Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3
5/12/2009 7:11:06 PM
mbam-log-2009-05-12 (19-11-06).txt
Scan type: Quick Scan
Objects scanned: 47302
Time elapsed: 6 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 10
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.157,85.255.112.63 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49d542ce-9fb3-47d3-8bb6-cc42607f021e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.157,85.255.112.63 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8c276a8f-204c-4bbd-a843-0d266dbdcf57}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.157,85.255.112.63 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.157,85.255.112.63 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{49d542ce-9fb3-47d3-8bb6-cc42607f021e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.157,85.255.112.63 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8c276a8f-204c-4bbd-a843-0d266dbdcf57}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.157,85.255.112.63 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.157,85.255.112.63 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{49d542ce-9fb3-47d3-8bb6-cc42607f021e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.157,85.255.112.63 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8c276a8f-204c-4bbd-a843-0d266dbdcf57}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.157,85.255.112.63 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8c276a8f-204c-4bbd-a843-0d266dbdcf57}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.157,85.255.112.63 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
After reboot, I was still not able to run mbam.exe, but I was able to run the renamed file. Nothing was detected this time. I had to uninstall and reinstall Trend Micro. I ranascanwhich discovered nothing. I also ran a Kaspersky scan online,with the attached result.
This is the first time I've used Kaspersky, so I'm not really sure if it did anything with the trojan.
My problems are:
1. Anything searched on google redirects to a different website
2. Disk defragmenter will not run ("Disk Defragmenter could not start")
3. Malwarebytes Anti-Malware still will not run unless I execute the renamed file
4. Any scan I run now does not find anything.
Here are the logs:
Rooter
Microsoft Windows XP Professional (5.1.2600) Service Pack 3
A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:57223 Mo/Free:3957 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Wed 05/13/2009|20:53
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
---------- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
---------- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
---------- C:\WINDOWS\system32\SearchIndexer.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
OTListExtras
OTListIt Extras logfile created on: 5/13/2009 8:54:23 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\Enzo\Desktop\Utilities
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
958.98 Mb Total Physical Memory | 560.77 Mb Available Physical Memory | 58.47% Memory free
2.26 Gb Paging File | 1.91 Gb Available in Paging File | 84.24% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 43.86 Gb Free Space | 78.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ENZO-PQEG1N4UWB
Current User Name: Enzo
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}" = Trend Micro Internet Security
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C61177FD-37C4-4C5F-BE6C-E04A8AC399B6}" = EclipseCrossword
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0905}" = Microsoft Digital Image Pro 9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C" = Conexant 56K ACLink Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureIt_POD_v9" = Microsoft Digital Image Library 9
"PictureIt_v9" = Microsoft Digital Image Pro 9
"PROR" = Microsoft Office Professional 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 5/7/2009 7:44:48 PM | Computer Name = ENZO-PQEG1N4UWB | Source = Application Error | ID = 1000
Description = Faulting application tmas_oe.exe, version 5.5.0.1367, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.
Error - 5/8/2009 10:52:24 AM | Computer Name = ENZO-PQEG1N4UWB | Source = Application Hang | ID = 1002
Description = Hanging application UfNavi.exe, version 17.1.0.1250, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 5/8/2009 10:59:04 AM | Computer Name = ENZO-PQEG1N4UWB | Source = Application Hang | ID = 1002
Description = Hanging application TISTOOL.exe, version 17.1.0.1171, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 5/8/2009 11:02:46 AM | Computer Name = ENZO-PQEG1N4UWB | Source = Application Hang | ID = 1002
Description = Hanging application UfNavi.exe, version 17.1.0.1250, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 5/9/2009 10:46:22 AM | Computer Name = ENZO-PQEG1N4UWB | Source = Application Error | ID = 1000
Description = Faulting application tmas_oe.exe, version 5.5.0.1367, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.
Error - 5/9/2009 12:01:37 PM | Computer Name = ENZO-PQEG1N4UWB | Source = Application Error | ID = 1000
Description = Faulting application tmas_oe.exe, version 5.5.0.1367, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.
Error - 5/12/2009 8:35:46 PM | Computer Name = ENZO-PQEG1N4UWB | Source = Application Hang | ID = 1002
Description = Hanging application UfNavi.exe, version 17.1.0.1250, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 5/12/2009 10:02:29 PM | Computer Name = ENZO-PQEG1N4UWB | Source = MsiInstaller | ID = 11705
Description = Product: Trend Micro Internet Security -- Error 1705. A previous installation
for this product is in progress. You must undo the changes made by that installation
to continue. Do you want to undo those changes?
