\Resources
2009-02-02 09:28:35 ----D---- C:\WINDOWS\repair
2009-02-02 09:28:35 ----D---- C:\WINDOWS\Provisioning
2009-02-02 09:28:35 ----D---- C:\WINDOWS\PeerNet
2009-02-02 09:28:35 ----D---- C:\WINDOWS\pchealth
2009-02-02 09:28:35 ----D---- C:\WINDOWS\mui
2009-02-02 09:28:35 ----D---- C:\WINDOWS\msapps
2009-02-02 09:28:35 ----D---- C:\WINDOWS\msagent
2009-02-02 09:28:35 ----D---- C:\WINDOWS\Media
2009-02-02 09:28:35 ----D---- C:\WINDOWS\java
2009-02-02 09:28:35 ----D---- C:\WINDOWS\ime
2009-02-02 09:28:35 ----D---- C:\WINDOWS\Help
2009-02-02 09:28:35 ----D---- C:\WINDOWS\ehome
2009-02-02 09:28:35 ----D---- C:\WINDOWS\Driver Cache
2009-02-02 09:28:35 ----D---- C:\WINDOWS\Debug
2009-02-02 09:28:35 ----D---- C:\WINDOWS\Cursors
2009-02-02 09:28:35 ----D---- C:\WINDOWS\Connection Wizard
2009-02-02 09:28:35 ----D---- C:\WINDOWS\Config
2009-02-02 09:28:35 ----D---- C:\WINDOWS\AppPatch
2009-02-02 09:28:35 ----D---- C:\WINDOWS\addins
2009-02-02 09:28:35 ----D---- C:\WINDOWS

======List of files/folders modified in the last 3 months======

2009-03-02 16:04:03 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-02-20 01:11:01 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-02-20 01:10:59 ----A---- C:\WINDOWS\system32\wininet.dll
2009-02-20 01:10:59 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-02-20 01:10:57 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-02-03 12:10:21 ----A---- C:\WINDOWS\win.ini
2009-02-03 10:26:02 ----RASH---- C:\boot.ini
2009-02-03 10:26:02 ----A---- C:\WINDOWS\system32\OEMINFO.INI
2009-02-02 09:32:39 ----N---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Appfilt;Appfilt; \??\C:\WINDOWS\system32\drivers\Appfilt.sys []
R1 efpktftr;ENDFORCE Quarantine Filter; \??\C:\WINDOWS\System32\Drivers\efPktFtr.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 TM_CFW;Common Firewall Driver; \??\C:\Program Files\Common Files\Trend Micro\OfficeScan Client\tm_cfw.sys []
R2 TmFilter;Trend Micro Filter; \??\C:\Program Files\Common Files\Trend Micro\OfficeScan Client\TmXPFlt.sys []
R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Program Files\Common Files\Trend Micro\OfficeScan Client\TmPreFlt.sys []
R2 VSApiNt;Trend Micro VSAPI NT; \??\C:\Program Files\Common Files\Trend Micro\OfficeScan Client\VSApiNt.sys []
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-31 788480]
R3 b57w2k;Broadcom 570x Gigabit Integrated Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2003-05-21 175360]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-20 127248]
R3 Eacfilt;Eacfilt Miniport; C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2007-04-18 26137]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 IPSECSHM;Nortel IPSECSHM Adapter; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2007-04-18 155152]
R3 O2SCBUS;O2Micro SmartCardBus Reader; C:\WINDOWS\system32\DRIVERS\ozscr.sys [2004-07-09 91823]
R3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\system32\CCM\prepdrv.sys []
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2004-11-15 264440]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 IPSECEXT;Nortel Extranet Access Protocol; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2007-04-18 155152]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-31 389120]
R2 CcmExec;SMS Agent Host; C:\WINDOWS\system32\CCM\CcmExec.exe [2006-02-09 578784]
R2 ENDFORCE Agent API;ENDFORCE Agent API; C:\Program Files\ENDFORCE\AgentAPI.exe [2007-06-27 2945024]
R2 ntrtscan;OfficeScanNT RealTime Scan; C:\Program Files\Common Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2007-01-08 503808]
R2 OfcPfwSvc;OfficeScanNT Personal Firewall; C:\Program Files\Common Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe [2007-03-09 233552]
R2 tmlisten;OfficeScanNT Listener; C:\Program Files\Common Files\Trend Micro\OfficeScan Client\tmlisten.exe [2007-03-09 626776]
S3 ExtranetAccess;Contivity VPN Service; C:\Program Files\Nortel Networks\Extranet_serv.exe [2007-04-18 811008]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-21 182768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-04-30 11:18:19

