Cannot stay online or load pages, huge delay with keyboard [RESOLVED] - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Cannot stay online or load pages, huge delay with keyboard [RESOLVED] triedMicrosoft Malware removal tool, didn't help

#1 spywarehater

  • Group: Member
  • Posts: 40
  • Joined: 15-April 05

Posted 18 November 2008 - 08:27 AM

My hijack this log I posted on Sunday has changed. I tried to get a link to my other topic, but I have to unplug my cable modem everytime I try to load a page. I don't know how many more times it will allow me to even get to this site, even the keyboard is hanging.

Sorry to start another thread,but my log is different now.

Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:12 AM, on 11/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\COMMON~1\AOL\120870~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\120870~1\EE\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080420
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080420
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1208701829\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\WINDOWS\System32\dbnmpntw32.dll
O20 - Winlogon Notify: 9463dd5f502 - C:\WINDOWS\System32\dbnmpntw32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 10123 bytes

#2 heir

  • Group: Malware Removal
  • Posts: 5,427
  • Joined: 19-February 08

Posted 18 November 2008 - 08:35 AM

Hello spywarehater!

Welcome to the site! :) My nickname is heir and I'll be helping clean up your computer. :) I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here.
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image


Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.


Is this the link your previous log?

#3 spywarehater

  • Group: Member
  • Posts: 40
  • Joined: 15-April 05

Posted 18 November 2008 - 10:26 AM

Yes that is my log. I can receive email.

Printer ready. Has taken 7 tries so fa to ansnwer you.

#4 spywarehater

  • Group: Member
  • Posts: 40
  • Joined: 15-April 05

Posted 18 November 2008 - 10:31 AM

Yes that is my log. I can receive email.

Printer ready. Has taken 7 tries so fa to ansnwer you.

#5 heir

  • Group: Malware Removal
  • Posts: 5,427
  • Joined: 19-February 08

Posted 18 November 2008 - 12:42 PM

Hello spywarehater!

I've reviewed your log.
I need to take a deeper look before we start cleaning.

If you have problems downloading. Download on another computer and transfer the files with a memory-stick.

Step 1.
Scan with RSIT:

  • Download random's system information tool (RSIT) by random/random from here.
  • It is important that is saved to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


Step 2.
Things I would like to see in your reply:

  • The content of C:\rsit\log.txt and C:\rsit\info.txt from Step 1.

#6 spywarehater

  • Group: Member
  • Posts: 40
  • Joined: 15-April 05

Posted 18 November 2008 - 01:31 PM

Heir,

Here are the logs:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Dana at 2008-11-18 13:15:19
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 130 GB (85%) free of 153 GB
Total RAM: 1982 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:25 PM, on 11/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\AOL\120870~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\120870~1\EE\AOLServiceHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dana\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Dana.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080420
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080420
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1208701829\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\WINDOWS\System32\dbnmpntw32.dll
O20 - Winlogon Notify: 9463dd5f502 - C:\WINDOWS\System32\dbnmpntw32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 10121 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-04-30 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-05-23 2549368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-28 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-05-23 2549368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-04-06 8466432]
"nwiz"=nwiz.exe /install []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-04-06 16859648]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-04-06 69632]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2007-09-17 124200]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-20 29744]
"ECenter"=C:\Dell\E-Center\EULALauncher.exe [2008-02-28 17920]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]
"HostManager"=C:\Program Files\Common Files\AOL\1208701829\EE\AOLHostManager.exe [2004-11-03 125528]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-03-11 202544]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2005-07-22 188416]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-06-02 267048]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-11-15 970808]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-04-30 22058792]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-03-11 202544]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-09-19 4347120]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2008-11-15 497008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Documents and Settings\Dana\Start Menu\Programs\Startup
PowerReg Scheduler V3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\WINDOWS\System32\dbnmpntw32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\9463dd5f502]
C:\WINDOWS\System32\dbnmpntw32.dll [2008-11-15 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1208701829\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1208701829\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02582408-4614-11dd-ab06-001aa06fadc8}]
shell\AutoRun\command - E:\podcastready.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{754b491c-4acb-11dd-ab07-001aa06fadc8}]
shell\AutoRun\command - E:\podcastready.exe


======List of files/folders created in the last 1 months======

2008-11-18 13:15:19 ----D---- C:\rsit
2008-11-18 13:06:01 ----D---- C:\WINDOWS\LastGood
2008-11-17 20:31:51 ----ASH---- C:\WINDOWS\system32\6D.tmp
2008-11-17 18:47:08 ----D---- C:\Program Files\Windows Defender
2008-11-17 17:45:54 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-11-17 12:42:31 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-17 10:55:06 ----D---- C:\WINDOWS\Prefetch
2008-11-17 10:51:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-17 10:51:05 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-17 10:50:41 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-17 10:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-17 10:49:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-17 10:49:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-17 10:48:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-17 10:48:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-17 10:47:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-17 10:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-17 10:46:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-17 10:45:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-17 10:45:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-17 10:44:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-17 10:43:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-17 10:43:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-17 10:42:59 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-17 10:42:38 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-17 10:34:23 ----D---- C:\WINDOWS\system32\scripting
2008-11-17 10:34:21 ----D---- C:\WINDOWS\l2schemas
2008-11-17 10:34:20 ----D---- C:\WINDOWS\system32\en
2008-11-17 10:34:20 ----D---- C:\WINDOWS\system32\bits
2008-11-17 10:29:36 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-17 10:24:29 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-17 10:21:20 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-17 10:19:32 ----D---- C:\WINDOWS\EHome
2008-11-17 09:55:13 ----ASH---- C:\WINDOWS\system32\90.tmp
2008-11-16 13:54:18 ----ASH---- C:\WINDOWS\system32\40.tmp
2008-11-16 08:00:22 ----D---- C:\Documents and Settings\Dana\Application Data\Malwarebytes
2008-11-16 08:00:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-16 08:00:13 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-15 17:09:34 ----D---- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-11-15 17:08:21 ----D---- C:\Program Files\Trend Micro
2008-11-15 09:27:51 ----A---- C:\WINDOWS\GnuHashes.ini
2008-11-15 09:20:24 ----SHD---- C:\WINDOWS\system32\GroupPolicyManifest
2008-11-15 09:20:13 ----ASH---- C:\WINDOWS\system32\D7.tmp
2008-11-15 09:20:12 ----A---- C:\WINDOWS\system32\dbnmpntw32.dll
2008-11-12 16:42:25 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-12 16:42:12 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-10-24 02:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-22 16:14:58 ----D---- C:\Program Files\New Tier

