Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloaded gamevance, found _ex-08.exe on my computer


  • This topic is locked This topic is locked
25 replies to this topic

#1 joystras

joystras

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 21 August 2009 - 04:52 PM

I downloaded Gamevance earlier in the week and found out it was a bad thing to do. I went searching and deleted some files and ran Trend Micro PC-cilin Internet Security 14, Spybot, AVG. Different programs find nothing wrong, but I keep getting warnings about being infected by a generic trojan. I then did cntrl alt delete and found _ex-08.exe running and when I looked it up, I found not so good things. I know my way around a computer sort of, but would like help getting rid of any nastiness or extra things that I don't need or that could be hurting my computer.


Here is my DDS.txt


DDS (Ver_09-07-30.01) - NTFSx86
Run by Joy at 11:13:40.84 on Fri 08/21/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.280 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {B3891867-7230-459B-9987-E7CCFA7A7D1D}
AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Webroot Desktop Firewall *enabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF50}
FW: PC-cillin Internet Security - Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
svchost
C:\WINDOWS\Temp\_ex-68.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Joy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070103
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.dell.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {52706EF7-D7A2-49AD-A615-E903858CF284} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - No File
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [PromoReg] c:\windows\temp\_ex-68.exe
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [DMXLauncher] "c:\program files\dell\media experience\DMXLauncher.exe"
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
mRun: [DLA] "c:\windows\system32\dla\DLACTRLW.EXE"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [YBrowser] "c:\progra~1\yahoo!\browser\ybrwicon.exe"
mRun: [Motive SmartBridge] "c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe"
mRun: [<NO NAME>]
mRun: [Webroot Desktop Firewall] "c:\program files\webroot\webroot desktop firewall\WDF.exe"
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe"
mRun: [AVG8_TRAY] "c:\progra~1\avg\avg8\avgtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
StartupFolder: c:\documents and settings\joy\start menu\programs\startup\ikowin32.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Display All Images with Full Quality - "c:\program files\netzero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\netzero\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - hxxp://img.member.yahoo.com/dl/atty/yinst_current.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-1 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-1 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-1 108552]
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [2008-7-31 103304]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-1 297752]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2006-9-25 345696]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2006-9-25 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2006-9-25 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2006-9-25 566872]
R2 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-9 30152]
R2 WDFNet;Webroot Desktop Firewall network service;c:\program files\webroot\webroot desktop firewall\wdfsvc.exe [2008-7-31 353672]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2008-8-9 3585384]
R3 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2006-9-25 280392]

=============== Created Last 30 ================

2009-08-20 07:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\12237034
2009-08-11 14:08 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-11 14:08 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 14:14 0 a------- c:\docume~1\joy\applic~1\wklnhst.dat
2009-07-28 13:48 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-28 13:48 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-24 22:22 <DIR> --d----- c:\windows\system32\appmgmt

==================== Find3M ====================

2009-08-15 08:44 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-15 08:44 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-09 18:43 7,100 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 08:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 14:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 12:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 12:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 12:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 12:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 12:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 12:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 12:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 12:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 06:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-25 03:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 03:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 03:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 03:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 03:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 03:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 03:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 03:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 03:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 03:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 03:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 03:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 06:18 92,928 a------- c:\windows\system32\drivers\ksecdd.sys
2009-06-24 06:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 09:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 09:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 07:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 07:31 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe
2009-06-12 07:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 07:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 09:19 2,066,432 -------- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 09:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 01:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 01:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 14:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2007-01-05 20:58 88 ---shr-- c:\windows\system32\2433BC9844.sys

============= FINISH: 11:17:39.51 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:28 AM

Posted 01 September 2009 - 10:11 PM

Hello and welcome to Bleeping Computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 joystras

joystras
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 02 September 2009 - 08:52 PM

Thanks so much for your help, I followed all directions, but when I ran the random/random thing, I only got log-Notepad. I reran it following your directions and only got that again. I never saw info.txt. I appologize, but could you tell me what to do next or if I gave you enough info with the two reports listed below.
Thank you so much for your help! Never mind, I found it!!
Joy


Malwarebytes' Anti-Malware 1.40
Database version: 2734
Windows 5.1.2600 Service Pack 3

9/2/2009 8:15:54 PM
mbam-log-2009-09-02 (20-15-54).txt

Scan type: Full Scan (C:\|)
Objects scanned: 202691
Time elapsed: 1 hour(s), 9 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 8
Registry Data Items Infected: 0
Folders Infected: 12
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PromoReg (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PromoReg (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcgs9j0e18v (Rogue.AntiVirusXP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Joy\Application Data\shcjs9j0e18v (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joy\Application Data\shcjs9j0e18v\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joy\Application Data\shcjs9j0e18v\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joy\Application Data\shcjs9j0e18v\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joy\Application Data\shcjs9j0e18v\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joy\Application Data\shcjs9j0e18v\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joy\Application Data\shcjs9j0e18v\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joy\Application Data\shcjs9j0e18v\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joy\Application Data\shcjs9j0e18v\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joy\Application Data\shcjs9j0e18v\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joy\Application Data\shcjs9j0e18v\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\12237034 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Joy\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.







