Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91863 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] New Laptop, now with lovely popups...


  • This topic is locked This topic is locked
10 replies to this topic

#1 superspryte

superspryte

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 14 May 2008 - 10:41 PM

I just got a new laptop a week ago from Dell. It came loaded with Windows Vista so I bought a copy of Windows XP and loaded it myself, along with everything else. It's a Dell M1530 and I love it. Until I got some stupid malware from a search website when I was trying to fix my autoCAD. It appears to be Virtumonde, which I also managed to get on my old computer but this time I can't shake it. Here are a couple logs, one from Safe Mode, the other just now in Normal Mode.

Also, now when I boot I get a message that says it can't find the file C:\WINDOWS\system32\awslsetw.dll, which replaced a file named pewlcfpy.dll from before. I got the same message about that file before. And I typically run Firefox (and since I have it set as my default browser the popups sometimes show up in tabs there).

EDIT: To make sure you know what's going on, I should probably talk a little more about what's happening, heh. It disables my Automatic Updates for Windows (Although it's only showing as disabled in the Security Center--both AU and the AU tab in System in Control Panel show it as still on. When I go to the website it says that something isn't running so I can't do an update on the website.). It's also giving me periodic popups, some nearly pornographic (amateurmatch.con, fubar.com, premiercardoffers.com, fling.com and previously privacy.securepccleaner.com but those have since stopped.) When I run Trend Micro for security issues it says I need to install two updates: MS06-071 and MS07-042, neither of which came up the last time I went to the Windows Update website. Now that I can't access it though I can't download the updates. When I run Spybot Search & Destroy it shows me Virtumonde but it keeps coming back, even after running in safe mode and all kinds of other fun stuff. Trend Micro PC-cillin doesn't have a clue except the two security holes.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:43 AM, on 5/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [143bf3c2] rundll32.exe "C:\WINDOWS\system32\awslsetw.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Trillian Astra.lnk = C:\Program Files\Trillian\loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1210174158919
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1210677723671
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Macromedia Breeze Application Service (BreezeApp) - Macromedia Inc. - C:\breeze\appserv\win32\breezesvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7424 bytes


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:03 AM, on 5/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

*.local
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program

Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef

/Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe"

/startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major

Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32

\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam

Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14

\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "c:\Program Files\Adobe\Adobe Version Cue CS2

\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0

\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [143bf3c2] rundll32.exe "C:\WINDOWS\system32\awslsetw.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14

\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK

SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default

user')
O4 - Startup: Trillian Astra.lnk = C:\Program Files\Trillian\loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10

\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80

\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2

\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1

\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-

48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583}

- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module)

- http://cdn.scan.onec...lscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.mi.../wuweb_site.cab?

1210174158919
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://www.update.mi.../muweb_site.cab

?1210677723671
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - c:\Program

Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common

Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program

Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Macromedia Breeze Application Service (BreezeApp) - Macromedia Inc. -

C:\breeze\appserv\win32\breezesvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program

Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program

Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common

Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. -

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. -

C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program

Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1

\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1

\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1

\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner -

C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8911 bytes


Please help. ^_^

Edited by superspryte, 14 May 2008 - 11:11 PM.

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 15 May 2008 - 06:07 PM

Posted Image

You might want to print these instructions out.

Open Notepad, click on Format and uncheck Word Wrap.


I suggest you do this:


You need To disable TeaTimer, it can stop our fix.

The best way is to do both, Right click the system tray icon and shut down. This will reset TT's registry snapshot. Then, open spybot in advanced mode and turn it off. When cleaning is done, open Spybot in advanced mode to turn back on.

Once fix is completed in the all clear post!!

Next:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 superspryte

superspryte

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 15 May 2008 - 11:01 PM

Thank you for helping me! Even though we're not done yet I appreciate your volunteering. :notworthy: Here's what I've got so far:

Disabled TeaTimer, although it tried to give me trouble (it wasn't letting me change the value, but I figured it out). Changed My Computer settings per your instructions. Ran ATF-Cleaner, kept my saved passwords in Firefox.

Here's the Malwarebytes' log:



Malwarebytes' Anti-Malware 1.12
Database version: 753

Scan type: Quick Scan
Objects scanned: 36939
Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\gwqrxuua.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\opnkLedc.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\nnnmlKAs.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bed47e9a-bce7-4df1-b316-a44523536328} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bed47e9a-bce7-4df1-b316-a44523536328} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{97f7302a-147c-4435-901c-184375993be6} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97f7302a-147c-4435-901c-184375993be6} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnmlkas (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\143bf3c2 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{97f7302a-147c-4435-901c-184375993be6} (Trojan.Vundo) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnkledc -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnkledc -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\gwqrxuua.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\auuxrqwg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnkLedc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cdeLknpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cdeLknpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rvebajcl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lcjabevr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uykbidnl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lndibkyu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnmlKAs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnmlKAs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\explorer.exe.Z-missing.txt (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.




After finishing that it rebooted and removed the last outlying bits. When the computer rebooted I got an error message "C:\WINDOWS\system32\nnnmlKAs.dll is not a valid Windows image file." It rebooted normally except for that message. I didn't notice the system running slower upon reboot.

Automatic Updates was still disabled but I was able to turn them back on and when I did so it immediately told me I had updates so I let them download. It required another reboot, this time there was no error message about that image file. Still no slowing upon startup.

Trend Micro still detects two security vulnerabilities (MS06-071 and MS07-042). The popups were kind of sporadic before but I haven't noticed any since rebooting.