======List of files/folders modified in the last 1 months======

2008-11-18 13:06:59 ----D---- C:\WINDOWS\Temp
2008-11-18 13:06:58 ----D---- C:\WINDOWS\system32
2008-11-18 13:06:06 ----HD---- C:\WINDOWS\inf
2008-11-18 13:06:02 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-18 13:06:01 ----D---- C:\WINDOWS
2008-11-18 10:40:19 ----D---- C:\Documents and Settings\Dana\Application Data\Skype
2008-11-18 10:39:37 ----D---- C:\Documents and Settings\Dana\Application Data\skypePM
2008-11-18 10:36:42 ----SD---- C:\WINDOWS\Tasks
2008-11-18 10:34:01 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-18 10:33:55 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2008-11-18 10:32:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-17 20:31:33 ----D---- C:\Documents and Settings
2008-11-17 18:47:17 ----SHD---- C:\WINDOWS\Installer
2008-11-17 18:47:09 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-17 18:47:08 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-17 18:47:08 ----RD---- C:\Program Files
2008-11-17 18:47:08 ----D---- C:\WINDOWS\pchealth
2008-11-17 10:57:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-17 10:56:24 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-17 10:55:10 ----A---- C:\WINDOWS\setuplog.txt
2008-11-17 10:54:42 ----D---- C:\WINDOWS\system32\wbem
2008-11-17 10:54:42 ----D---- C:\WINDOWS\system32\Setup
2008-11-17 10:54:42 ----D---- C:\WINDOWS\AppPatch
2008-11-17 10:54:41 ----RSD---- C:\WINDOWS\Fonts
2008-11-17 10:54:36 ----D---- C:\WINDOWS\system32\drivers
2008-11-17 10:51:27 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-17 10:51:27 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-17 10:48:11 ----D---- C:\WINDOWS\security
2008-11-17 10:43:12 ----D---- C:\Program Files\Messenger
2008-11-17 10:35:46 ----D---- C:\WINDOWS\WinSxS
2008-11-17 10:35:25 ----D---- C:\Program Files\Windows Media Player
2008-11-17 10:35:23 ----D---- C:\WINDOWS\Help
2008-11-17 10:34:51 ----D---- C:\WINDOWS\network diagnostic
2008-11-17 10:34:51 ----D---- C:\WINDOWS\ime
2008-11-17 10:34:25 ----D---- C:\WINDOWS\system32\usmt
2008-11-17 10:34:25 ----D---- C:\WINDOWS\system32\en-US
2008-11-17 10:34:20 ----D---- C:\WINDOWS\PeerNet
2008-11-17 10:34:19 ----D---- C:\Program Files\Movie Maker
2008-11-17 10:29:27 ----D---- C:\WINDOWS\system32\Restore
2008-11-17 10:29:26 ----D---- C:\WINDOWS\system32\npp
2008-11-17 10:29:23 ----D---- C:\WINDOWS\msagent
2008-11-17 10:29:19 ----D---- C:\WINDOWS\srchasst
2008-11-17 10:29:14 ----D---- C:\Program Files\NetMeeting
2008-11-17 10:29:08 ----D---- C:\WINDOWS\system32\Com
2008-11-17 10:29:00 ----D---- C:\Program Files\Windows NT
2008-11-17 10:29:00 ----D---- C:\Program Files\Outlook Express
2008-11-17 10:28:55 ----D---- C:\Program Files\Common Files\System
2008-11-17 10:28:25 ----D---- C:\WINDOWS\system32\oobe
2008-11-17 10:28:22 ----D---- C:\WINDOWS\system
2008-11-16 06:51:23 ----D---- C:\Program Files\Mozilla Firefox
2008-11-15 17:04:17 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-15 17:04:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-15 16:59:38 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-15 16:57:03 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-11-15 16:55:08 ----D---- C:\Program Files\Common Files
2008-11-15 14:31:27 ----D---- C:\Program Files\Internet Explorer
2008-11-15 09:14:47 ----D---- C:\Documents and Settings\Dana\Application Data\LimeWire
2008-11-06 17:01:40 ----D---- C:\WINDOWS\system32\FxsTmp
2008-11-03 19:26:37 ----D---- C:\Program Files\Roxio
2008-11-03 16:10:26 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-11-15 80400]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2008-04-20 8552]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-11-15 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2008-11-15 205328]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-11-15 1195448]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-06 4652544]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-06 6811904]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\drivers\NVENETFD.sys [2008-04-06 54400]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\drivers\nvnetbus.sys [2008-04-06 22016]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2008-11-15 334352]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 nenum13E;nenum13E; \??\C:\DOCUME~1\Logan\LOCALS~1\Temp\nenum13E.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Serial emulation modem driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-04-06 155716]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-11-15 707128]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-03-11 202544]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008-09-18 337160]
R2 TmPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2008-11-15 492888]
R2 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-11-15 677128]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-06-02 504104]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-20 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-20 138168]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-12-02 74384]

-----------------EOF-----------------




info.txt logfile of random's system information tool 1.04 2008-11-18 13:15:30

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EarthLink Setup Files-->MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp deskjet 6122 series-->rundll32 hpzcon07.dll,VendorJettison hp deskjet 6122 series
hp deskjet 6122-->MsiExec.exe /X{E1F4FB82-3EA6-46B6-A18A-9B3A62DA393E}
Internet Service Offers Launcher-->MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
iTunes-->MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_37013fa\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LimeWire 4.16.7-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Modem Diagnostic Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pinball Panic-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{703DE3AE-513C-11D6-B2F9-0002A5E32BEF}\setup.exe" Pinball Panic
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x9 -cluninstall
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RollerCoaster Tycoon Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{924EAD66-F854-4605-8493-696DD59A113B}\setup.exe" -l0x9
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\Documents and Settings\All Users\Application Data\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SA31xx Device Manager & Media Converter-->C:\Program Files\InstallShield Installation Information\{E572B060-C98B-4984-A48E-E4FA56265903}\setup.exe -runfromtemp -l0x0009 -removeonly
SecondLife (remove only)-->"C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Trend Micro Internet Security-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security-->MsiExec.exe /X{40E12A55-C504-4223-AFAC-7672DBF1ACDE}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yu-Gi-Oh! ONLINE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67FB570C-900D-4515-ACB3-1004074D63D3}\setup.exe" -l0x9
Yu-Gi-Oh! Power of Chaos JOEY THE PASSION-->MsiExec.exe /I{336DD6B4-B100-4048-B2B7-FBA7059FD959}

=====HijackThis Backups=====

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)

======Security center information======

AV: Trend Micro Internet Security
FW: Trend Micro Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 127 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=7f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

#7 heir

  • Group: Malware Removal
  • Posts: 5,427
  • Joined: 19-February 08

Posted 19 November 2008 - 11:55 AM

Hello spywarehater!

I've reviewed your log.
Let's start cleaning your computer then.

If you have problems downloading. Download on another computer and transfer the files with a memory-stick.

Step 1.
Scan a file:

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\WINDOWS\GnuHashes.ini


  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


Step 2.
Uninstall unwanted software:

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):


LimeWire 4.16.7
Viewpoint Media Player


Optional removals
Limewire and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware.
It's up to you if you want to remove the above programs, however I recommend you do.


Step 3.
Fix with OTMoveIt3.exe:

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe
:Services
nenum13E
:Files
C:\Windows\ALCMTR.EXE
C:\WINDOWS\System32\dbnmpntw32.dll
C:\WINDOWS\system32\6D.tmp
C:\WINDOWS\system32\90.tmp
C:\WINDOWS\system32\40.tmp
C:\WINDOWS\system32\D7.tmp
C:\Program Files\Viewpoint
:Reg
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\9463dd5f502]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02582408-4614-11dd-ab06-001aa06fadc8}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{754b491c-4acb-11dd-ab07-001aa06fadc8}]
:Commands
[purity]
[EmptyTemp]
[start explorer]


  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Step 4.
Scan with RSIT:

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of log.txt (<<will be maximized)


Step 5.
Scan with Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Step 6.
Things I would like to see in your reply:

  • The result from the filescan from Step 1.
  • The content of the Result windows from OTMoveIt3 from Step 3.
  • The content of C:\rsit\log.txt from Step 4.
  • The content of C:\lopR.txt from Step 5.

#8 spywarehater

  • Group: Member
  • Posts: 40
  • Joined: 15-April 05

Posted 19 November 2008 - 02:23 PM

Heir,

It's already much easier to get to this site and keyboard is normal again! :)

Here are the logs you asked for:


VirSCAN.org Scanned Report :
Scanned time : 2008/11/19 13:37:01 (CST)
Scanner results: All Scanners reported not find malware!
File Name : GnuHashes.ini
File Size : 8260 byte
File Type : ASCII text, with very long lines, with CRLF line terminators
MD5 : c7de768c03a3fff261fa61314756ee7a
SHA1 : ef4c67bf931a4a21cbd62945b096ca5b5d9153ac
Online report : http://virscan.org/report/5ead2eb46ec7728e...fc8c81e151.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.26 20081119050113 2008-11-19 2.97 -
AhnLab V3 2008.11.20.00 2008.11.20 2008-11-20 1.04 -
AntiVir 7.9.0.34 7.1.0.110 2008-11-19 1.55 -
Antiy 2.0.18 20081119.1710974 2008-11-19 0.12 -
Arcavir 1.0.5 200811161554 2008-11-16 1.20 -
Authentium 5.1.1 200811191624 2008-11-19 1.07 -
AVAST! 3.0.1 081119-0 2008-11-19 0.00 -
AVG 7.5.52.442 270.9.7/1799 2008-11-19 1.73 -
BitDefender 7.81008.2223359 7.21951 2008-11-20 2.03 -
CA (VET) 9.0.0.143 31.6.6217 2008-11-19 5.37 -
ClamAV 0.94.1 8650 2008-11-19 0.00 -
Comodo 2.11 2.0.0.711 2008-11-19 0.79 -
CP Secure 1.1.0.715 2008.11.19 2008-11-19 6.39 -
Dr.Web 4.44.0.9170 2008.11.19 2008-11-19 3.54 -
ewido 4.0.0.2 2008.11.19 2008-11-19 3.16 -
F-Prot 4.4.4.56 20081119 2008-11-19 1.04 -
F-Secure 5.51.6100 2008.11.19.11 2008-11-19 3.73 -
Fortinet 2.81-3.117 9.720 2008-11-19 0.16 -
GData 19.1583/19.114 20081119 2008-11-19 2.88 -
ViRobot 20081119 2008.11.19 2008-11-19 0.41 -
Ikarus T3.1.01.45 2008.11.19.71881 2008-11-19 3.51 -
JiangMin 11.0.706 2008.11.19 2008-11-19 1.34 -
Kaspersky 5.5.10 2008.11.19 2008-11-19 0.02 -
KingSoft 2008.9.8.18 2008.11.13.23 2008-11-13 0.68 -
McAfee 5.3.00 5438 2008-11-18 2.49 -
Microsoft 1.4104 2008.11.19 2008-11-19 3.91 -
mks_vir 2.01 2008.11.17 2008-11-17 2.59 -
Norman 5.93.01 5.93.00 2008-11-18 5.12 -
Panda 9.05.01 2008.11.19 2008-11-19 2.24 -
Trend Micro 8.700-1004 5.662.08 2008-11-19 0.02 -
Quick Heal 10.00 2008.11.19 2008-11-19 0.84 -
Rising 20.0 21.04.22.00 2008-11-19 0.24 -
Sophos 2.80.0 4.35 2008-11-20 1.96 -
Sunbelt 4474 4474 2008-11-04 0.50 -
Symantec 1.3.0.24 20081118.002 2008-11-18 0.17 -
nProtect 2008-11-19.01 2622489 2008-11-19 3.16 -
The Hacker 6.3.1.1 v00158 2008-11-18 0.42 -
VBA32 3.12.8.9 20081119.0840 2008-11-19 1.33 -
VirusBuster 4.5.11.10 10.93.8/672009 2008-11-19 0.87 -



Logfile of random's system information tool 1.04 (written by random/random)
Run by Dana at 2008-11-19 14:19:55
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 130 GB (85%) free of 153 GB
Total RAM: 1982 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:19:57 PM, on 11/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\COMMON~1\AOL\120870~1\EE\AOLHOS~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\AOL\120870~1\EE\AOLServiceHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dana\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Dana.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080420
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080420
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1208701829\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\WINDOWS\System32\dbnmpntw32.dll
O20 - Winlogon Notify: 9463dd5f502 - C:\WINDOWS\System32\dbnmpntw32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 10143 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-04-30 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-05-23 2549368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-28 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-05-23 2549368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-04-06 8466432]
"nwiz"=nwiz.exe /install []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-04-06 16859648]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2007-09-17 124200]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-20 29744]
"ECenter"=C:\Dell\E-Center\EULALauncher.exe [2008-02-28 17920]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]
"HostManager"=C:\Program Files\Common Files\AOL\1208701829\EE\AOLHostManager.exe [2004-11-03 125528]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-03-11 202544]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2005-07-22 188416]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-06-02 267048]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-11-15 970808]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-04-30 22058792]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-03-11 202544]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-09-19 4347120]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2008-11-15 497008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Documents and Settings\Dana\Start Menu\Programs\Startup
PowerReg Scheduler V3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\WINDOWS\System32\dbnmpntw32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\9463dd5f502]
C:\WINDOWS\System32\dbnmpntw32.dll [2008-11-19 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1208701829\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1208701829\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-19 14:08:32 ----A---- C:\lopR.txt
2008-11-19 14:07:47 ----D---- C:\Lop SD
2008-11-19 13:55:57 ----D---- C:\_OTMoveIt
2008-11-19 03:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-19 03:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-18 13:15:19 ----D---- C:\rsit
2008-11-17 18:47:08 ----D---- C:\Program Files\Windows Defender
2008-11-17 17:45:54 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-11-17 12:42:31 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-17 10:55:06 ----D---- C:\WINDOWS\Prefetch
2008-11-17 10:51:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-17 10:51:05 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-17 10:50:41 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-17 10:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-17 10:49:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-17 10:49:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-17 10:48:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-17 10:48:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-17 10:47:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-17 10:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-17 10:46:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-17 10:45:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-17 10:45:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-17 10:44:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-17 10:43:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-17 10:43:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-17 10:42:59 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-17 10:42:38 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-17 10:34:23 ----D---- C:\WINDOWS\system32\scripting
2008-11-17 10:34:21 ----D---- C:\WINDOWS\l2schemas
2008-11-17 10:34:20 ----D---- C:\WINDOWS\system32\en
2008-11-17 10:34:20 ----D---- C:\WINDOWS\system32\bits
2008-11-17 10:29:36 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-17 10:24:29 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-17 10:21:20 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-17 10:19:32 ----D---- C:\WINDOWS\EHome
2008-11-16 08:00:22 ----D---- C:\Documents and Settings\Dana\Application Data\Malwarebytes
2008-11-16 08:00:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-16 08:00:13 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-15 17:09:34 ----D---- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-11-15 17:08:21 ----D---- C:\Program Files\Trend Micro
2008-11-15 09:27:51 ----A---- C:\WINDOWS\GnuHashes.ini
2008-11-15 09:20:24 ----SHD---- C:\WINDOWS\system32\GroupPolicyManifest
2008-11-15 09:20:12 ----A---- C:\WINDOWS\system32\dbnmpntw32.dll
2008-11-12 16:42:25 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-12 16:42:12 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-10-24 02:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-22 16:14:58 ----D---- C:\Program Files\New Tier