Logfile of random's system information tool 1.06 (written by random/random)
Run by Joy at 2009-09-02 20:43:46
Microsoft Windows XP Professional Service Pack 3
System drive C: has 195 GB (84%) free of 234 GB
Total RAM: 1022 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:13 PM, on 9/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\DllHost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Joy\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Joy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070103
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070103
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [YBrowser] "C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] "C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe"
O4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://img.member.yahoo.com/dl/atty/yinst_current.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software Inc (www.webroot.com) - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10070 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\wrSpySweeper_LB063C0B016CD46B1856DA8B3F5E8F291.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-15 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52706EF7-D7A2-49AD-A615-E903858CF284}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-11-17 98304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-16 7323648]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"pccguide.exe"=C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe [2006-11-21 1807960]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"dlcxmon.exe"=C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [2006-06-14 286720]
"MemoryCardManager"=C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [2006-06-27 299008]
"YBrowser"=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [2006-07-21 129536]
"Motive SmartBridge"=C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe [2005-08-24 442455]
""= []
"Webroot Desktop Firewall"=C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe [2008-07-31 2401672]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-15 2007832]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"DLCXCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\Dell Support\DSAgnt.exe [2006-08-28 395776]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ccleaner"=C:\Program Files\CCleaner\CCleaner.exe [2009-03-24 1488112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [2005-08-31 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Dell PC Fax\fm3032.exe [2006-06-15 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2006-07-24 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
C:\PROGRA~1\SBCSEL~1\bin\matcli.exe [2003-10-10 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
C:\PROGRA~1\Yahoo!\YAHOO!~1\ymetray.exe yahoomusicengine -preload []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-15 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WDFNet]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\dlcxcoms.exe"="C:\WINDOWS\system32\dlcxcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Documents and Settings\Joy\Local Settings\Temp\.tt99.tmp"="C:\Documents and Settings\Joy\Local Settings\Temp\.tt99.tmp:*:Enabled:enable"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\Temp\_ex-68.exe"="C:\WINDOWS\Temp\_ex-68.exe:*:Enabled:Promo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ad16cf4-b8b4-11dc-b447-001676b5d2c6}]
shell\AutoRun\command - E:\Frogger.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9160cee-b71e-11dc-b445-001676b5d2c6}]
shell\AutoRun\command - J:\Frogger.exe


======List of files/folders created in the last 1 months======

2009-09-02 20:38:02 ----D---- C:\rsit
2009-09-02 18:55:00 ----D---- C:\Documents and Settings\Joy\Application Data\Malwarebytes
2009-09-02 18:54:50 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-02 18:54:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-25 20:17:11 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-24 18:39:20 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-08-21 16:40:11 ----A---- C:\RootRepeal report 08-21-09 (16-40-11).txt
2009-08-15 10:14:21 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-11 22:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-11 22:17:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-11 22:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-11 22:17:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-11 22:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-11 22:17:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-11 22:16:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-11 22:16:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-11 22:14:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