Here is my new HJT Log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:40 AM, on 5/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Last.fm\LastFM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {49538DAC-227C-42A6-87DE-C65789DBF510} - (no file)
O2 - BHO: (no name) - {4B4FD292-6CF7-4A62-8104-3E7C1559974F} - C:\WINDOWS\system32\qoMeBsqN.dll (file missing)
O2 - BHO: (no name) - {4BA3EA41-B67D-47C1-891A-88F500A2C3DD} - C:\WINDOWS\system32\byXQJCVo.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6311F021-B9A8-4B82-9C9D-A5D2F0846181} - (no file)
O2 - BHO: (no name) - {631B47A3-474E-4850-97FB-9E7461EFC4B2} - (no file)
O2 - BHO: (no name) - {7B3FB441-E06E-4512-85BC-3064219222B5} - (no file)
O2 - BHO: (no name) - {7FF142E5-FC19-49CF-B679-78707F4CC0ED} - C:\WINDOWS\system32\mlJDUopn.dll (file missing)
O2 - BHO: (no name) - {B5A9F4B3-25E9-457F-8F64-7E3ECA61A19C} - C:\WINDOWS\system32\byXOhHAs.dll (file missing)
O2 - BHO: (no name) - {BED47E9A-BCE7-4DF1-B316-A44523536328} - (no file)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Trillian Astra.lnk = C:\Program Files\Trillian\loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1210174158919
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1210677723671
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O20 - Winlogon Notify: nnnmlKAs - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Macromedia Breeze Application Service (BreezeApp) - Macromedia Inc. - C:\breeze\appserv\win32\breezesvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10644 bytes

How's it look this time? I'd like to think a little better.

Edited by superspryte, 15 May 2008 - 11:07 PM.


#4 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 16 May 2008 - 05:57 AM

It's better but we still have more to do.

Download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
  • Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
  • Please do not re-connect your machine back to the Internet until Combofix has completely finished.
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Give it atleast 20-30 minutes to finish

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 superspryte

superspryte

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 16 May 2008 - 04:37 PM

Okay, here we go. That didn't take long at all, maybe 5 minutes. Would've taken days on my old puter. Anyway, slightly perceptible slowing when ComboFix rebooted the computer but it appears to be running normally. Automatic Updates are still on and functional (it gave me more updates). Trend Micro is still griping at me about the security holes after those updates were installed.