======List of files/folders modified in the last 1 months======

2008-11-19 14:19:50 ----D---- C:\WINDOWS\Temp
2008-11-19 14:02:46 ----SD---- C:\WINDOWS\Tasks
2008-11-19 14:01:52 ----D---- C:\Documents and Settings\Dana\Application Data\Skype
2008-11-19 14:00:56 ----D---- C:\WINDOWS
2008-11-19 14:00:00 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-19 13:59:59 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2008-11-19 13:58:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-19 13:55:58 ----RD---- C:\Program Files
2008-11-19 13:55:57 ----D---- C:\WINDOWS\system32
2008-11-19 13:45:56 ----D---- C:\Program Files\LimeWire
2008-11-19 06:12:08 ----D---- C:\Documents and Settings\Dana\Application Data\skypePM
2008-11-19 03:01:43 ----HD---- C:\WINDOWS\inf
2008-11-19 03:01:39 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-19 03:01:24 ----A---- C:\WINDOWS\imsins.BAK
2008-11-18 13:20:36 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-17 20:31:33 ----D---- C:\Documents and Settings
2008-11-17 18:47:17 ----SHD---- C:\WINDOWS\Installer
2008-11-17 18:47:09 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-17 18:47:08 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-17 18:47:08 ----D---- C:\WINDOWS\pchealth
2008-11-17 10:57:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-17 10:56:24 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-17 10:55:10 ----A---- C:\WINDOWS\setuplog.txt
2008-11-17 10:54:42 ----D---- C:\WINDOWS\system32\wbem
2008-11-17 10:54:42 ----D---- C:\WINDOWS\system32\Setup
2008-11-17 10:54:42 ----D---- C:\WINDOWS\AppPatch
2008-11-17 10:54:41 ----RSD---- C:\WINDOWS\Fonts
2008-11-17 10:54:36 ----D---- C:\WINDOWS\system32\drivers
2008-11-17 10:51:27 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-17 10:48:11 ----D---- C:\WINDOWS\security
2008-11-17 10:43:12 ----D---- C:\Program Files\Messenger
2008-11-17 10:35:46 ----D---- C:\WINDOWS\WinSxS
2008-11-17 10:35:25 ----D---- C:\Program Files\Windows Media Player
2008-11-17 10:35:23 ----D---- C:\WINDOWS\Help
2008-11-17 10:34:51 ----D---- C:\WINDOWS\network diagnostic
2008-11-17 10:34:51 ----D---- C:\WINDOWS\ime
2008-11-17 10:34:25 ----D---- C:\WINDOWS\system32\usmt
2008-11-17 10:34:25 ----D---- C:\WINDOWS\system32\en-US
2008-11-17 10:34:20 ----D---- C:\WINDOWS\PeerNet
2008-11-17 10:34:19 ----D---- C:\Program Files\Movie Maker
2008-11-17 10:29:27 ----D---- C:\WINDOWS\system32\Restore
2008-11-17 10:29:26 ----D---- C:\WINDOWS\system32\npp
2008-11-17 10:29:23 ----D---- C:\WINDOWS\msagent
2008-11-17 10:29:19 ----D---- C:\WINDOWS\srchasst
2008-11-17 10:29:14 ----D---- C:\Program Files\NetMeeting
2008-11-17 10:29:08 ----D---- C:\WINDOWS\system32\Com
2008-11-17 10:29:00 ----D---- C:\Program Files\Windows NT
2008-11-17 10:29:00 ----D---- C:\Program Files\Outlook Express
2008-11-17 10:28:55 ----D---- C:\Program Files\Common Files\System
2008-11-17 10:28:25 ----D---- C:\WINDOWS\system32\oobe
2008-11-17 10:28:22 ----D---- C:\WINDOWS\system
2008-11-16 06:51:23 ----D---- C:\Program Files\Mozilla Firefox
2008-11-15 17:04:17 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-15 17:04:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-15 16:59:38 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-15 16:57:03 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-11-15 16:55:08 ----D---- C:\Program Files\Common Files
2008-11-15 14:31:27 ----D---- C:\Program Files\Internet Explorer
2008-11-15 09:14:47 ----D---- C:\Documents and Settings\Dana\Application Data\LimeWire
2008-11-06 17:01:40 ----D---- C:\WINDOWS\system32\FxsTmp
2008-11-03 19:26:37 ----D---- C:\Program Files\Roxio
2008-11-03 16:10:26 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-11-15 80400]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2008-04-20 8552]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-11-15 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2008-11-15 205328]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-11-15 1195448]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-06 4652544]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-06 6811904]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\drivers\NVENETFD.sys [2008-04-06 54400]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\drivers\nvnetbus.sys [2008-04-06 22016]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2008-11-15 334352]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Serial emulation modem driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-04-06 155716]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-11-15 707128]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-03-11 202544]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008-09-18 337160]
R2 TmPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2008-11-15 492888]
R2 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-11-15 677128]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-06-02 504104]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-20 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-20 138168]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-12-02 74384]

-----------------EOF-----------------






--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron™ Processor LE-1300 )
BIOS : oC)Phoenix - AwardBIOSTeDell System v6.00PG
USER : Dana ( Administrator )
BOOT : Normal boot
Antivirus : Trend Micro Internet Security 17.0.1224 (Not Activated)
Firewall : Trend Micro Personal Firewall 5.5 (Activated)
C:\ (Local Disk) - NTFS - Total:148 Go (Free:127 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Wed 11/19/2008|14:08 )

--------------------\\ Listing folders in APPLIC~1

[11/17/2008|08:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe
[05/03/2008|09:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> AOL
[09/08/2008|07:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Apple Computer
[04/20/2008|08:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> CyberLink
[08/10/2004|12:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[11/17/2008|08:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Macromedia
[04/20/2008|08:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[04/20/2008|08:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Symantec
[04/20/2008|08:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[05/04/2008|06:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[05/03/2008|09:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[06/13/2008|11:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[06/13/2008|11:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[05/03/2008|08:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dell
[04/20/2008|08:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[04/20/2008|08:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[05/28/2008|06:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kodak
[11/16/2008|08:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[11/17/2008|06:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[05/04/2008|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[04/20/2008|08:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[08/10/2004|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[05/02/2008|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[04/20/2008|08:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[11/15/2008|05:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[04/20/2008|08:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft
[11/15/2008|04:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[08/20/2008|07:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[11/15/2008|06:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trend Micro
[04/20/2008|08:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Uninstall
[04/20/2008|08:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[11/17/2008|05:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[10/07/2008|03:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[10/10/2008|05:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[05/02/2008|04:08] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Adobe
[05/03/2008|09:27] C:\DOCUME~1\Dana\APPLIC~1\<DIR> AOL
[07/08/2008|09:07] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Apple Computer
[04/20/2008|08:27] C:\DOCUME~1\Dana\APPLIC~1\<DIR> CyberLink
[05/02/2008|10:10] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Google
[08/10/2004|12:08] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Identities
[11/15/2008|09:14] C:\DOCUME~1\Dana\APPLIC~1\<DIR> LimeWire
[05/02/2008|10:13] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Macromedia
[11/16/2008|08:00] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Malwarebytes
[08/14/2008|05:31] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Microsoft
[05/29/2008|01:47] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Mozilla
[05/15/2008|04:53] C:\DOCUME~1\Dana\APPLIC~1\<DIR> MySpace
[05/06/2008|04:01] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Roxio
[07/03/2008|03:25] C:\DOCUME~1\Dana\APPLIC~1\<DIR> SecondLife
[11/19/2008|02:01] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Skype
[11/19/2008|06:12] C:\DOCUME~1\Dana\APPLIC~1\<DIR> skypePM
[05/03/2008|05:44] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Sun
[04/20/2008|08:30] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Symantec
[08/04/2008|03:51] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Template
[10/17/2008|11:06] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Yahoo!
[04/20/2008|08:31] C:\DOCUME~1\Dana\APPLIC~1\<DIR> You've Got Pictures Screensaver

[05/03/2008|09:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> AOL
[09/08/2008|07:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Apple Computer
[04/20/2008|08:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> CyberLink
[08/10/2004|12:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[04/20/2008|08:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[04/20/2008|08:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Symantec
[04/20/2008|08:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[05/02/2008|06:52] C:\DOCUME~1\Halla\APPLIC~1\<DIR> Adobe
[05/03/2008|09:27] C:\DOCUME~1\Halla\APPLIC~1\<DIR> AOL
[09/15/2008|02:55] C:\DOCUME~1\Halla\APPLIC~1\<DIR> Apple Computer
[04/20/2008|08:27] C:\DOCUME~1\Halla\APPLIC~1\<DIR> CyberLink
[05/02/2008|02:15] C:\DOCUME~1\Halla\APPLIC~1\<DIR> Google
[08/10/2004|12:08] C:\DOCUME~1\Halla\APPLIC~1\<DIR> Identities
[05/02/2008|06:50] C:\DOCUME~1\Halla\APPLIC~1\<DIR> InstallShield
[11/14/2008|04:23] C:\DOCUME~1\Halla\APPLIC~1\<DIR> LimeWire
[05/02/2008|02:16] C:\DOCUME~1\Halla\APPLIC~1\<DIR> Macromedia
[05/21/2008|08:23] C:\DOCUME~1\Halla\APPLIC~1\<DIR> Microsoft
[05/11/2008|12:15] C:\DOCUME~1\Halla\APPLIC~1\<DIR> MySpace
[04/20/2008|08:30] C:\DOCUME~1\Halla\APPLIC~1\<DIR> Symantec
[05/19/2008|04:25] C:\DOCUME~1\Halla\APPLIC~1\<DIR> Template
[05/02/2008|02:16] C:\DOCUME~1\Halla\APPLIC~1\<DIR> Yahoo!
[04/20/2008|08:31] C:\DOCUME~1\Halla\APPLIC~1\<DIR> You've Got Pictures Screensaver