======List of files/folders modified in the last 1 months======

2009-09-02 20:33:18 ----D---- C:\WINDOWS\system32
2009-09-02 20:29:17 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-02 20:28:56 ----D---- C:\WINDOWS
2009-09-02 20:28:53 ----D---- C:\Program Files\dl_cats
2009-09-02 20:28:36 ----D---- C:\WINDOWS\Temp
2009-09-02 20:20:26 ----D---- C:\WINDOWS\Registration
2009-09-02 20:20:12 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-09-02 20:18:51 ----D---- C:\WINDOWS\system32\drivers
2009-09-02 20:18:14 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-09-02 20:17:21 ----D---- C:\WINDOWS\Prefetch
2009-09-02 18:54:49 ----D---- C:\Program Files
2009-08-31 13:10:39 ----HD---- C:\$AVG8.VAULT$
2009-08-30 20:46:08 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-25 20:17:18 ----HD---- C:\WINDOWS\inf
2009-08-24 18:43:49 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-08-20 20:22:54 ----D---- C:\Program Files\Trend Micro
2009-08-20 09:42:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-20 07:34:49 ----SHD---- C:\WINDOWS\Installer
2009-08-15 10:14:26 ----SHD---- C:\WINDOWS\system32\dllcache
2009-08-15 09:58:42 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-15 09:45:37 ----D---- C:\WINDOWS\network diagnostic
2009-08-15 08:44:28 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-08-14 18:59:10 ----D---- C:\WINDOWS\system32\Macromed
2009-08-12 07:04:10 ----D---- C:\WINDOWS\Debug
2009-08-11 22:17:01 ----D---- C:\Program Files\Outlook Express
2009-08-05 04:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-15 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-15 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-08 108552]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 ELhid;EL hid Service; \??\C:\WINDOWS\System32\Drivers\Elhid.sys []
R1 ELkbd;EL KB Service; \??\C:\WINDOWS\System32\Drivers\Elkbd.sys []
R1 ELmon;EL Monitor Service; \??\C:\WINDOWS\System32\Drivers\Elmon.sys []
R1 ELmou;EL Mouse Service; \??\C:\WINDOWS\System32\Drivers\Elmou.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 pwipf6;pwipf6; C:\WINDOWS\system32\drivers\pwipf6.sys [2008-07-31 103304]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2006-11-09 73288]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2007-01-03 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-11-26 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\drivers\TmXPFlt.sys [2008-11-26 205328]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-11-26 1195384]
R3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-19 230400]
R3 ELacpi;ELacpi; C:\WINDOWS\system32\DRIVERS\ELacpi.sys [2006-05-09 9728]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-16 3581888]
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2008-01-04 23920]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-24 1156648]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2006-11-09 280392]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-03-03 18944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 atapi;Standard IDE/ESDI Hard Disk Controller; C:\WINDOWS\system32\DRIVERS\atapi.sys [2008-04-13 96512]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-15 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 ELService;Intel® Quick Resume technology; C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe [2006-06-01 180224]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-16 143427]
R2 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe [2008-05-19 1475936]
R2 Tmntsrv;Trend Micro Real-time Service; C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2006-09-25 345696]
R2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2006-11-09 923216]
R2 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe [2006-11-09 566872]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
R2 Viewpoint Service;Viewpoint Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2008-04-04 30152]
R2 WDFNet;Webroot Desktop Firewall network service; C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe [2008-07-31 353672]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2008-08-09 3585384]
R3 dlcx_device;dlcx_device; C:\WINDOWS\system32\dlcxcoms.exe [2006-05-18 495616]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-18 137200]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------







info.txt logfile of random's system information tool 1.06 2009-09-02 20:38:55

======Uninstall list======

-->C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
-->MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AT&T Self Support Tool-->C:\WINDOWS\Motive\SBC\MCCUninst.exe
AT&T Yahoo! Applications-->C:\PROGRA~1\Yahoo!\common\uninstall.exe
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BroadJump Client Foundation-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Corel Photo Album 6-->MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell PC Fax-->C:\Program Files\Dell PC Fax\Install\x86\Uninst.exe /R:faxunst
Dell Photo AIO Printer 926-->C:\Program Files\Dell Photo AIO Printer 926\Install\x86\Uninst.exe
Dell Support 3.2.1-->MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EarthLink Setup Files-->MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Intel® Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
Intel® Quick Resume Technology Drivers-->C:\WINDOWS\System32\Elusetup.exe
Intel® Viiv™ Software-->MsiExec.exe /X{7EAB1D85-7BA3-47C1-BBF7-A0EBC241DB94}
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MobileMe Control Panel-->MsiExec.exe /I{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Safari-->MsiExec.exe /I{2D6ED011-055B-4041-B198-BB903827EBFB}
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Trend Micro PC-cillin Internet Security 14-->C:\PROGRA~1\TRENDM~1\INTERN~1\remove.exe
Trend Micro PC-cillin Internet Security 14-->MsiExec.exe /X{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Webroot AntiVirus with AntiSpyware-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Webroot Desktop Firewall-->MsiExec.exe /X{7F2EAC76-8BC7-473F-9E2D-3373FD693797}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com

======Security center information======

AV: AVG Anti-Virus Free
AV: Webroot AntiVirus with AntiSpyware
AV: PC-cillin Internet Security - Virus Protection
FW: Webroot Desktop Firewall
FW: PC-cillin Internet Security - Firewall (disabled)

======System event log======

Computer Name: D2W8LBC1
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Record Number: 16
Source Name: W32Time
Time Written: 20090828091710.000000-300
Event Type: error
User:

Computer Name: D2W8LBC1
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 15
Source Name: W32Time
Time Written: 20090828091710.000000-300
Event Type: error
User:

Computer Name: D2W8LBC1
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Record Number: 7
Source Name: W32Time
Time Written: 20090828091653.000000-300
Event Type: error
User:

Computer Name: D2W8LBC1
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 6
Source Name: W32Time
Time Written: 20090828091653.000000-300
Event Type: error
User:

Computer Name: D2W8LBC1
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 001676B5D2C6. The IP address being used is 169.254.145.196.