Here's the ComboFix log and after that a new HJT log. Thanks! ^_^




ComboFix 08-05-15.3 - Nicci 2008-05-16 17:39:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2773 [GMT -4:00]
Running from: C:\Documents and Settings\Nicci\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\jcgaghbj.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\NmSAIkkj.ini
C:\WINDOWS\system32\NmSAIkkj.ini2
C:\WINDOWS\system32\npoUDJlm.ini
C:\WINDOWS\system32\npoUDJlm.ini2
C:\WINDOWS\system32\NqsBeMoq.ini
C:\WINDOWS\system32\NqsBeMoq.ini2
C:\WINDOWS\system32\oVCJQXyb.ini
C:\WINDOWS\system32\oVCJQXyb.ini2
C:\WINDOWS\system32\QBKTwyxx.ini
C:\WINDOWS\system32\QBKTwyxx.ini2
C:\WINDOWS\system32\sAHhOXyb.ini
C:\WINDOWS\system32\sAHhOXyb.ini2
C:\WINDOWS\system32\vdyxwkdj.ini
C:\WINDOWS\system32\wteslswa.ini
C:\WINDOWS\system32\xhsergiw.ini
C:\WINDOWS\system32\ypfclwep.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-16 00:34 . 2008-05-16 00:34 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-16 00:33 . 2008-05-16 00:33 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-05-16 00:08 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-16 00:08 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-15 23:38 . 2008-05-15 23:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-15 23:38 . 2008-05-15 23:38 <DIR> d-------- C:\Documents and Settings\Nicci\Application Data\Malwarebytes
2008-05-15 23:38 . 2008-05-15 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-15 23:38 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-15 23:38 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-15 20:53 . 2008-05-15 23:43 91,264 --------- C:\WINDOWS\system32\gwqrxuua.dll
2008-05-14 21:58 . 2008-05-14 21:58 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-14 03:55 . 2008-05-14 03:55 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-13 23:11 . 2008-05-13 23:15 <DIR> d-------- C:\Program Files\AutoCAD 2009
2008-05-13 23:11 . 2008-05-14 03:27 <DIR> d-------- C:\Documents and Settings\Nicci\Application Data\Autodesk
2008-05-13 23:11 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-05-13 23:10 . 2008-05-13 23:10 <DIR> d-------- C:\Program Files\MSBuild
2008-05-13 23:08 . 2008-05-13 23:08 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-13 23:07 . 2008-05-13 23:07 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-13 23:07 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-05-13 17:59 . 2008-05-13 18:41 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-13 17:32 . 2008-05-13 19:15 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-13 14:46 . 2008-05-13 14:46 312,238 --a------ C:\WINDOWS\system32\xxywTKBQ.zip
2008-05-13 14:31 . 2008-05-13 14:31 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-13 08:27 . 2008-05-14 20:10 942 --a------ C:\WINDOWS\wininit.ini
2008-05-13 08:10 . 2008-05-14 17:17 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-13 08:10 . 2008-05-14 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-13 01:47 . 2008-05-13 01:47 <DIR> d-------- C:\Documents and Settings\Nicci\Application Data\TmpRecentIcons
2008-05-13 00:16 . 2008-05-13 23:15 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-05-13 00:16 . 2008-05-13 00:16 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-13 00:15 . 2008-05-13 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-05-13 00:14 . 2008-05-13 00:15 <DIR> d-------- C:\Program Files\Autodesk Revit Building 9.1
2008-05-12 17:33 . 2008-05-12 17:33 0 --a------ C:\WINDOWS\RussSqr.INI
2008-05-12 13:33 . 2008-05-12 13:33 <DIR> d-------- C:\Documents and Settings\Nicci\Application Data\Media Player Classic
2008-05-12 11:22 . 2008-05-12 11:22 <DIR> d-------- C:\Program Files\Microsoft Producer 2
2008-05-12 11:21 . 2001-05-11 12:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-05-12 11:21 . 2001-05-16 16:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-05-12 11:09 . 2008-05-12 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-05-12 10:54 . 2008-05-12 10:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-05-12 10:53 . 2008-05-12 10:53 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2008-05-12 10:53 . 2003-12-04 11:19 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-05-12 10:53 . 2003-12-04 11:19 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-05-12 10:53 . 2003-12-04 11:19 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-05-12 10:52 . 2008-05-12 10:53 <DIR> d-------- C:\Program Files\Macromedia
2008-05-12 10:52 . 2008-05-12 10:53 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-05-12 10:47 . 2008-05-12 10:47 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-05-12 10:47 . 2008-05-12 10:47 <DIR> d-------- C:\MSSQL
2008-05-12 10:47 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-12 10:47 . 2002-12-17 16:23 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll
2008-05-12 10:47 . 2002-10-20 14:05 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll
2008-05-12 10:46 . 2008-05-12 11:24 <DIR> d-------- C:\breeze
2008-05-12 09:40 . 2008-05-12 09:40 <DIR> d-------- C:\Documents and Settings\Nicci\Application Data\Talkback
2008-05-12 08:59 . 2008-05-12 08:59 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-12 08:59 . 2004-08-16 20:40 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-05-12 08:57 . 2008-05-12 08:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-05-12 08:55 . 2008-05-12 08:55 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-05-12 08:55 . 2008-05-12 09:33 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-09 09:22 . 2008-05-16 07:13 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-08 22:49 . 2008-05-08 22:49 <DIR> d-------- C:\Documents and Settings\Nicci\Application Data\Reallusion
2008-05-08 20:43 . 2008-05-07 10:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-08 20:43 . 2008-05-08 20:43 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-08 20:43 . 2008-05-16 17:39 1,024 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
2008-05-08 20:15 . 2008-05-16 17:43 17,408 --a------ C:\WINDOWS\system32\rpcnetp.exe
2008-05-08 20:15 . 2008-05-15 00:32 17,408 --a------ C:\WINDOWS\system32\rpcnetp.dll
2008-05-08 19:12 . 2008-05-16 15:06 99 --a------ C:\WINDOWS\(null)toolkit.ini
2008-05-08 19:11 . 2008-05-08 20:10 <DIR> d-------- C:\Documents and Settings\Nicci\Application Data\Trillian
2008-05-08 18:52 . 2008-05-08 18:52 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-08 17:36 . 2008-05-12 23:40 <DIR> d-------- C:\Program Files\Steam
2008-05-08 13:47 . 2008-05-08 13:47 <DIR> d-------- C:\Documents and Settings\Nicci\Application Data\Creative
2008-05-07 18:48 . 2008-05-12 17:22 <DIR> d-------- C:\Program Files\Semagic
2008-05-07 18:40 . 2008-05-16 17:43 47,104 --a------ C:\WINDOWS\system32\rpcnet.dll
2008-05-07 18:14 . 2008-05-07 18:14 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-07 18:09 . 2008-05-07 18:09 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-07 18:08 . 2008-05-07 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-05-07 18:07 . 2008-05-14 18:40 <DIR> d-------- C:\Program Files\Last.fm
2008-05-07 18:05 . 2008-05-07 18:05 <DIR> d-------- C:\Program Files\PDFCreator Toolbar
2008-05-07 18:05 . 2008-05-07 18:05 <DIR> d-------- C:\Program Files\PDFCreator
2008-05-07 18:05 . 2004-03-09 00:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-05-07 18:05 . 2008-05-07 18:05 253,116 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_1609.exe
2008-05-07 18:05 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-05-07 18:05 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
2008-05-07 18:05 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2008-05-07 18:05 . 2008-05-07 18:05 14,290 --a------ C:\Program Files\settings.dat
2008-05-07 17:42 . 2008-05-07 17:42 376 --a------ C:\WINDOWS\ODBC.INI
2008-05-07 17:41 . 2008-05-07 17:41 <DIR> d-------- C:\WINDOWS\ShellNew
2008-05-07 17:41 . 2008-05-07 17:41 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-05-07 17:09 . 2008-05-16 15:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-07 17:09 . 2008-05-07 17:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-07 17:08 . 2008-05-07 17:08 <DIR> d-------- C:\Program Files\QuickTime
2008-05-07 17:08 . 2008-05-07 18:08 <DIR> d-------- C:\Program Files\iTunes
2008-05-07 17:08 . 2008-05-07 17:08 <DIR> d-------- C:\Program Files\iPod
2008-05-07 17:08 . 2008-05-07 17:08 <DIR> d-------- C:\Program Files\Bonjour
2008-05-07 17:08 . 2008-05-07 17:08 <DIR> d-------- C:\Documents and Settings\Nicci\Application Data\Apple Computer
2008-05-07 17:08 . 2008-05-07 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-07 17:07 . 2008-05-07 17:07 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-07 17:07 . 2008-05-07 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-07 17:03 . 2008-05-07 17:03 <DIR> d-------- C:\Program Files\uTorrent
2008-05-07 17:03 . 2008-05-15 10:02 <DIR> d-------- C:\Documents and Settings\Nicci\Application Data\uTorrent
2008-05-07 16:15 . 2006-11-09 16:04 73,288 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2008-05-07 16:13 . 2008-05-15 00:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-07 14:37 . 2008-05-07 14:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-05-07 14:36 . 2008-05-07 14:36 <DIR> d-------- C:\Program Files\Citrix
2008-05-07 13:39 . 2008-05-07 13:39 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-07 13:30 . 2008-05-07 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-05-07 13:18 . 2008-05-07 13:18 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT.LOG
2008-05-07 12:45 . 2008-05-07 12:45 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-07 12:45 . 2008-05-07 12:45 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-07 12:45 . 2008-05-07 12:45 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-07 12:45 . 2008-05-07 12:45 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-07 12:44 . 2008-05-07 12:44 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-07 12:18 . 2008-05-16 17:39 <DIR> d-------- C:\Program Files\Trillian
2008-05-07 12:16 . 2008-05-07 12:16 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-07 11:57 . 2008-05-07 11:57 <DIR> d-------- C:\DRIVERS
2008-05-07 11:37 . 2008-05-07 11:37 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-05-07 11:34 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-07 11:33 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-05-07 11:33 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-07 11:33 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-07 11:33 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-07 11:33 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-05-07 11:30 . 2008-05-07 11:30 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-07 11:29 . 2008-05-07 11:29 <DIR> d---s---- C:\Documents and Settings\Nicci\UserData
2008-05-07 11:09 . 2008-05-07 11:18 1,097 --a------ C:\net_save.dna
2008-05-07 11:08 . 2008-05-07 11:08 <DIR> d-------- C:\Program Files\support.com
2008-05-07 11:08 . 2008-05-07 11:08 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-05-07 09:58 . 2008-05-07 09:59 <DIR> d-------- C:\WINDOWS\system32\MsDtc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 22:38 --------- d-----w C:\Program Files\Intel
2008-05-12 16:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-07 14:51 --------- d-----w C:\Program Files\Creative
2008-05-07 14:51 --------- d-----w C:\Program Files\Common Files\Reallusion
2008-05-07 14:50 --------- d-----w C:\Program Files\Dell
2008-05-07 14:50 --------- d-----w C:\Program Files\Creative Live! Cam
2008-05-07 14:46 --------- d-----w C:\Program Files\Synaptics
2008-05-07 14:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-07 14:40 --------- d-----w C:\Program Files\SigmaTel
2008-05-07 14:38 --------- d-----w C:\Program Files\WIDCOMM
2008-05-07 14:37 --------- d-----w C:\Program Files\Marvell
2008-05-07 14:36 --------- d-----w C:\Documents and Settings\Nicci\Application Data\TMP
2008-05-07 14:28 --------- d-----w C:\Program Files\Fingerprint Reader Suite
2008-05-07 14:24 --------- d-----w C:\Program Files\DIFX
2008-05-07 14:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\UIB
2008-05-07 14:23 --------- d-----w C:\Documents and Settings\Nicci\Application Data\Intel
2008-05-07 14:23 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-07 14:23 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-05-07 14:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-05-07 14:09 --------- d-----w C:\Documents and Settings\Nicci\Application Data\InstallShield
2008-05-07 14:03 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 00:12 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 3,901 ------w C:\WINDOWS\system32\drivers\siint5.dll
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:45 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 18:44 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 18:43 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 18:43 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 18:41 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 18:39 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49538DAC-227C-42A6-87DE-C65789DBF510}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B4FD292-6CF7-4A62-8104-3E7C1559974F}]
C:\WINDOWS\system32\qoMeBsqN.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4BA3EA41-B67D-47C1-891A-88F500A2C3DD}]
C:\WINDOWS\system32\byXQJCVo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6311F021-B9A8-4B82-9C9D-A5D2F0846181}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{631B47A3-474E-4850-97FB-9E7461EFC4B2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B3FB441-E06E-4512-85BC-3064219222B5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FF142E5-FC19-49CF-B679-78707F4CC0ED}]
C:\WINDOWS\system32\mlJDUopn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5A9F4B3-25E9-457F-8F64-7E3ECA61A19C}]
C:\WINDOWS\system32\byXOhHAs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BED47E9A-BCE7-4DF1-B316-A44523536328}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 23:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 23:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-11-01 11:08 321040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2007-07-27 08:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2007-07-27 08:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2007-07-27 08:00 455168]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-10-09 19:17 2183168]
"PSQLLauncher"="C:\Program Files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 22:50 49168]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 10:22 405504]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-17 03:03 8495104]
"nwiz"="nwiz.exe" [2007-11-17 03:03 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-11-17 03:03 86016 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-17 03:03 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 14:14 1024000]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 16:43 118784]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-12-15 18:51 1807960]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [2007-05-10 01:01 36864]
"Adobe Version Cue CS2"="c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58 856064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 20:12 15360]