[05/02/2008|10:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[06/07/2008|09:36] C:\DOCUME~1\Logan\APPLIC~1\<DIR> Adobe
[05/03/2008|09:27] C:\DOCUME~1\Logan\APPLIC~1\<DIR> AOL
[10/12/2008|05:59] C:\DOCUME~1\Logan\APPLIC~1\<DIR> Apple Computer
[04/20/2008|08:27] C:\DOCUME~1\Logan\APPLIC~1\<DIR> CyberLink
[05/09/2008|02:50] C:\DOCUME~1\Logan\APPLIC~1\<DIR> Google
[08/10/2004|12:08] C:\DOCUME~1\Logan\APPLIC~1\<DIR> Identities
[05/02/2008|03:32] C:\DOCUME~1\Logan\APPLIC~1\<DIR> Macromedia
[10/10/2008|07:58] C:\DOCUME~1\Logan\APPLIC~1\<DIR> Microsoft
[05/22/2008|05:18] C:\DOCUME~1\Logan\APPLIC~1\<DIR> MySpace
[08/13/2008|07:40] C:\DOCUME~1\Logan\APPLIC~1\<DIR> Skype
[06/09/2008|02:09] C:\DOCUME~1\Logan\APPLIC~1\<DIR> Sun
[04/20/2008|08:30] C:\DOCUME~1\Logan\APPLIC~1\<DIR> Symantec
[10/10/2008|07:58] C:\DOCUME~1\Logan\APPLIC~1\<DIR> Template
[05/02/2008|03:32] C:\DOCUME~1\Logan\APPLIC~1\<DIR> Yahoo!
[04/20/2008|08:31] C:\DOCUME~1\Logan\APPLIC~1\<DIR> You've Got Pictures Screensaver

[05/02/2008|10:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft


--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/19/2008 02:02 PM][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[11/14/2008 08:22 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[11/12/2008 07:29 PM][--a------] C:\WINDOWS\tasks\EasyShare Registration Task.job
[11/19/2008 01:59 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 04:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[07/23/2008|04:06] C:\Program Files\<DIR> Adobe
[09/12/2008|06:00] C:\Program Files\<DIR> Apple Software Update
[06/13/2008|11:46] C:\Program Files\<DIR> Bonjour
[11/15/2008|04:55] C:\Program Files\<DIR> Common Files
[08/10/2004|12:02] C:\Program Files\<DIR> ComPlus Applications
[04/20/2008|08:08] C:\Program Files\<DIR> CONEXANT
[04/20/2008|08:23] C:\Program Files\<DIR> CyberLink
[04/20/2008|08:32] C:\Program Files\<DIR> Dell
[04/20/2008|08:26] C:\Program Files\<DIR> Dell Support Center
[05/04/2008|10:48] C:\Program Files\<DIR> directx
[08/10/2008|04:36] C:\Program Files\<DIR> Disney Interactive
[04/20/2008|08:31] C:\Program Files\<DIR> EarthLink Setup
[05/23/2008|02:20] C:\Program Files\<DIR> Google
[05/20/2008|04:00] C:\Program Files\<DIR> Hewlett-Packard
[07/02/2008|06:57] C:\Program Files\<DIR> Infogrames Interactive
[08/10/2008|04:37] C:\Program Files\<DIR> InstallShield Installation Information
[11/15/2008|02:31] C:\Program Files\<DIR> Internet Explorer
[06/13/2008|11:46] C:\Program Files\<DIR> iPod
[06/13/2008|11:46] C:\Program Files\<DIR> iTunes
[07/12/2008|08:20] C:\Program Files\<DIR> Java
[05/28/2008|06:13] C:\Program Files\<DIR> Kodak
[07/05/2008|01:49] C:\Program Files\<DIR> KONAMI
[11/19/2008|01:45] C:\Program Files\<DIR> LimeWire
[11/16/2008|08:00] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[11/17/2008|10:43] C:\Program Files\<DIR> Messenger
[08/10/2004|12:04] C:\Program Files\<DIR> microsoft frontpage
[04/20/2008|08:26] C:\Program Files\<DIR> Microsoft Office
[04/20/2008|08:26] C:\Program Files\<DIR> Microsoft Works
[04/20/2008|08:22] C:\Program Files\<DIR> Modem Diagnostic Tool
[11/17/2008|10:34] C:\Program Files\<DIR> Movie Maker
[11/16/2008|06:51] C:\Program Files\<DIR> Mozilla Firefox
[08/10/2004|12:01] C:\Program Files\<DIR> MSN
[08/10/2004|12:01] C:\Program Files\<DIR> MSN Gaming Zone
[05/29/2008|02:00] C:\Program Files\<DIR> MSXML 4.0
[04/20/2008|08:19] C:\Program Files\<DIR> MSXML 6.0
[05/11/2008|12:15] C:\Program Files\<DIR> MySpace
[11/17/2008|10:29] C:\Program Files\<DIR> NetMeeting
[04/20/2008|08:23] C:\Program Files\<DIR> NetWaiting
[10/22/2008|04:14] C:\Program Files\<DIR> New Tier
[08/10/2004|12:01] C:\Program Files\<DIR> Online Services
[11/17/2008|10:29] C:\Program Files\<DIR> Outlook Express
[08/19/2008|11:19] C:\Program Files\<DIR> Panda Security
[05/02/2008|06:51] C:\Program Files\<DIR> Philips
[06/13/2008|11:46] C:\Program Files\<DIR> QuickTime
[04/20/2008|08:31] C:\Program Files\<DIR> Real
[11/03/2008|07:26] C:\Program Files\<DIR> Roxio
[07/03/2008|03:27] C:\Program Files\<DIR> SecondLife
[05/02/2008|12:05] C:\Program Files\<DIR> Skype
[11/15/2008|05:04] C:\Program Files\<DIR> Spybot - Search & Destroy
[05/15/2008|05:58] C:\Program Files\<DIR> Sun
[11/16/2008|07:09] C:\Program Files\<DIR> Trend Micro
[08/10/2004|12:08] C:\Program Files\<DIR> Uninstall Information
[10/10/2008|05:55] C:\Program Files\<DIR> Webshots
[11/17/2008|06:47] C:\Program Files\<DIR> Windows Defender
[11/17/2008|10:35] C:\Program Files\<DIR> Windows Media Player
[11/17/2008|10:29] C:\Program Files\<DIR> Windows NT
[08/10/2004|12:02] C:\Program Files\<DIR> WindowsUpdate
[08/10/2004|12:04] C:\Program Files\<DIR> xerox
[05/22/2008|04:52] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[05/04/2008|06:45] C:\Program Files\Common Files\<DIR> Adobe
[05/03/2008|09:34] C:\Program Files\Common Files\<DIR> AOL
[06/13/2008|11:44] C:\Program Files\Common Files\<DIR> Apple
[04/20/2008|08:32] C:\Program Files\Common Files\<DIR> InstallShield
[04/20/2008|08:20] C:\Program Files\Common Files\<DIR> Java
[05/28/2008|06:12] C:\Program Files\Common Files\<DIR> Kodak
[11/17/2008|06:47] C:\Program

#9 heir

  • Group: Malware Removal
  • Posts: 5,427
  • Joined: 19-February 08

Posted 19 November 2008 - 03:22 PM

The last log got cut off.

Please post the content of C:\lopR.txt again.