Error - 5/13/2009 7:19:39 PM | Computer Name = ENZO-PQEG1N4UWB | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\Enzo\Application Data\Sun\Java\jre1.6.0_13\jre1.6.0_13-c.msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.
Error - 5/13/2009 7:22:06 PM | Computer Name = ENZO-PQEG1N4UWB | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\Administrator\Application
Data\Sun\Java\jre1.6.0_13\jre1.6.0_13-c.msi is not permitted due to an error in
software restriction policy processing. The object cannot be trusted.
[ System Events ]
Error - 5/12/2009 10:36:37 PM | Computer Name = ENZO-PQEG1N4UWB | Source = Serial | ID = 393252
Description = While validating that \Device\Serial0 was really a serial port, the
contents of the divisor latch register was identical to the interrupt enable and
the receive registers. The device is assumed not to be a serial port and will be
deleted.
Error - 5/13/2009 7:12:16 PM | Computer Name = ENZO-PQEG1N4UWB | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 5/13/2009 7:14:37 PM | Computer Name = ENZO-PQEG1N4UWB | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 5/13/2009 7:15:20 PM | Computer Name = ENZO-PQEG1N4UWB | Source = Service Control Manager | ID = 7001
Description = The Trend Micro Proxy Service service depends on the Trend Micro TDI
Driver service which failed to start because of the following error: %%31
Error - 5/13/2009 7:15:20 PM | Computer Name = ENZO-PQEG1N4UWB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm tmtdi
Error - 5/13/2009 7:20:00 PM | Computer Name = ENZO-PQEG1N4UWB | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 5/13/2009 7:20:27 PM | Computer Name = ENZO-PQEG1N4UWB | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 5/13/2009 7:22:27 PM | Computer Name = ENZO-PQEG1N4UWB | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 5/13/2009 7:23:57 PM | Computer Name = ENZO-PQEG1N4UWB | Source = Serial | ID = 393252
Description = While validating that \Device\Serial0 was really a serial port, the
contents of the divisor latch register was identical to the interrupt enable and
the receive registers. The device is assumed not to be a serial port and will be
deleted.
Error - 5/13/2009 9:22:57 PM | Computer Name = ENZO-PQEG1N4UWB | Source = Serial | ID = 393252
Description = While validating that \Device\Serial0 was really a serial port, the
contents of the divisor latch register was identical to the interrupt enable and
the receive registers. The device is assumed not to be a serial port and will be
deleted.
< End of report >
OTList
OTListIt logfile created on: 5/13/2009 8:54:23 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\Enzo\Desktop\Utilities
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
958.98 Mb Total Physical Memory | 560.77 Mb Available Physical Memory | 58.47% Memory free
2.26 Gb Paging File | 1.91 Gb Available in Paging File | 84.24% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 43.86 Gb Free Space | 78.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ENZO-PQEG1N4UWB
Current User Name: Enzo
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Enzo\Desktop\Utilities\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (getPlus® Helper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SfCtlCom [Auto | Running]) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (TMBMServer [Auto | Running]) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (TmPfw [Auto | Running]) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV - (TmProxy [Auto | Running]) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (aliadwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ac97ali.sys (Acer Laboratories Inc.)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (ALiIRDA [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\alifir.sys (Acer Laboratories Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (FA312 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\FA312nd5.sys (NETGEAR Corp.)
DRV - (HSFHWALI [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWALI.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (StreamDispatcher [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\strmdisp.sys (Conexant Systems, Inc.)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tmactmon [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmcfw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\TM_CFW.sys (Trend Micro Inc.)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmevtmgr [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmpreflt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\tmpreflt.sys (Trend Micro Inc.)
DRV - (tmtdi [System | Running]) -- C:\WINDOWS\system32\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV - (tmxpflt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\tmxpflt.sys (Trend Micro Inc.)
DRV - (vsapint [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\vsapint.sys (Trend Micro Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (wlanCIG [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wlanCIG.sys ( )
DRV - (MBAMSwissArmy [Disabled | Running]) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/31 16:10:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/05/13 18:26:54 | 00,000,000 | ---D | M]
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2787EA8E-8D87-48AF-88AD-B30246C917AB} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" (Trend Micro Inc.)