C:\Documents and Settings\Nicci\Start Menu\Programs\Startup\
Trillian Astra.lnk - C:\Program Files\Trillian\loader.exe [2008-05-08 18:12:33 100864]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-05-17 15:43:18 568176]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 16:23:32 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll 2008-05-07 14:36 10536 C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmlKAs]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2007-04-16 23:04 86528 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=

R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;C:\WINDOWS\system32\Drivers\OEM02Afx.sys [2007-06-07 17:00]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-10-10 17:03]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 10:45]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2007-04-16 22:44]
S2 BreezeApp;Macromedia Breeze Application Service;"C:\breeze\appserv\win32\breezesvc.exe" [2003-09-18 18:17]
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe" Start=service []

.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 18:51:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 17:43:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\SETUPAPI.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pccguide.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
.
**************************************************************************
.
Completion time: 2008-05-16 17:46:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-16 21:46:24

Pre-Run: 244,257,345,536 bytes free
Post-Run: 244,170,993,664 bytes free

390 --- E O F --- 2008-05-16 05:06:08









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:13 PM, on 5/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {49538DAC-227C-42A6-87DE-C65789DBF510} - (no file)
O2 - BHO: (no name) - {4B4FD292-6CF7-4A62-8104-3E7C1559974F} - C:\WINDOWS\system32\qoMeBsqN.dll (file missing)
O2 - BHO: (no name) - {4BA3EA41-B67D-47C1-891A-88F500A2C3DD} - C:\WINDOWS\system32\byXQJCVo.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6311F021-B9A8-4B82-9C9D-A5D2F0846181} - (no file)
O2 - BHO: (no name) - {631B47A3-474E-4850-97FB-9E7461EFC4B2} - (no file)
O2 - BHO: (no name) - {7B3FB441-E06E-4512-85BC-3064219222B5} - (no file)
O2 - BHO: (no name) - {7FF142E5-FC19-49CF-B679-78707F4CC0ED} - C:\WINDOWS\system32\mlJDUopn.dll (file missing)
O2 - BHO: (no name) - {B5A9F4B3-25E9-457F-8F64-7E3ECA61A19C} - C:\WINDOWS\system32\byXOhHAs.dll (file missing)
O2 - BHO: (no name) - {BED47E9A-BCE7-4DF1-B316-A44523536328} - (no file)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Trillian Astra.lnk = C:\Program Files\Trillian\loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1210174158919
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1210677723671
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O20 - Winlogon Notify: nnnmlKAs - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Macromedia Breeze Application Service (BreezeApp) - Macromedia Inc. - C:\breeze\appserv\win32\breezesvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10615 bytes


I'm so glad the popups stopped. ^_^

#6 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 16 May 2008 - 04:55 PM

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\xxywTKBQ.zip
C:\WINDOWS\system32\qoMeBsqN.dll
C:\WINDOWS\system32\byXQJCVo.dll
C:\WINDOWS\system32\mlJDUopn.dll
C:\WINDOWS\system32\byXOhHAs.dll