#10 spywarehater

  • Group: Member
  • Posts: 40
  • Joined: 15-April 05

Posted 19 November 2008 - 03:39 PM

Heir,

Sorry. Here it is:


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron™ Processor LE-1300 )
BIOS : oC)Phoenix - AwardBIOSTeDell System v6.00PG
USER : Dana ( Administrator )
BOOT : Normal boot
Antivirus : Trend Micro Internet Security 17.0.1224 (Not Activated)
Firewall : Trend Micro Personal Firewall 5.5 (Activated)
C:\ (Local Disk) - NTFS - Total:148 Go (Free:127 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Wed 11/19/2008|14:08 )

--------------------\\ Listing folders in APPLIC~1

[11/17/2008|08:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe
[05/03/2008|09:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> AOL
[09/08/2008|07:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Apple Computer
[04/20/2008|08:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> CyberLink
[08/10/2004|12:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[11/17/2008|08:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Macromedia
[04/20/2008|08:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[04/20/2008|08:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Symantec
[04/20/2008|08:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[05/04/2008|06:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[05/03/2008|09:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[06/13/2008|11:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[06/13/2008|11:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[05/03/2008|08:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dell
[04/20/2008|08:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[04/20/2008|08:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[05/28/2008|06:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kodak
[11/16/2008|08:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[11/17/2008|06:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[05/04/2008|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[04/20/2008|08:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[08/10/2004|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[05/02/2008|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[04/20/2008|08:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[11/15/2008|05:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[04/20/2008|08:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft
[11/15/2008|04:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[08/20/2008|07:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[11/15/2008|06:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trend Micro
[04/20/2008|08:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Uninstall
[04/20/2008|08:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[11/17/2008|05:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[10/07/2008|03:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[10/10/2008|05:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[05/02/2008|04:08] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Adobe
[05/03/2008|09:27] C:\DOCUME~1\Dana\APPLIC~1\<DIR> AOL
[07/08/2008|09:07] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Apple Computer
[04/20/2008|08:27] C:\DOCUME~1\Dana\APPLIC~1\<DIR> CyberLink
[05/02/2008|10:10] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Google
[08/10/2004|12:08] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Identities
[11/15/2008|09:14] C:\DOCUME~1\Dana\APPLIC~1\<DIR> LimeWire
[05/02/2008|10:13] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Macromedia
[11/16/2008|08:00] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Malwarebytes
[08/14/2008|05:31] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Microsoft
[05/29/2008|01:47] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Mozilla
[05/15/2008|04:53] C:\DOCUME~1\Dana\APPLIC~1\<DIR> MySpace
[05/06/2008|04:01] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Roxio
[07/03/2008|03:25] C:\DOCUME~1\Dana\APPLIC~1\<DIR> SecondLife
[11/19/2008|02:01] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Skype
[11/19/2008|06:12] C:\DOCUME~1\Dana\APPLIC~1\<DIR> skypePM
[05/03/2008|05:44] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Sun
[04/20/2008|08:30] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Symantec
[08/04/2008|03:51] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Template
[10/17/2008|11:06] C:\DOCUME~1\Dana\APPLIC~1\<DIR> Yahoo!
[04/20/2008|08:31] C:\DOCUME~1\Dana\APPLIC~1\<DIR> You've Got Pictures Screensaver

[05/03/2008|09:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> AOL
[09/08/2008|07:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Apple Computer
[04/20/2008|08:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> CyberLink
[08/10/2004|12:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[04/20/2008|08:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[04/20/2008|08:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Symantec
[04/20/2008|08:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[05/02/2008|06:52] C:\DOCUME~1\Halla\APPLIC~1\<DIR> Adobe
[05/03/2008|09:27] C:\DOCUME~1\Halla\APPLIC~1\<DIR> AOL
[09/15/2008|02:55] C:\DOCUME~1\Halla\APPLIC~1\<DIR> Apple Computer
[04/20/2008|08:27] C:\DOCUME~1\Halla\APPLIC~1\<DIR> CyberLink
[05/02/2008|02:15] C:\DOCUME~1\Halla\APPLIC~1\<DIR> Google
[08/10/2004|12:08] C:\DOCUME~1\Halla\APPLIC~1\<DIR> Identities
[05/02/2008|06:50] C:\DOCUME~1\Halla\APPLIC~1\<DIR> InstallShield
[11/14/2008|04:23] C:\DOCUME~1\Halla\APPLIC~1\<DIR> LimeWire
[05/02/2008|02:16] C:\DOCUME~1\Halla\APPLIC~1\<DIR> Macromedia
[05/21/2008|08:23] C:\DOCUME~1\Halla\APPLIC~1\<DIR> Microsoft
[05/11/2008|12:15] C:\DOCUME~1\Halla\APPLIC~1\<DIR> MySpace
[04/20/2008|08:30] C:\DOCUME~1\Halla\APPLIC~1\<DIR> Symantec
[05/19/2008|04:25] C:\DOCUME~1\Halla\APPLIC~1\<DIR> Template
[05/02/2008|02:16] C:\DOCUME~1\Halla\APPLIC~1\<DIR> Yahoo!
[04/20/2008|08:31] C:\DOCUME~1\Halla\APPLIC~1\<DIR> You've Got Pictures Screensaver

[05/02/2008|10:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[06/07/2008|09:36] C:\DOCUME~1\Logan\APPLIC~1\<DIR> Adobe
[05/03/2008|09:27] C:\DOCUME~1\Logan\APPLIC~1\<DIR> AOL
[10/12/2008|05:59] C:\DOCUME~1\Logan\APPLIC~1\<DIR> Apple Computer
[04/20/2008|08:27] C:\DOCUME~1\Logan\APPLIC~1\<DIR> CyberLink
[05/09/2008|02:50] C:\DOCUME~1\Logan\APPLIC~1\<DIR> Google
[08/10/2004|12:08] C:\DOCUME~1\Logan\APPLIC~1\<DIR> Identities
[05/02/2008|03:32] C:\DOCUME~1\Logan\APPLIC~1\<DIR> Macromedia
[10/10/2008|07:58] C:\DOCUME~1\Logan\APPLIC~1\<DIR> Microsoft
[05/22/2008|05:18] C:\DOCUME~1\Logan\APPLIC~1\<DIR> MySpace
[08/13/2008|07:40] C:\DOCUME~1\Logan\APPLIC~1\<DIR> Skype
[06/09/2008|02:09] C:\DOCUME~1\Logan\APPLIC~1\<DIR> Sun
[04/20/2008|08:30] C:\DOCUME~1\Logan\APPLIC~1\<DIR> Symantec
[10/10/2008|07:58] C:\DOCUME~1\Logan\APPLIC~1\<DIR> Template
[05/02/2008|03:32] C:\DOCUME~1\Logan\APPLIC~1\<DIR> Yahoo!
[04/20/2008|08:31] C:\DOCUME~1\Logan\APPLIC~1\<DIR> You've Got Pictures Screensaver