Record Number: 5
Source Name: Dhcp
Time Written: 20090828091618.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: D2W8LBC1
Event Code: 1517
Message: Windows saved user D2W8LBC1\Steve registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 22939
Source Name: Userenv
Time Written: 20080930221035.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: D2W8LBC1
Event Code: 1517
Message: Windows saved user D2W8LBC1\Steve registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 22930
Source Name: Userenv
Time Written: 20080928154050.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: D2W8LBC1
Event Code: 1517
Message: Windows saved user D2W8LBC1\Steve registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 22921
Source Name: Userenv
Time Written: 20080926070919.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: D2W8LBC1
Event Code: 1517
Message: Windows saved user D2W8LBC1\Steve registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 22914
Source Name: Userenv
Time Written: 20080925055358.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: D2W8LBC1
Event Code: 1517
Message: Windows saved user D2W8LBC1\Steve registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 22907
Source Name: Userenv
Time Written: 20080923221336.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

Edited by joystras, 02 September 2009 - 08:56 PM.


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:28 AM

Posted 03 September 2009 - 01:09 AM

Hi joystras,

I see that you have 3 AntiVirus and 2 Firewalls on your machine, you should only have 1 AV and 1 FW, so I would recomend that you
remove some of these and leave just one of each. You would proberbly be best leave your PC-cillin Internet Security, as this will
cover your AV and FW.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove some of these AVG or Webroot or PC-cillin.

Next

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Then post back with a new Rsit log and let me no any problems you are currently having, if any.

Thanks
Syler

unite.jpg


#5 joystras

joystras
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 03 September 2009 - 08:02 PM

Here is my log. I deleted the antivirus programs except for trend. I also have Spybot Search and Rescue on my computer. Should I delete that too? Another question many times I get a pop up saying a new profile has been found. Do I add it or delete? I have a lot of themlisted under my trend by the firewall area. i am not sure what they are and hope I haven't done bad things by accepting them. Lastly, do i need anything else besides my Trend inorder to protect my computer?
Thank you so much for all of your time and effort!
Joy

Logfile of random's system information tool 1.06 (written by random/random)
Run by Joy at 2009-09-03 19:49:11
Microsoft Windows XP Professional Service Pack 3
System drive C: has 195 GB (84%) free of 234 GB
Total RAM: 1022 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:49:22 PM, on 9/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Joy\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Joy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070103
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070103
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [YBrowser] "C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] "C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://img.member.yahoo.com/dl/atty/yinst_current.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 8349 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52706EF7-D7A2-49AD-A615-E903858CF284}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-11-17 98304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-16 7323648]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"pccguide.exe"=C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe [2006-11-21 1807960]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"dlcxmon.exe"=C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [2006-06-14 286720]
"MemoryCardManager"=C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [2006-06-27 299008]
"YBrowser"=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [2006-07-21 129536]
"Motive SmartBridge"=C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe [2005-08-24 442455]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"DLCXCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\Dell Support\DSAgnt.exe [2006-08-28 395776]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ccleaner"=C:\Program Files\CCleaner\CCleaner.exe [2009-03-24 1488112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [2005-08-31 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Dell PC Fax\fm3032.exe [2006-06-15 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2006-07-24 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
C:\PROGRA~1\SBCSEL~1\bin\matcli.exe [2003-10-10 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
C:\PROGRA~1\Yahoo!\YAHOO!~1\ymetray.exe yahoomusicengine -preload []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WDFNet]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\dlcxcoms.exe"="C:\WINDOWS\system32\dlcxcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Documents and Settings\Joy\Local Settings\Temp\.tt99.tmp"="C:\Documents and Settings\Joy\Local Settings\Temp\.tt99.tmp:*:Enabled:enable"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\Temp\_ex-68.exe"="C:\WINDOWS\Temp\_ex-68.exe:*:Enabled:Promo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ad16cf4-b8b4-11dc-b447-001676b5d2c6}]
shell\AutoRun\command - E:\Frogger.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9160cee-b71e-11dc-b445-001676b5d2c6}]
shell\AutoRun\command - J:\Frogger.exe


======List of files/folders created in the last 1 months======

2009-09-03 17:56:22 ----SHD---- C:\Config.Msi
2009-09-02 20:38:02 ----D---- C:\rsit
2009-09-02 18:55:00 ----D---- C:\Documents and Settings\Joy\Application Data\Malwarebytes
2009-09-02 18:54:50 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-02 18:54:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-25 20:17:11 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-24 18:39:20 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-08-21 16:40:11 ----A---- C:\RootRepeal report 08-21-09 (16-40-11).txt
2009-08-15 10:14:21 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-11 22:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-11 22:17:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-11 22:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-11 22:17:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-11 22:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-11 22:17:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-11 22:16:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-11 22:16:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-11 22:14:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