Folder::
C:\WINDOWS\system32\kr_done1de
C:\Program Files\Bonjour

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49538DAC-227C-42A6-87DE-C65789DBF510}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B4FD292-6CF7-4A62-8104-3E7C1559974F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4BA3EA41-B67D-47C1-891A-88F500A2C3DD}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6311F021-B9A8-4B82-9C9D-A5D2F0846181}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{631B47A3-474E-4850-97FB-9E7461EFC4B2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B3FB441-E06E-4512-85BC-3064219222B5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FF142E5-FC19-49CF-B679-78707F4CC0ED}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5A9F4B3-25E9-457F-8F64-7E3ECA61A19C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BED47E9A-BCE7-4DF1-B316-A44523536328}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmlKAs]

Save this as Save this as "CFScript"


Posted Image

Drag CFScript.txt into ComboFix.exe

Then post the results log and a new HijackThis log.


Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 superspryte

superspryte

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 16 May 2008 - 05:26 PM

Wow, long log.

ComboFix 08-05-15.3 - Nicci 2008-05-16 19:04:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2800 [GMT -4:00]
Running from: C:\Documents and Settings\Nicci\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nicci\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\byXOhHAs.dll
C:\WINDOWS\system32\byXQJCVo.dll
C:\WINDOWS\system32\mlJDUopn.dll
C:\WINDOWS\system32\qoMeBsqN.dll
C:\WINDOWS\system32\xxywTKBQ.zip
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Bonjour
C:\Program Files\Bonjour\About Bonjour.rtf
C:\Program Files\Bonjour\mdnsNSP.dll
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\kr_done1de\
C:\WINDOWS\system32\xxywTKBQ.zip