[05/02/2008|10:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft


--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/19/2008 02:02 PM][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[11/14/2008 08:22 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[11/12/2008 07:29 PM][--a------] C:\WINDOWS\tasks\EasyShare Registration Task.job
[11/19/2008 01:59 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 04:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[07/23/2008|04:06] C:\Program Files\<DIR> Adobe
[09/12/2008|06:00] C:\Program Files\<DIR> Apple Software Update
[06/13/2008|11:46] C:\Program Files\<DIR> Bonjour
[11/15/2008|04:55] C:\Program Files\<DIR> Common Files
[08/10/2004|12:02] C:\Program Files\<DIR> ComPlus Applications
[04/20/2008|08:08] C:\Program Files\<DIR> CONEXANT
[04/20/2008|08:23] C:\Program Files\<DIR> CyberLink
[04/20/2008|08:32] C:\Program Files\<DIR> Dell
[04/20/2008|08:26] C:\Program Files\<DIR> Dell Support Center
[05/04/2008|10:48] C:\Program Files\<DIR> directx
[08/10/2008|04:36] C:\Program Files\<DIR> Disney Interactive
[04/20/2008|08:31] C:\Program Files\<DIR> EarthLink Setup
[05/23/2008|02:20] C:\Program Files\<DIR> Google
[05/20/2008|04:00] C:\Program Files\<DIR> Hewlett-Packard
[07/02/2008|06:57] C:\Program Files\<DIR> Infogrames Interactive
[08/10/2008|04:37] C:\Program Files\<DIR> InstallShield Installation Information
[11/15/2008|02:31] C:\Program Files\<DIR> Internet Explorer
[06/13/2008|11:46] C:\Program Files\<DIR> iPod
[06/13/2008|11:46] C:\Program Files\<DIR> iTunes
[07/12/2008|08:20] C:\Program Files\<DIR> Java
[05/28/2008|06:13] C:\Program Files\<DIR> Kodak
[07/05/2008|01:49] C:\Program Files\<DIR> KONAMI
[11/19/2008|01:45] C:\Program Files\<DIR> LimeWire
[11/16/2008|08:00] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[11/17/2008|10:43] C:\Program Files\<DIR> Messenger
[08/10/2004|12:04] C:\Program Files\<DIR> microsoft frontpage
[04/20/2008|08:26] C:\Program Files\<DIR> Microsoft Office
[04/20/2008|08:26] C:\Program Files\<DIR> Microsoft Works
[04/20/2008|08:22] C:\Program Files\<DIR> Modem Diagnostic Tool
[11/17/2008|10:34] C:\Program Files\<DIR> Movie Maker
[11/16/2008|06:51] C:\Program Files\<DIR> Mozilla Firefox
[08/10/2004|12:01] C:\Program Files\<DIR> MSN
[08/10/2004|12:01] C:\Program Files\<DIR> MSN Gaming Zone
[05/29/2008|02:00] C:\Program Files\<DIR> MSXML 4.0
[04/20/2008|08:19] C:\Program Files\<DIR> MSXML 6.0
[05/11/2008|12:15] C:\Program Files\<DIR> MySpace
[11/17/2008|10:29] C:\Program Files\<DIR> NetMeeting
[04/20/2008|08:23] C:\Program Files\<DIR> NetWaiting
[10/22/2008|04:14] C:\Program Files\<DIR> New Tier
[08/10/2004|12:01] C:\Program Files\<DIR> Online Services
[11/17/2008|10:29] C:\Program Files\<DIR> Outlook Express
[08/19/2008|11:19] C:\Program Files\<DIR> Panda Security
[05/02/2008|06:51] C:\Program Files\<DIR> Philips
[06/13/2008|11:46] C:\Program Files\<DIR> QuickTime
[04/20/2008|08:31] C:\Program Files\<DIR> Real
[11/03/2008|07:26] C:\Program Files\<DIR> Roxio
[07/03/2008|03:27] C:\Program Files\<DIR> SecondLife
[05/02/2008|12:05] C:\Program Files\<DIR> Skype
[11/15/2008|05:04] C:\Program Files\<DIR> Spybot - Search & Destroy
[05/15/2008|05:58] C:\Program Files\<DIR> Sun
[11/16/2008|07:09] C:\Program Files\<DIR> Trend Micro
[08/10/2004|12:08] C:\Program Files\<DIR> Uninstall Information
[10/10/2008|05:55] C:\Program Files\<DIR> Webshots
[11/17/2008|06:47] C:\Program Files\<DIR> Windows Defender
[11/17/2008|10:35] C:\Program Files\<DIR> Windows Media Player
[11/17/2008|10:29] C:\Program Files\<DIR> Windows NT
[08/10/2004|12:02] C:\Program Files\<DIR> WindowsUpdate
[08/10/2004|12:04] C:\Program Files\<DIR> xerox
[05/22/2008|04:52] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[05/04/2008|06:45] C:\Program Files\Common Files\<DIR> Adobe
[05/03/2008|09:34] C:\Program Files\Common Files\<DIR> AOL
[06/13/2008|11:44] C:\Program Files\Common Files\<DIR> Apple
[04/20/2008|08:32] C:\Program Files\Common Files\<DIR> InstallShield
[04/20/2008|08:20] C:\Program Files\Common Files\<DIR> Java
[05/28/2008|06:12] C:\Program Files\Common Files\<DIR> Kodak
[11/17/2008|06:47] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/10/2004|12:02] C:\Program Files\Common Files\<DIR> MSSoap
[04/20/2008|08:31] C:\Program Files\Common Files\<DIR> Nullsoft
[08/10/2004|11:57] C:\Program Files\Common Files\<DIR> ODBC
[04/20/2008|08:31] C:\Program Files\Common Files\<DIR> Real
[04/20/2008|08:27] C:\Program Files\Common Files\<DIR> Roxio Shared
[08/10/2004|12:02] C:\Program Files\Common Files\<DIR> Services
[05/02/2008|12:05] C:\Program Files\Common Files\<DIR> Skype
[04/20/2008|08:27] C:\Program Files\Common Files\<DIR> Sonic Shared
[08/10/2004|11:57] C:\Program Files\Common Files\<DIR> SpeechEngines
[04/20/2008|08:26] C:\Program Files\Common Files\<DIR> supportsoft
[04/20/2008|08:27] C:\Program Files\Common Files\<DIR> SureThing Shared
[11/15/2008|04:59] C:\Program Files\Common Files\<DIR> Symantec Shared
[11/17/2008|10:28] C:\Program Files\Common Files\<DIR> System

--------------------\\ Process

( 44 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 14:10:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Dana\Desktop\Insaniquarium Deluxe\images\eggcrack1.gif
C:\DOCUME~1\Dana\Desktop\Insaniquarium Deluxe\images\eggcrack2.gif
C:\DOCUME~1\Dana\Desktop\Insaniquarium Deluxe\images\_eggcrack1.gif
C:\DOCUME~1\Dana\Desktop\Insaniquarium Deluxe\images\_eggcrack2.gif
C:\DOCUME~1\ALLUSE~1\Documents\popcap games crack
C:\DOCUME~1\ALLUSE~1\Documents\popcap games crack\ssg.nfo


[F:28][D:3]-> C:\DOCUME~1\Dana\LOCALS~1\Temp
[F:43][D:0]-> C:\DOCUME~1\Dana\Cookies
[F:683][D:17]-> C:\DOCUME~1\Dana\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Wed 11/19/2008|14:14 - Option : [1]

--------------------\\ Scan completed at 14:14:08

#11 heir

  • Group: Malware Removal
  • Posts: 5,427
  • Joined: 19-February 08

Posted 19 November 2008 - 05:25 PM

Hello again

Quote

Sorry. Here it is:
No problem.
One log is still missing. The result from OTMoveIt3.

Can you please post the results from OTMoveIt3 also.


Please open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

#12 spywarehater

  • Group: Member
  • Posts: 40
  • Joined: 15-April 05

Posted 19 November 2008 - 05:31 PM

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service nenum13E stopped successfully.
Service nenum13E deleted successfully.
========== FILES ==========
C:\Windows\ALCMTR.EXE moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\dbnmpntw32.dll
C:\WINDOWS\System32\dbnmpntw32.dll NOT unregistered.
C:\WINDOWS\System32\dbnmpntw32.dll moved successfully.
C:\WINDOWS\system32\6D.tmp moved successfully.
C:\WINDOWS\system32\90.tmp moved successfully.
C:\WINDOWS\system32\40.tmp moved successfully.
C:\WINDOWS\system32\D7.tmp moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology moved successfully.
C:\Program Files\Viewpoint moved successfully.
========== REGISTRY ==========
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLs"|"C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\9463dd5f502\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02582408-4614-11dd-ab06-001aa06fadc8}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{754b491c-4acb-11dd-ab07-001aa06fadc8}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Dana\LOCALS~1\Temp\~DF57D6.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11192008_135557

Files moved on Reboot...
C:\DOCUME~1\Dana\LOCALS~1\Temp\~DF57D6.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

#13 heir

  • Group: Malware Removal
  • Posts: 5,427
  • Joined: 19-February 08

Posted 19 November 2008 - 05:37 PM

Thank you!

It's late here.
I'll get back to you tomorrow.

#14 heir

  • Group: Malware Removal
  • Posts: 5,427
  • Joined: 19-February 08

Posted 20 November 2008 - 02:00 PM

Hello again spywarehater!

The source of your infections is likely related to all the cracks and keygens that I found on your computer. If you are truly interested in staying clean in the future, I strongly recommend that you stay away from Cracks and Keygens. Failure to heed my warning may result in the reinfection of your computer. If you choose to continue down this path, we may not be able to help you here in the future.