======List of files/folders modified in the last 1 months======

2009-09-03 19:39:40 ----D---- C:\WINDOWS\Prefetch
2009-09-03 19:39:39 ----D---- C:\Program Files
2009-09-03 19:39:27 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-09-03 19:03:35 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-09-03 17:58:36 ----D---- C:\WINDOWS
2009-09-03 17:58:33 ----D---- C:\Program Files\dl_cats
2009-09-03 17:58:20 ----D---- C:\WINDOWS\Temp
2009-09-03 17:57:52 ----D---- C:\WINDOWS\Registration
2009-09-03 17:57:20 ----D---- C:\WINDOWS\system32
2009-09-03 17:56:46 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-09-03 17:56:23 ----SHD---- C:\WINDOWS\Installer
2009-09-03 17:56:23 ----D---- C:\WINDOWS\system32\drivers
2009-09-03 17:56:22 ----A---- C:\WINDOWS\ODBC.INI
2009-09-03 17:55:46 ----SD---- C:\WINDOWS\Tasks
2009-09-03 17:55:45 ----D---- C:\Documents and Settings
2009-09-03 17:47:36 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-30 20:46:08 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-25 20:17:18 ----HD---- C:\WINDOWS\inf
2009-08-20 20:22:54 ----D---- C:\Program Files\Trend Micro
2009-08-20 09:42:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-15 10:14:26 ----SHD---- C:\WINDOWS\system32\dllcache
2009-08-15 09:58:42 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-15 09:45:37 ----D---- C:\WINDOWS\network diagnostic
2009-08-14 18:59:10 ----D---- C:\WINDOWS\system32\Macromed
2009-08-12 07:04:10 ----D---- C:\WINDOWS\Debug
2009-08-11 22:17:01 ----D---- C:\Program Files\Outlook Express
2009-08-05 04:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 ELhid;EL hid Service; \??\C:\WINDOWS\System32\Drivers\Elhid.sys []
R1 ELkbd;EL KB Service; \??\C:\WINDOWS\System32\Drivers\Elkbd.sys []
R1 ELmon;EL Monitor Service; \??\C:\WINDOWS\System32\Drivers\Elmon.sys []
R1 ELmou;EL Mouse Service; \??\C:\WINDOWS\System32\Drivers\Elmou.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2006-11-09 73288]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2007-01-03 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-11-26 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\drivers\TmXPFlt.sys [2008-11-26 205328]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-11-26 1195384]
R3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-19 230400]
R3 ELacpi;ELacpi; C:\WINDOWS\system32\DRIVERS\ELacpi.sys [2006-05-09 9728]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-16 3581888]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-24 1156648]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2006-11-09 280392]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-03-03 18944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 atapi;Standard IDE/ESDI Hard Disk Controller; C:\WINDOWS\system32\DRIVERS\atapi.sys [2008-04-13 96512]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 ELService;Intel® Quick Resume technology; C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe [2006-06-01 180224]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-16 143427]
R2 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe [2008-05-19 1475936]
R2 Tmntsrv;Trend Micro Real-time Service; C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2006-09-25 345696]
R2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2006-11-09 923216]
R2 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe [2006-11-09 566872]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
R3 dlcx_device;dlcx_device; C:\WINDOWS\system32\dlcxcoms.exe [2006-05-18 495616]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-18 137200]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:28 AM

Posted 03 September 2009 - 11:59 PM

I also have Spybot Search and Rescue on my computer. Should I delete that too?


Spybot is an AntiSpyware program which is different than a AntiVirus, so you do not need to delete that.

Another question many times I get a pop up saying a new profile has been found. Do I add it or delete? I have a lot of themlisted under my trend by the firewall area. i am not sure what they are and hope I haven't done bad things by accepting them.


Im not sure what you mean about the "new profile" does it give a file path and\or name? Generally if you are getting warning messages out of the blue,
when you are not doing anything that could cause it, you should deny it.

Lastly, do i need anything else besides my Trend inorder to protect my computer?


I will give you some advice on what you can do to keep yourself better protected, when I confirm you are all clean.

Thank you so much for all of your time and effort!


Your welcome :thumbup2:


Let's do a rootkit scan to see if their is anything there that I am not seeing.
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click Posted Image on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Posted Image
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.

unite.jpg


#7 joystras

joystras
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 04 September 2009 - 04:58 PM

I ran the rootrepeal ( I already had it on my computer so I din't redownload.) Here are my results. Thank you again for the amount of time you are putting into this.
Joy


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/04 16:47
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xEDE25000 Size: 749568 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB7562000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\joy\local settings\temp\~dfba81.tmp
Status: Allocation size mismatch (API: 98304, Raw: 32768)

==EOF==

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:28 AM

Posted 04 September 2009 - 08:19 PM

Nothing wrong in the Rootrepeal log.

Another question many times I get a pop up saying a new profile has been found. Do I add it or delete? I have a lot of themlisted under my trend by the firewall area. i am not sure what they are and hope I haven't done bad things by accepting them.