======Uninstall list======

_Teradata License for Microsoft Office 2003 Standard-->Not available
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
ALPS Touch Pad Driver-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AT&T Global Network Client-->C:\Program Files\AT&T Global Network Client\NetUN.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Attachmate Reflection X 14.0 -->MsiExec.exe /I{CE1D82E1-161B-4494-8783-D51E46DB518B}
Conexant D480 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Easy PC Asset Information-->Not Available
Easy Setup Installer-->Not Available
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{90120409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Netmeeting 3.01 Teradata Customization-->"C:\NCRAPPS\NETMEETING\UNINSTAL.EXE" "C:\NCRAPPS\NETMEETING\INSTALL.LOG" "Netmeeting 3.01 Teradata Customization Uninstall"
Nortel Networks Contivity VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF964A78-078C-11D1-B7A7-0000C0134CE6}\setup.exe" Uninstall
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Trend Micro OfficeScan Client-->"C:\Program Files\Common Files\Trend Micro\OfficeScan Client\ntrmv.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: Coreguard Antivirus 2009 (outdated)
FW: Trend Micro OfficeScan Enterprise Client Firewall
FW: Trend Micro OfficeScan Enterprise Client Firewall

======System event log======

Computer Name: XQMOIULP-TD
Event Code: 14000
Message: QoS: The Packet Scheduler failed to register with the Generic Packet Classifier (msgpc.sys).

Record Number: 10
Source Name: PSched
Time Written: 20090202163759.000000-480
Event Type: error
User:

Computer Name: XQMOIULP-TD
Event Code: 14000
Message: QoS: The Packet Scheduler failed to register with the Generic Packet Classifier (msgpc.sys).

Record Number: 9
Source Name: PSched
Time Written: 20090202163758.000000-480
Event Type: error
User:

Computer Name: XQMOIULP-TD
Event Code: 14000
Message: QoS: The Packet Scheduler failed to register with the Generic Packet Classifier (msgpc.sys).

Record Number: 8
Source Name: PSched
Time Written: 20090202163757.000000-480
Event Type: error
User:

Computer Name: XQMOIULP-TD
Event Code: 14000
Message: QoS: The Packet Scheduler failed to register with the Generic Packet Classifier (msgpc.sys).

Record Number: 7
Source Name: PSched
Time Written: 20090202163757.000000-480
Event Type: error
User:

Computer Name: MACHINENAME
Event Code: 4
Message: Broadcom 570x Gigabit Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 5
Source Name: b57w2k
Time Written: 20090202083536.000000-480
Event Type: warning
User:

=====Application event log=====

Computer Name: XQMOIULP-TD
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 18
Source Name: WinMgmt
Time Written: 20090202164135.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: XQMOIULP-TD
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 17
Source Name: WinMgmt
Time Written: 20090202164135.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: XQMOIULP-TD
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 13
Source Name: WinMgmt
Time Written: 20090202163945.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: XQMOIULP-TD
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 12
Source Name: WinMgmt
Time Written: 20090202163945.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: XQMOIULP-TD
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 11
Source Name: WinMgmt
Time Written: 20090202163943.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Attachmate\Reflection\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0905
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Attached Files



#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 30 April 2009 - 03:22 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 07 May 2009 - 07:22 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users