You ran Lop S&D before RSIT.
Please always do the steps in the order that I provide as it can be vital for success or failure.

There are some stubborn entries that respawns.
We're gonna use another tool here.

There are some images with suspicious names

Quote

C:\DOCUME~1\Dana\Desktop\Insaniquarium Deluxe\images\eggcrack1.gif
C:\DOCUME~1\Dana\Desktop\Insaniquarium Deluxe\images\eggcrack2.gif
C:\DOCUME~1\Dana\Desktop\Insaniquarium Deluxe\images\_eggcrack1.gif
C:\DOCUME~1\Dana\Desktop\Insaniquarium Deluxe\images\_eggcrack2.gif
Do you recognaise these files?

Step 1.
Run Combofix:

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools


  • Double click on ComboFix.exe & follow the prompts.


  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Step 2.
Things I would like to see in your reply:

  • The answer to my question in the beginning of this post.
  • The content of C:\ComboFix.txt from Step 1.

#15 spywarehater

  • Group: Member
  • Posts: 40
  • Joined: 15-April 05

Posted 20 November 2008 - 05:00 PM

I didn't recognize those files until I had a talk with my kids. Limewire is HISTORY!!!! Is Rhapsody safe?

I did the steps in order, but posted the logs outta order.

Here is the ComboFix log:

ComboFix 08-11-19.08 - Dana 2008-11-20 15:47:37.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1476 [GMT -6:00]
Running from: c:\documents and settings\Dana\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-10-20 to 2008-11-20 )))))))))))))))))))))))))))))))
.

2008-11-20 09:59 . 2008-11-20 09:59 374,784 --ahs---- c:\windows\system32\40.tmp
2008-11-19 14:07 . 2008-11-19 14:14 <DIR> d-------- C:\Lop SD
2008-11-19 13:55 . 2008-11-19 13:55 <DIR> d-------- C:\_OTMoveIt
2008-11-18 13:15 . 2008-11-18 13:15 <DIR> d-------- C:\rsit
2008-11-17 20:31 . 2008-04-20 08:31 <DIR> d-------- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-11-17 20:31 . 2008-04-20 08:30 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2008-11-17 20:31 . 2008-04-20 08:27 <DIR> d-------- c:\documents and settings\Administrator\Application Data\CyberLink
2008-11-17 20:31 . 2008-09-08 19:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2008-11-17 20:31 . 2008-05-03 09:27 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AOL
2008-11-17 20:31 . 2008-11-17 20:31 <DIR> d-------- c:\documents and settings\Administrator
2008-11-17 18:47 . 2008-11-17 18:47 <DIR> d-------- c:\program files\Windows Defender
2008-11-17 10:34 . 2008-11-17 10:34 <DIR> d-------- c:\windows\system32\scripting
2008-11-17 10:34 . 2008-11-17 10:34 <DIR> d-------- c:\windows\system32\en
2008-11-17 10:34 . 2008-11-17 10:34 <DIR> d-------- c:\windows\system32\bits
2008-11-17 10:34 . 2008-11-17 10:34 <DIR> d-------- c:\windows\l2schemas
2008-11-17 10:29 . 2008-11-17 10:35 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-17 10:19 . 2008-11-17 10:19 <DIR> d-------- c:\windows\EHome
2008-11-16 08:00 . 2008-11-16 08:00 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-16 08:00 . 2008-11-16 08:00 <DIR> d-------- c:\documents and settings\Dana\Application Data\Malwarebytes
2008-11-16 08:00 . 2008-11-16 08:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-16 08:00 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-16 08:00 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-15 17:10 . 2008-08-04 02:16 50,192 --a------ c:\windows\system32\drivers\tmactmon.sys
2008-11-15 17:10 . 2008-08-04 02:16 49,680 --a------ c:\windows\system32\drivers\tmevtmgr.sys
2008-11-15 17:09 . 2008-11-15 18:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trend Micro
2008-11-15 17:08 . 2008-11-16 07:09 <DIR> d-------- c:\program files\Trend Micro
2008-11-15 17:03 . 2008-11-15 17:03 1,195,448 --a------ c:\windows\system32\drivers\vsapint.sys
2008-11-15 17:03 . 2008-11-15 17:03 661,808 --a------ c:\windows\system32\UfWSC.cpl
2008-11-15 17:03 . 2008-11-15 17:03 334,352 --a------ c:\windows\system32\drivers\TM_CFW.sys
2008-11-15 17:03 . 2008-11-15 17:03 205,328 --a------ c:\windows\system32\drivers\tmxpflt.sys
2008-11-15 17:03 . 2008-11-15 17:03 80,400 --a------ c:\windows\system32\drivers\tmtdi.sys
2008-11-15 17:03 . 2008-11-15 17:03 36,368 --a------ c:\windows\system32\drivers\tmpreflt.sys
2008-11-15 09:27 . 2008-11-15 09:27 8,260 --a------ c:\windows\GnuHashes.ini
2008-11-15 09:20 . 2008-11-18 06:49 <DIR> d--hs---- c:\windows\system32\GroupPolicyManifest
2008-11-15 09:20 . 2008-11-19 13:55 135,168 --a------ c:\windows\system32\dbnmpntw32.dll
2008-11-15 09:20 . 2008-11-17 20:32 1,836 --ahs---- c:\windows\system32\GroupPolicy000.dat
2008-11-12 13:09 . 2008-10-24 05:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:00 . 2008-10-15 10:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-22 16:14 . 2008-10-22 16:14 <DIR> d-------- c:\program files\New Tier

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 21:39 --------- d-----w c:\documents and settings\Dana\Application Data\Skype
2008-11-20 21:35 --------- d-----w c:\documents and settings\Dana\Application Data\skypePM
2008-11-19 19:45 --------- d-----w c:\program files\LimeWire
2008-11-15 23:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-15 23:04 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-15 22:59 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-15 22:57 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-15 15:14 --------- d-----w c:\documents and settings\Dana\Application Data\LimeWire
2008-11-14 22:23 --------- d-----w c:\documents and settings\Halla\Application Data\LimeWire
2008-11-04 01:26 --------- d-----w c:\program files\Roxio
2008-10-24 12:11 2,302 ----a-w c:\documents and settings\Dana\Application Data\wklnhst.dat
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-17 17:06 --------- d-----w c:\documents and settings\Dana\Application Data\Yahoo!
2008-10-12 23:59 --------- d-----w c:\documents and settings\Logan\Application Data\Apple Computer
2008-10-10 23:55 --------- d-----w c:\program files\Webshots
2008-10-10 23:17 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-10-10 13:58 0 ----a-w c:\documents and settings\Logan\Application Data\wklnhst.dat
2008-10-10 13:58 --------- d-----w c:\documents and settings\Logan\Application Data\Template
2008-10-07 21:49 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-22 22:08 288 ----a-w c:\documents and settings\Halla\Application Data\wklnhst.dat
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 17:15 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
2008-08-27 08:24 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-30 22058792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-11-15 497008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-06 8466432]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-20 29744]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"HostManager"="c:\program files\Common Files\AOL\1208701829\EE\AOLHostManager.exe" [2004-11-03 125528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2005-07-22 188416]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-11-15 970808]
"nwiz"="nwiz.exe" [2008-04-06 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-06 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-11-15 497008]

c:\documents and settings\Dana\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-07-02 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\9463dd5f502]
2008-11-19 13:55 135168 c:\windows\system32\dbnmpntw32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1208701829\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-08-19 28544]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-13 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2008-04-13 18:12]

2008-11-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Dana\Application Data\Mozilla\Firefox\Profiles\fdp9zge9.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-20 15:48:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\winlogon.exe
-> c:\windows\System32\dbnmpntw32.dll
.
Completion time: 2008-11-20 15:49:32
ComboFix-quarantined-files.txt 2008-11-20 21:49:18
ComboFix2.txt 2008-11-20 21:38:29

Pre-Run: 136,550,662,144 bytes free
Post-Run: 136,537,010,176 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

191 --- E O F --- 2008-11-19 09:01:43

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3