Im not sure what you mean about the "new profile" does it give a file path and\or name?


What about this question, and are you still getting these popups from trend?

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Next

Update Adobe reader
  • Click Start > Control Panel > Add/Remove Programs
  • Remove any older versions of Adobe Reader.
  • Click here to download the latest version of Adobe Acrobat Reader.
  • Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you. If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
  • Close your Internet browser and open it again.
Next

Please run a BitDefender Online Scan

Note: Only works with internet explorer
  • Click on the Start Scanner button.
  • Check I Agree to agree to the EULA, then click start here.
  • Allow the ActiveX control to install when prompted.
  • Click Start scan to begin scanning.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop as results.txt and post it in your next reply.
Then please post back here with the following:
  • Bitdefender report
  • New Rsit log
Thanks

unite.jpg


#9 joystras

joystras
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 05 September 2009 - 09:00 PM

I tried to run Adobe and I got an application error iexplore.exe instructions at 0x09750068 (something). It would not let me click on the Active X line that shows up on top. I tried this 3 times and it frooze internet explorer each time. I then tried to run BitDefender and had the same issues (there was a different number in in my error) but it too froze internet explorer and it closed on me.
I am not sure what steps I should take next or if you need more detailed explanation. Here is my RSIT log. Sorry!!
Joy

Logfile of random's system information tool 1.06 (written by random/random)
Run by Joy at 2009-09-05 20:55:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 195 GB (84%) free of 234 GB
Total RAM: 1022 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:43 PM, on 9/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Documents and Settings\Joy\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Joy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070103
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070103
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [YBrowser] "C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] "C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://img.member.yahoo.com/dl/atty/yinst_current.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 8606 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52706EF7-D7A2-49AD-A615-E903858CF284}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-11-17 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-05 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-16 7323648]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"pccguide.exe"=C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe [2006-11-21 1807960]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"dlcxmon.exe"=C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [2006-06-14 286720]
"MemoryCardManager"=C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [2006-06-27 299008]
"YBrowser"=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [2006-07-21 129536]
"Motive SmartBridge"=C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe [2005-08-24 442455]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"DLCXCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-05 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\Dell Support\DSAgnt.exe [2006-08-28 395776]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ccleaner"=C:\Program Files\CCleaner\CCleaner.exe [2009-03-24 1488112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [2005-08-31 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Dell PC Fax\fm3032.exe [2006-06-15 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2006-07-24 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
C:\PROGRA~1\SBCSEL~1\bin\matcli.exe [2003-10-10 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
C:\PROGRA~1\Yahoo!\YAHOO!~1\ymetray.exe yahoomusicengine -preload []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WDFNet]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\dlcxcoms.exe"="C:\WINDOWS\system32\dlcxcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Documents and Settings\Joy\Local Settings\Temp\.tt99.tmp"="C:\Documents and Settings\Joy\Local Settings\Temp\.tt99.tmp:*:Enabled:enable"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\Temp\_ex-68.exe"="C:\WINDOWS\Temp\_ex-68.exe:*:Enabled:Promo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ad16cf4-b8b4-11dc-b447-001676b5d2c6}]
shell\AutoRun\command - E:\Frogger.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9160cee-b71e-11dc-b445-001676b5d2c6}]
shell\AutoRun\command - J:\Frogger.exe


======List of files/folders created in the last 1 months======

2009-09-05 20:38:45 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-05 20:38:45 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-05 20:38:45 ----A---- C:\WINDOWS\system32\java.exe
2009-09-05 20:38:45 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-09-04 16:53:49 ----A---- C:\RootRepeal report 09-04-09 (16-53-49).txt
2009-09-02 20:38:02 ----D---- C:\rsit
2009-09-02 18:55:00 ----D---- C:\Documents and Settings\Joy\Application Data\Malwarebytes
2009-09-02 18:54:50 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-02 18:54:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-25 20:17:11 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-24 18:39:20 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-08-21 16:40:11 ----A---- C:\RootRepeal report 08-21-09 (16-40-11).txt
2009-08-15 10:14:21 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-11 22:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-11 22:17:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-11 22:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-11 22:17:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-11 22:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-11 22:17:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-11 22:16:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-11 22:16:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-11 22:14:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