.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-16 18:02 . 2008-03-01 09:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-16 18:02 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-16 18:02 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-16 18:02 . 2008-03-01 09:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-16 18:02 . 2008-03-01 09:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-16 18:02 . 2008-03-01 09:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-16 18:02 . 2008-03-01 09:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-16 18:02 . 2008-03-01 09:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-16 18:02 . 2008-02-22 06:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-16 00:34 . 2008-05-16 00:34 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-16 00:33 . 2008-05-16 00:33 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-05-16 00:08 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-16 00:08 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-15 23:38 . 2008-05-15 23:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-15 23:38 . 2008-05-15 23:38 <DIR> d-------- C:\Documents and Settings\Nicci\Application Data\Malwarebytes
2008-05-15 23:38 . 2008-05-15 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-15 23:38 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-15 23:38 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-15 20:53 . 2008-05-15 23:43 91,264 --------- C:\WINDOWS\system32\gwqrxuua.dll
2008-05-14 21:58 . 2008-05-14 21:58 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-14 03:55 . 2008-05-14 03:55 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-13 23:11 . 2008-05-13 23:15 <DIR> d-------- C:\Program Files\AutoCAD 2009
2008-05-13 23:11 . 2008-05-14 03:27 <DIR> d-------- C:\Documents and Settings\Nicci\Application Data\Autodesk
2008-05-13 23:11 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-05-13 23:10 . 2008-05-13 23:10 <DIR> d-------- C:\Program Files\MSBuild
2008-05-13 23:08 . 2008-05-13 23:08 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-13 23:07 . 2008-05-13 23:07 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-13 23:07 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-05-13 17:59 . 2008-05-13 18:41 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-13 17:32 . 2008-05-13 19:15 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-13 14:31 . 2008-05-13 14:31 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-13 08:27 . 2008-05-14 20:10 942 --a------ C:\WINDOWS\wininit.ini
2008-05-13 08:10 . 2008-05-14 17:17 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-13 08:10 . 2008-05-14 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-13 01:47 . 2008-05-13 01:47 <DIR> d-------- C:\Documents and Settings\Nicci\Application Data\TmpRecentIcons
2008-05-13 00:16 . 2008-05-13 23:15 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-05-13 00:16 . 2008-05-13 00:16 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-13 00:15 . 2008-05-13 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-05-13 00:14 . 2008-05-13 00:15 <DIR> d-------- C:\Program Files\Autodesk Revit Building 9.1
2008-05-12 17:33 . 2008-05-12 17:33 0 --a------ C:\WINDOWS\RussSqr.INI
2008-05-12 13:33 . 2008-05-12 13:33 <DIR> d-------- C:\Documents and Settings\Nicci\Application Data\Media Player Classic
2008-05-12 11:22 . 2008-05-12 11:22 <DIR> d-------- C:\Program Files\Microsoft Producer 2
2008-05-12 11:21 . 2001-05-11 12:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-05-12 11:21 . 2001-05-16 16:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-05-12 11:09 . 2008-05-12 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-05-12 10:54 . 2008-05-12 10:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-05-12 10:53 . 2008-05-12 10:53 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2008-05-12 10:53 . 2003-12-04 11:19 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-05-12 10:53 . 2003-12-04 11:19 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-05-12 10:53 . 2003-12-04 11:19 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-05-12 10:52 . 2008-05-12 10:53 <DIR> d-------- C:\Program Files\Macromedia
2008-05-12 10:52 . 2008-05-12 10:53 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-05-12 10:47 . 2008-05-12 10:47 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-05-12 10:47 . 2008-05-12 10:47 <DIR> d-------- C:\MSSQL
2008-05-12 10:47 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-12 10:47 . 2002-12-17 16:23 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll
2008-05-12 10:47 . 2002-10-20 14:05 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll
2008-05-12 10:46 . 2008-05-12 11:24 <DIR> d-------- C:\breeze
2008-05-12 09:40 . 2008-05-12 09:40 <DIR> d-------- C:\Documents and Settings\Nicci\Application Data\Talkback
2008-05-12 08:59 . 2008-05-12 08:59 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-12 08:59 . 2004-08-16 20:40 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-05-12 08:57 . 2008-05-12 08:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-05-12 08:55 . 2008-05-12 08:55 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-05-12 08:55 . 2008-05-12 09:33 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-09 09:22 . 2008-05-16 07:13 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-08 22:49 . 2008-05-08 22:49 <DIR> d-------- C:\Documents and Settings\Nicci\Application Data\Reallusion
2008-05-08 20:43 . 2008-05-07 10:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-08 20:43 . 2008-05-08 20:43 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-08 20:43 . 2008-05-16 17:39 1,024 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
2008-05-08 20:15 . 2008-05-16 19:08 17,408 --a------ C:\WINDOWS\system32\rpcnetp.exe
2008-05-08 20:15 . 2008-05-15 00:32 17,408 --a------ C:\WINDOWS\system32\rpcnetp.dll
2008-05-08 19:12 . 2008-05-16 15:06 99 --a------ C:\WINDOWS\(null)toolkit.ini
2008-05-08 19:11 . 2008-05-08 20:10 <DIR> d-------- C:\Documents and Settings\Nicci\Application Data\Trillian
2008-05-08 18:52 . 2008-05-08 18:52 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-08 17:36 . 2008-05-12 23:40 <DIR> d-------- C:\Program Files\Steam
2008-05-08 13:47 . 2008-05-08 13:47 <DIR> d-------- C:\Documents and Settings\Nicci\Application Data\Creative
2008-05-07 18:48 . 2008-05-12 17:22 <DIR> d-------- C:\Program Files\Semagic
2008-05-07 18:40 . 2008-05-16 19:08 47,104 --a------ C:\WINDOWS\system32\rpcnet.dll
2008-05-07 18:14 . 2008-05-07 18:14 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-07 18:09 . 2008-05-07 18:09 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-07 18:08 . 2008-05-07 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-05-07 18:07 . 2008-05-14 18:40 <DIR> d-------- C:\Program Files\Last.fm
2008-05-07 18:05 . 2008-05-07 18:05 <DIR> d-------- C:\Program Files\PDFCreator Toolbar
2008-05-07 18:05 . 2008-05-07 18:05 <DIR> d-------- C:\Program Files\PDFCreator
2008-05-07 18:05 . 2004-03-09 00:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-05-07 18:05 . 2008-05-07 18:05 253,116 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_1609.exe
2008-05-07 18:05 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-05-07 18:05 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
2008-05-07 18:05 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2008-05-07 18:05 . 2008-05-07 18:05 14,290 --a------ C:\Program Files\settings.dat
2008-05-07 17:42 . 2008-05-07 17:42 376 --a------ C:\WINDOWS\ODBC.INI
2008-05-07 17:41 . 2008-05-07 17:41 <DIR> d-------- C:\WINDOWS\ShellNew
2008-05-07 17:41 . 2008-05-07 17:41 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-05-07 17:09 . 2008-05-16 18:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-07 17:09 . 2008-05-07 17:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-07 17:08 . 2008-05-07 17:08 <DIR> d-------- C:\Program Files\QuickTime
2008-05-07 17:08 . 2008-05-07 18:08 <DIR> d-------- C:\Program Files\iTunes
2008-05-07 17:08 . 2008-05-07 17:08 <DIR> d-------- C:\Program Files\iPod
2008-05-07 17:08 . 2008-05-07 17:08 <DIR> d-------- C:\Documents and Settings\Nicci\Application Data\Apple Computer
2008-05-07 17:08 . 2008-05-07 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-07 17:07 . 2008-05-07 17:07 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-07 17:07 . 2008-05-07 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-07 17:03 . 2008-05-07 17:03 <DIR> d-------- C:\Program Files\uTorrent
2008-05-07 17:03 . 2008-05-15 10:02 <DIR> d-------- C:\Documents and Settings\Nicci\Application Data\uTorrent
2008-05-07 16:15 . 2006-11-09 16:04 73,288 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2008-05-07 16:13 . 2008-05-15 00:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-07 14:37 . 2008-05-07 14:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-05-07 14:36 . 2008-05-07 14:36 <DIR> d-------- C:\Program Files\Citrix
2008-05-07 13:39 . 2008-05-07 13:39 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-07 13:30 . 2008-05-07 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-05-07 13:18 . 2008-05-07 13:18 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT.LOG
2008-05-07 12:45 . 2008-05-07 12:45 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-07 12:45 . 2008-05-07 12:45 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-07 12:45 . 2008-05-07 12:45 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-07 12:45 . 2008-05-07 12:45 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-07 12:44 . 2008-05-07 12:44 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-07 12:18 . 2008-05-16 18:28 <DIR> d-------- C:\Program Files\Trillian
2008-05-07 12:16 . 2008-05-07 12:16 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-07 11:57 . 2008-05-07 11:57 <DIR> d-------- C:\DRIVERS
2008-05-07 11:37 . 2008-05-07 11:37 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-05-07 11:34 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-07 11:33 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-05-07 11:33 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-07 11:33 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-07 11:33 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 22:38 --------- d-----w C:\Program Files\Intel
2008-05-12 16:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-07 14:51 --------- d-----w C:\Program Files\Creative
2008-05-07 14:51 --------- d-----w C:\Program Files\Common Files\Reallusion
2008-05-07 14:50 --------- d-----w C:\Program Files\Dell
2008-05-07 14:50 --------- d-----w C:\Program Files\Creative Live! Cam
2008-05-07 14:46 --------- d-----w C:\Program Files\Synaptics
2008-05-07 14:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-07 14:40 --------- d-----w C:\Program Files\SigmaTel
2008-05-07 14:38 --------- d-----w C:\Program Files\WIDCOMM
2008-05-07 14:37 --------- d-----w C:\Program Files\Marvell
2008-05-07 14:36 --------- d-----w C:\Documents and Settings\Nicci\Application Data\TMP
2008-05-07 14:28 --------- d-----w C:\Program Files\Fingerprint Reader Suite
2008-05-07 14:24 --------- d-----w C:\Program Files\DIFX
2008-05-07 14:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\UIB
2008-05-07 14:23 --------- d-----w C:\Documents and Settings\Nicci\Application Data\Intel
2008-05-07 14:23 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-07 14:23 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-05-07 14:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-05-07 14:09 --------- d-----w C:\Documents and Settings\Nicci\Application Data\InstallShield
2008-05-07 14:03 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 00:12 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 3,901 ------w C:\WINDOWS\system32\drivers\siint5.dll
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:45 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 18:44 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 18:43 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 18:43 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 18:41 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 18:39 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-16_17.46.15.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-16 05:04:51 1,257,472 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-05-16 22:04:07 1,265,664 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-05-16 05:04:52 1,224,704 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-05-16 22:04:07 1,232,896 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-05-16 22:04:39 118,784 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_408dc5bd\CustomMarshalers.dll
+ 2008-05-16 22:04:15 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_a9553548\CustomMarshalers.dll
+ 2008-05-16 22:04:35 3,391,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_20b5104d\mscorlib.dll
+ 2008-05-16 22:04:49 8,908,800 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_608f7575\mscorlib.dll
+ 2008-05-16 22:04:45 3,395,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_44521fae\System.Design.dll
+ 2008-05-16 22:04:31 1,470,464 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_6e3c916e\System.Design.dll
+ 2008-05-16 22:04:17 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_973c7909\System.Drawing.Design.dll