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1224188001236 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1224189385515 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-09.su...ows-i586-jc.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/16 15:02:05 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{86f3a19f-9bbe-11dd-b280-000bcd36dcb8}\Shell - "" = AutoRun
O33 - MountPoints2\{86f3a19f-9bbe-11dd-b280-000bcd36dcb8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{86f3a19f-9bbe-11dd-b280-000bcd36dcb8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[4 C:\WINDOWS\*.tmp files]
[2009/05/13 20:52:46 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/13 20:46:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/13 20:45:53 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\Enzo\Desktop\NTREGOPT.lnk
[2009/05/13 20:45:53 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\Enzo\Desktop\ERUNT.lnk
[2009/05/13 20:45:52 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/13 20:43:23 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Enzo\Desktop\Utilities
[2009/05/13 20:26:40 | 00,001,734 | ---- | C] () -- C:\DOCUME~1\Enzo\Desktop\HijackThis.lnk
[2009/05/13 20:26:27 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\DOCUME~1\Enzo\Desktop\HJTInstall.exe
[2009/05/13 20:13:51 | 00,002,982 | ---- | C] () -- C:\DOCUME~1\Enzo\Desktop\kaspersky.html
[2009/05/13 18:28:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/05/13 18:26:32 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/05/13 18:18:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Enzo\Application Data\Sun
[2009/05/13 18:14:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/05/12 21:32:20 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/12 21:32:19 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/12 21:32:17 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/12 21:04:17 | 00,153,104 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/05/12 21:04:17 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2009/05/12 21:04:17 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2009/05/12 21:03:42 | 00,000,799 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Trend Micro Internet Security.lnk
[2009/05/12 21:02:40 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/12 19:04:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Enzo\Application Data\Malwarebytes
[2009/05/12 18:59:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/12 18:59:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/07 15:40:43 | 00,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2009/05/06 20:14:07 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/05/05 09:08:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2009/05/05 09:08:38 | 00,000,000 | ---D | C] -- C:\Program Files\Coupons
[2009/04/15 11:17:24 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 11:17:22 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 11:17:22 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 11:17:21 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 11:17:20 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 11:17:19 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 11:17:18 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 11:17:16 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 11:17:13 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 11:14:28 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 11:14:27 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 11:14:27 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/01/14 17:15:45 | 00,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2008/10/22 14:13:10 | 00,225,792 | ---- | C] () -- C:\WINDOWS\System32\IMGMAN30.DLL
[2008/10/22 14:13:09 | 00,382,464 | ---- | C] () -- C:\WINDOWS\System32\HTKRNL32.DLL
[2008/10/20 22:24:44 | 00,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/02/04 19:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/27 11:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/04/08 09:43:50 | 00,390,752 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\wlanCIG.sys
[2003/03/31 07:00:00 | 00,000,592 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/03/31 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
========== Files - Modified Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/05/13 20:45:53 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\Enzo\Desktop\NTREGOPT.lnk
[2009/05/13 20:45:53 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\Enzo\Desktop\ERUNT.lnk
[2009/05/13 20:26:40 | 00,001,734 | ---- | M] () -- C:\DOCUME~1\Enzo\Desktop\HijackThis.lnk
[2009/05/13 20:26:37 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\DOCUME~1\Enzo\Desktop\HJTInstall.exe
[2009/05/13 20:23:33 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/13 20:22:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/13 20:22:56 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Enzo\Local Settings\desktop.ini
[2009/05/13 20:22:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/13 20:13:51 | 00,002,982 | ---- | M] () -- C:\DOCUME~1\Enzo\Desktop\kaspersky.html
[2009/05/12 21:32:20 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/12 21:03:42 | 00,000,799 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Trend Micro Internet Security.lnk
[2009/05/08 10:48:29 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\tmvsthfud.bin
[2009/05/08 10:48:22 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\tmvsthfss.bin
[2009/05/07 15:37:49 | 00,001,548 | ---- | M] () -- C:\DOCUME~1\Enzo\Desktop\CCleaner.lnk
[2009/05/06 20:36:46 | 00,000,592 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/06 20:36:46 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/06 20:36:46 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/04/17 20:33:56 | 00,291,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/17 15:27:46 | 00,000,090 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/04/17 15:26:41 | 00,000,076 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2009/04/15 11:50:54 | 00,542,182 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/15 11:50:54 | 00,456,542 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/15 11:50:54 | 00,075,408 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
< End of report >
Any advice would be very much appreciated. Thank you in advance for your help with this problem.