======List of files/folders modified in the last 1 months======

2009-09-05 20:55:38 ----D---- C:\WINDOWS\Prefetch
2009-09-05 20:46:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-05 20:40:25 ----SHD---- C:\WINDOWS\Installer
2009-09-05 20:38:46 ----D---- C:\WINDOWS\Temp
2009-09-05 20:38:45 ----D---- C:\WINDOWS\system32
2009-09-05 20:38:23 ----D---- C:\Program Files\Java
2009-09-05 20:36:10 ----D---- C:\WINDOWS
2009-09-05 20:36:07 ----D---- C:\Program Files\dl_cats
2009-09-05 20:35:24 ----D---- C:\WINDOWS\Registration
2009-09-05 20:35:23 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-09-05 20:34:26 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-09-05 20:33:27 ----D---- C:\Program Files\Common Files
2009-09-04 16:47:20 ----D---- C:\WINDOWS\system32\drivers
2009-09-03 19:39:40 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-09-03 19:39:39 ----D---- C:\Program Files
2009-09-03 17:56:22 ----A---- C:\WINDOWS\ODBC.INI
2009-09-03 17:55:46 ----SD---- C:\WINDOWS\Tasks
2009-09-03 17:55:45 ----D---- C:\Documents and Settings
2009-08-30 20:46:08 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-25 20:17:18 ----HD---- C:\WINDOWS\inf
2009-08-20 20:22:54 ----D---- C:\Program Files\Trend Micro
2009-08-20 09:42:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-15 10:14:26 ----SHD---- C:\WINDOWS\system32\dllcache
2009-08-15 09:58:42 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-15 09:45:37 ----D---- C:\WINDOWS\network diagnostic
2009-08-14 18:59:10 ----D---- C:\WINDOWS\system32\Macromed
2009-08-12 07:04:10 ----D---- C:\WINDOWS\Debug
2009-08-11 22:17:01 ----D---- C:\Program Files\Outlook Express

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 ELhid;EL hid Service; \??\C:\WINDOWS\System32\Drivers\Elhid.sys []
R1 ELkbd;EL KB Service; \??\C:\WINDOWS\System32\Drivers\Elkbd.sys []
R1 ELmon;EL Monitor Service; \??\C:\WINDOWS\System32\Drivers\Elmon.sys []
R1 ELmou;EL Mouse Service; \??\C:\WINDOWS\System32\Drivers\Elmou.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2006-11-09 73288]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2007-01-03 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-11-26 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\drivers\TmXPFlt.sys [2008-11-26 205328]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-11-26 1195384]
R3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-19 230400]
R3 ELacpi;ELacpi; C:\WINDOWS\system32\DRIVERS\ELacpi.sys [2006-05-09 9728]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-16 3581888]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-24 1156648]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2006-11-09 280392]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-03-03 18944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 atapi;Standard IDE/ESDI Hard Disk Controller; C:\WINDOWS\system32\DRIVERS\atapi.sys [2008-04-13 96512]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 ELService;Intel® Quick Resume technology; C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe [2006-06-01 180224]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-05 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-16 143427]
R2 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe [2008-05-19 1475936]
R2 Tmntsrv;Trend Micro Real-time Service; C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2006-09-25 345696]
R2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2006-11-09 923216]
R2 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe [2006-11-09 566872]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
R3 dlcx_device;dlcx_device; C:\WINDOWS\system32\dlcxcoms.exe [2006-05-18 495616]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-18 137200]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:28 AM

Posted 05 September 2009 - 09:25 PM

Can you answer the question I have asked please.

unite.jpg


#11 joystras

joystras
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 05 September 2009 - 09:47 PM

When I get the pop up for a new profile, it usually says that a new profile has been found and I think we need to click accept or trusted or not accept or untrusted. I haven't had one recently so i am not sure it usually has a bunch of numbers I want to say that it is a new ip address. (I am not sure if this is the correct information, I am going off of memory.
Thanks,
Joy

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:28 AM

Posted 05 September 2009 - 09:57 PM

Ok lets try another scanner then and see if you have any issues with this one.

Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the Posted Image button.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

unite.jpg


#13 joystras

joystras
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 05 September 2009 - 10:13 PM

When I click on start, it seems as if it loads and then i get iexplore.exe 0x08740068 refrenced at memroy Memory could not be written. (Same thing as last time but different numbers.) Sorry...

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:28 AM

Posted 05 September 2009 - 10:26 PM

No need to be sorry :thumbup2:

Im not sure that this is a malware problem but I want to get another scan done to try and make sure.


Download and Run Kaspersky Virus Removal Tool
Please disable all anti-malware protection before running this tool. Refer to this page if you are not sure how.
  • Go here then click on the link to download the Kaspersky virus removal tool. Save the installer on your desktop.
  • Double click the installer and follow the prompts. Kaspersky Virus Removal Tool will open after the installation.
  • Close out of the program. When asked to uninstall, select No.
  • Now you need to reboot your computer and go into safe mode before scanning, see here
  • Once in safe mode open Kaspersky, under the "Automatic Scan" tab, check off all the boxes.
  • Click in the Settings box. Set the "Security Level" to High.
  • Change the Action settings to Do not Prompt for Action. UNcheck Disinfect and Delete if disinfection fails. Click Ok to apply the settings.
  • Select Scan. Please be patient while the scan completes.
  • When the scan is finished, click the Report... button in the lower middle, select Save to file..., and save it onto your desktop as "report".
  • Close out of the program. When asked to uninstall, select Yes.
  • Reply back with the report saved on your desktop.

unite.jpg


#15 joystras

joystras
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 06 September 2009 - 09:06 AM

Here is my Kaspersky log.