+ 2008-05-16 22:04:39 192,512 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_c0d72714\System.Drawing.Design.dll
+ 2008-05-16 22:04:46 2,244,608 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_1574ec18\System.Drawing.dll
+ 2008-05-16 22:04:33 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_7a0ea7ff\System.Drawing.dll
+ 2008-05-16 22:04:22 3,018,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_7226db9a\System.Windows.Forms.dll
+ 2008-05-16 22:04:42 7,884,800 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_7f721bd0\System.Windows.Forms.dll
+ 2008-05-16 22:04:26 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_0aae69b5\System.Xml.dll
+ 2008-05-16 22:04:44 5,513,216 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_4047a208\System.Xml.dll
+ 2008-05-16 22:04:38 4,788,224 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_1b18d28c\System.dll
+ 2008-05-16 22:04:15 1,966,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_787b3adc\System.dll
- 2008-05-16 21:43:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-16 23:08:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-08-13 22:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-08-13 22:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-08-13 22:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-08-13 22:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-08-13 22:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-08-13 22:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-08-13 22:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-08-13 22:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-08-13 21:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-02-12 20:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dat
+ 2007-07-11 16:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-08-13 22:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-08-13 22:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-08-13 22:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-08-13 22:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-08-13 22:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-08-13 22:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-08-13 22:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-08-13 22:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-08-13 22:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-08-13 22:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-08-13 22:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-08-13 22:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-08-13 22:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-08-13 22:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2007-08-13 22:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-08-13 22:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-08-13 22:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-08-13 22:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-08-13 22:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
- 2008-05-16 05:06:07 2,560 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-05-16 22:03:27 2,560 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-05-16 05:06:07 34,304 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-05-16 22:03:27 34,304 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-05-16 05:06:07 8,192 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-05-16 22:03:28 8,192 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-05-16 05:06:07 3,584 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-05-16 22:03:27 3,584 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-05-16 05:06:07 114,688 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2008-05-16 22:03:27 114,688 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-05-16 05:06:07 16,384 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-05-16 22:03:27 16,384 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-05-16 05:06:07 30,720 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-05-16 22:03:28 30,720 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-05-16 05:06:07 22,528 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-05-16 22:03:27 22,528 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-05-16 05:06:07 45,056 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-05-16 22:03:28 45,056 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-05-16 05:06:07 90,112 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-05-16 22:03:27 90,112 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2004-07-15 05:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-14 01:30:52 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-15 05:49:22 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-14 01:30:52 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2004-07-15 04:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-14 00:57:52 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-20 23:09:14 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-14 00:57:58 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-15 04:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-14 00:56:30 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-15 04:33:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-14 00:58:00 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 18:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2007-04-14 00:50:46 2,142,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-20 23:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-14 00:58:02 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2004-07-15 04:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-14 00:57:00 2,523,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2004-07-15 04:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-14 00:57:28 2,514,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2004-08-10 20:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2007-01-15 20:11:26 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2004-07-15 05:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1204\_aspnet_isapi.dll
+ 2004-07-15 04:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1204\_CORPerfMonExt.dll
+ 2004-07-15 04:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1204\_fusion.dll
+ 2004-07-15 04:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1204\_mscorjit.dll
+ 2004-07-15 18:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1204\_mscorlib.dll
+ 2003-02-20 23:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1204\_mscorsn.dll
+ 2004-07-15 04:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1204\_mscorsvr.dll
+ 2004-07-15 04:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1204\_mscorwks.dll
+ 2003-02-21 08:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1204\_msvcr71.dll
+ 2004-07-15 04:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1204\_PerfCounter.dll
- 2004-07-15 18:31:16 1,224,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-14 01:35:38 1,232,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2004-07-15 18:29:00 1,257,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-14 01:35:46 1,265,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-16 22:05:07 10,208 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{3FE91779-9FD3-4493-8971-618BD2A036EF}.bin
- 2007-08-13 22:39:00 123,904 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2001-01-22 07:25:24 32,768 ----a-w C:\WINDOWS\system32\ATHPRXY.DLL
+ 2004-01-29 14:08:23 32,768 ----a-w C:\WINDOWS\system32\ATHPRXY.DLL
- 2007-08-13 22:39:00 123,904 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-08-13 22:35:46 346,624 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-13 22:35:38 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-13 22:54:10 131,584 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:06:21 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-08-13 22:39:06 54,784 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-08-13 22:39:26 152,064 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-08-13 22:39:54 229,376 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-08-13 21:56:54 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-08-13 22:39:50 382,976 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-13 22:39:10 43,008 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-08-13 22:43:56 622,080 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-13 22:54:10 27,136 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-08-13 22:54:12 3,578,368 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-01 22:36:30 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-13 22:54:10 475,648 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-13 22:44:26 192,000 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-08-13 22:54:10 670,720 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-08-13 22:44:06 101,376 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-08-13 22:36:12 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-08-13 22:44:30 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-08-13 22:54:10 1,162,240 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-13 22:54:10 231,424 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-08-13 22:54:10 818,688 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 13:06:31 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2007-08-13 22:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-13 22:35:38 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-13 22:54:10 131,584 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-08-13 22:36:26 61,952 ------w C:\WINDOWS\system32\icardie.dll
+ 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-08-13 22:39:06 54,784 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-08-13 22:39:26 152,064 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-08-13 22:39:54 229,376 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-08-13 21:56:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-02-12 20:10:12 2,451,312 ------w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
- 2007-07-11 16:27:48 383,488 ------w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-08-13 22:39:50 382,976 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-13 22:54:10 6,049,280 ------w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-13 22:39:10 43,008 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-08-13 22:34:04 266,752 ------w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-08-13 22:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-13 22:54:10 27,136 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-08-13 22:54:10 458,752 ------w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-08-13 22:54:10 50,688 ------w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-13 22:54:12 3,578,368 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-13 22:54:10 475,648 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-08-13 22:44:26 192,000 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-08-13 22:54:10 670,720 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2005-09-23 11:29:00 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
+ 2006-12-22 17:02:36 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
- 2007-08-13 22:44:06 101,376 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-05-16 19:01:41 77,812 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-16 22:12:34 77,812 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-16 19:01:41 454,318 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-16 22:12:34 454,318 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-08-13 22:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-08-13 22:44:30 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-08-13 22:54:10 1,162,240 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-08-13 22:54:10 231,424 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-08-13 22:54:10 818,688 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-05-16 23:08:15 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_464.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 23:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 23:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-11-01 11:08 321040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2007-07-27 08:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2007-07-27 08:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2007-07-27 08:00 455168]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-10-09 19:17 2183168]
"PSQLLauncher"="C:\Program Files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 22:50 49168]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 10:22 405504]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-17 03:03 8495104]
"nwiz"="nwiz.exe" [2007-11-17 03:03 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-11-17 03:03 86016 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-17 03:03 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 14:14 1024000]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 16:43 118784]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-12-15 18:51 1807960]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [2007-05-10 01:01 36864]
"Adobe Version Cue CS2"="c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58 856064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 20:12 15360]

C:\Documents and Settings\Nicci\Start Menu\Programs\Startup\
Trillian Astra.lnk - C:\Program Files\Trillian\loader.exe [2008-05-08 18:12:33 100864]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-05-17 15:43:18 568176]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 16:23:32 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll 2008-05-07 14:36 10536 C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2007-04-16 23:04 86528 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=

R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;C:\WINDOWS\system32\Drivers\OEM02Afx.sys [2007-06-07 17:00]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-10-10 17:03]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 10:45]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2007-04-16 22:44]
S2 BreezeApp;Macromedia Breeze Application Service;"C:\breeze\appserv\win32\breezesvc.exe" [2003-09-18 18:17]
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe" Start=service []

.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 18:51:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 19:08:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pccguide.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Last.fm\LastFM.exe
.
**************************************************************************
.
Completion time: 2008-05-16 19:12:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-16 23:11:58
ComboFix2.txt 2008-05-16 21:46:28

Pre-Run: 243,846,172,672 bytes free
Post-Run: 243,837,538,304 bytes free

592 --- E O F --- 2008-05-16 05:06:08



And the HJT log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:25 PM, on 5/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Last.fm\LastFM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Trillian Astra.lnk = C:\Program Files\Trillian\loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1210174158919
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1210677723671
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Macromedia Breeze Application Service (BreezeApp) - Macromedia Inc. - C:\breeze\appserv\win32\breezesvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9726 bytes


My computer appears to be behaving normally at this point. The only thing is I'm still getting that alert from Trend Micro (PC-cillin) about security holes. It's told me which updates to download so I will but since you said not to delete anything unless told to do so I figured I wouldn't actively install anything either, so I think it will continue to give me that alert until I install the updates.

Also, I noticed Bonjour was on that list. So far as I know that's a part of iTunes (I did it anyway; iTunes is easily fixable), the part that allows updates. I could be very wrong but it's been on every computer I've had with iTunes.

There have been no noticeable speed changes since the last update. This is a brand new laptop (2.4 GHz dual core with 4 GB ram) so that may have something to do with it... so maybe there is something and I haven't noticed it. Everything appears to be working properly.

Edited by superspryte, 16 May 2008 - 05:28 PM.


#8 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 16 May 2008 - 05:32 PM

Bonjour is a general method to discover services on a local area network. It is widely used throughout Mac OS X and allows users to set up a network without any configuration. Currently it is used by Mac OS X and on other operating systems to find printers and file sharing servers. It is also used by iTunes to find shared music,



Good job :thumbup:

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    • Posted Image


    Here's my usual all clean post

    Log looks good :D


    You need to create a new Clean restore point.

    Note: This will remove all previous Restore Points

    Click Start Menu > Run > copy and paste

    %SystemRoot%\System32\restore\rstrui.exe

    Press OK. Choose Create a Restore Point then click Next. Name it (something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

    Double-click My Computer.
    Click the Tools menu, and then click Folder Options.
    Click the View tab.
    Check "Hide file extensions for known file types."
    Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
    Check "Hide protected operating system files."
    Click Apply, and then click OK.

    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      • From within Internet Explorer click on the Tools menu and then click on Options.
      • Click once on the Security tab
      • Click once on the Internet icon so it becomes highlighted.
      • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:
    Note: I no longer suggest Zone Alarm

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

  • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
    settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Winpatrol

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly.
    Without regular updates you WILL NOT be protected when new malicious programs are released.

Only run one Anti-Virus and Firewall program.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#9 superspryte

superspryte

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 16 May 2008 - 08:25 PM

Awesome! Thanks so much for all your help! While I'm not exactly able to make a [monetary] donation to the site right now I intend to once I'm able. It may end up being via the classroom and my time, but this is a really great resource and I feel that it would be a worthwhile investment. ^_^

:woot:

So that's all for this round. Hopefully I'll never need to make another thread in this forum again.

Edited by superspryte, 16 May 2008 - 08:28 PM.


#10 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 16 May 2008 - 08:28 PM

Great job :thumbup: You're more then welcome. Glad we were able to help Peace be with you :wavey:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#11 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 16 May 2008 - 08:29 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users