Scan
----
Scanned: 387745
Detected: 263
Untreated: 263
Start time: 9/5/2009 10:41:11 PM
Duration: 01:31:14
Finish time: 9/6/2009 12:12:25 AM


Detected
--------
Status Object
------ ------
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\0000666F-E97F92AB.av$//CryptFF.b
detected: Trojan program Trojan.Win32.FraudPack.aio File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\10.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\100.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\102.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\11.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\11EB.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\11EC.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\12.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\13.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\131.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\135.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\14.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\143.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\144.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\15.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\15B.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\16.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\167.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\17.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\179.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\18.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\182.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\183.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\186.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\189.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\18B.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\18C.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\18E.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\19.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\193.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\199.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\1A.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\1B.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\1C.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\1D.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\1E.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\1ED.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\1F.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\20.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\21.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\216.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\22.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\23.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\24.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\2495.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\25.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\26.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\27.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\273.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\278.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\28.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\29.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\299B.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\2A.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\2B.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\2B3.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\2C.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\2D.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\2DB5.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\2E.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\2F.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\30.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\306.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\31.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\32.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\33.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\338.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\34.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\35.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\36.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\37.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\38.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\389.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\39.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\395.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\3A.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\3A3B.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\3A3C.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\3A3D.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\3B.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\3C.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\3D.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\3E.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\3F.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\40.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\405.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\406.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\407.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\408.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\41.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\42.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\43.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\44.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\45.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\46.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\47.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\48.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\49.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\495.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\4A.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\4B.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\4C.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\4D.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\4E.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\4F.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\50.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\51.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\514.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\52.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\53.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\536.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\54.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\544.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\55.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\56.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\57.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\577.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\58.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\59.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\596.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\597.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\59A.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\59C.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\5A.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\5B.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\5C.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\5D.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\5D5.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\5D5B.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\5DC6.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\5E.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\5F.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\60.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\61.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\62.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\63.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\64.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\65.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\66.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\67.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\68.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\69.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\6A.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\6B.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\6C.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\6D.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\6E.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\6F.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\70.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\71.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\72.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\73.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\74.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\75.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\76.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\77.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\78.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\79.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\7A.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\7B.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\7C.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\7D.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\7E.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\7F.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\80.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\803.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\81.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\82.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\83.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\84.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\85.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\86.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\87.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\874.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\88.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\89.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\8A.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\8B.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\8C.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\8D.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\8E.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\8F.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\90.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\91.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\92.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\93.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\94.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\95.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\96.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\97.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\98.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\99.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\9A.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\9B.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\9C.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\9D.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\9E.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\9F.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\A.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\A0.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\A1.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\A2.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\A3.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\A4.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\A5.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\A6.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\A66.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\A7.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\A78.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\A79.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\A8.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\A9.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\AA.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\AB.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\AB3.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\AB4.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\AC.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\AD.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\AD3.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\AE.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\AF.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\B.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\B0.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\B1.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\B10.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\B11.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\B12.tmp//CryptFF.b
detected: virus Net-Worm.Win32.Koobface.bjo File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\B3.tmp//CryptFF.b
detected: Trojan program Trojan-Downloader.Win32.FraudLoad.wpkh File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\B4.tmp//CryptFF.b
detected: Trojan program Backdoor.Win32.Bredolab.ho File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\B5.tmp//CryptFF.b
detected: Trojan program Backdoor.Win32.Bredolab.ho File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\B6.tmp//CryptFF.b
detected: Trojan program Backdoor.Win32.Bredolab.ho File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\B7.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\B8.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\B9.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\BA.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\BB.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\BB2.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\BB3.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\BB4.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\BC.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\BD.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\BE.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\BF.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\C.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\C0.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\C1.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\C5.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\CC.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\D.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\D18.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\D19.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\D1A.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\E06.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\ECA.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\ECB.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\F.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\F3.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\F4.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\F5.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\F6.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\F8.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\F87.tmp//CryptFF.b
detected: new threat not-a-virus:FraudTool.Win32.MalwareProtector.h File: C:\Program Files\Trend Micro\Internet Security 14\Quarantine\FF.tmp//CryptFF.b


Events
------
Time Name Status Reason
---- ---- ------ ------
9/5/2009 10:41:18 PM Running module: smss.exe\smss.exe ok scanned


Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------


Settings
--------
Parameter Value
--------- -----
Security Level High
Action Do not disinfect, do not delete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats Yes
Scan password-protected archives No
Enable iChecker technology Yes
Enable iSwift technology Yes
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users