Inactive [InActive] Getting firewall alert for Spyware.ISpyNow in windows XP

aksjain · 2008/11/27

Hi,

I have been getting a firewall alert saying that windows has identified a dangerous iSPYNow spyware and cannot assist in removing it. To enable protection it gives a link to "Perfect Defender 2009" software. Is it possible that someone is monitoring my machine remotely (all keystrokes, page views, etc.)?

I tried to remove this by downloading various anti-viruses/anti-spywares but still getting the same. I have tried:

Spyware Doctor
AntiSpyWare
AVG free version
McAfee security

But now i am in more trouble... in addition to that firewall message, whenever i connect my laptop to internet, i get a BSOD saying something like:

A problem has been detected and Windows has been shut down to prevent
damage to your computer.

If this is the first time you've seen this Stop error screen, restart
your computer. If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed.
If this is a new installation, ask your hardware or softwre
manufacturer for any Windows updates you might need.

If the problem continues, disable or remove any newly installed
hardware or software. Disable BIOS memory options such as caching or
shadowing. If you need to use Safe Mode to remove or disable
components, restart your computer, press F8 to select Advanced Startup
Options, and then select Safe Mode.

Please help me out in removing this.

Geri · 2008/11/30

Hi aksjain
Welcome to WindowsBBS.

Please follow the instructions here.

Please download RSIT.exe, Run a scan and post the logs in this thread.
Links and instructions here.

Thanks
Geri

dj9816 · 2008/11/30

Same problem with Windows Vista too

I have been getting a similar message with windows firewall complaining about Spyware.ISpynow. According to that firewall message, it is a keylogger trojan with High risk. I have tried to remove it with:

Spyware Doctor
Malwarebytes
Dr Web
Trend Micro PCcillin
Spybot S&D

None of them have been able to even detect this trojan.
I am using Windows Vista Home Premium (32 bit).

Please help.

Thanks.
Regards,
Dhananjay

Geri · 2008/11/30

Hi dj9816
Welcome to Windowsbbs.
Please start a topic of your own and do the following.

Please download RSIT.exe, Run a scan and post the logs. In the topic that you start, And someone will help you out.
Links and instructions here.

Thanks
Geri

aksjain · 2008/11/30

info and log from RSIT

Here are the contents of log file generated:

Logfile of random's system information tool 1.04 (written by random/random)
Run by ajain3 at 2008-11-30 17:59:56
Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (18%) free of 20 GB
Total RAM: 1014 MB (52% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Antispyware Scheduled Scan.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7db2d5a0-7241-4e79-b68d-6309f01c5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2007-10-16 66880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c897d}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{6226BA26-C017-4007-928C-DE9715C6FA68} - SurfLite Toolbar - C:\Program Files\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup "=c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup []
"ISUSScheduler "=C:\progra~1\common~1\instal~1\update~1\issch.exe -start []
"OneCareUI "=C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [2008-11-05 64880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HPsetm "=C:\Documents and Settings\ajain3\Application Data\Google\ijdkq13324484.exe [2008-11-25 102912]
"SUPERAntiSpyware "=C:\Program Files\SUPERAntiSpyware\151184a4-af50-49b3-9022-d47fa3c9aa4d.exe []
"Jnskdfmf9eldfd "=C:\DOCUME~1\ajain3\LOCALS~1\Temp\csrssc.exe []
"rs32net "=C:\WINDOWS\System32\rs32net.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Trilogy Trilogy VPN Client.lnk - C:\Program Files\TrilogyVPN\vpngui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,nkkgxv.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!saswinlogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyxuvUN]
xxyxuvUN.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{00F53620-736E-4AE9-9A38-BB79D731D36A} "= []
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages "=msv1_0
C:\WINDOWS\system32\cbXOeFvw

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0mtxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\onecaremp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0mtxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\onecaremp]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools "=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145
"NoFolderOptions "=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\eclipseEuropa\eclipse\eclipse.exe "= "C:\eclipseEuropa\eclipse\eclipse.exe:*:Enabled:eclipse "
"C:\Program Files\CounterPath\X-Lite\x-lite.exe "= "C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite "
"C:\installs\Tomcat5.5\bin\tomcat5.exe "= "C:\installs\Tomcat5.5\bin\tomcat5.exe:*:Enabled:Service Runner "
"C:\installs\jdk1.5.0\bin\java.exe "= "C:\installs\jdk1.5.0\bin\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary "
"C:\installs\jdk1.4.2\jre\bin\java.exe "= "C:\installs\jdk1.4.2\jre\bin\java.exe:*:Enabled:java "
"C:\installs\jdk1.4.2\bin\java.exe "= "C:\installs\jdk1.4.2\bin\java.exe:*:Enabled:java "
"C:\WINDOWS\system32\ftp.exe "= "C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program "
"C:\Documents and Settings\ajain3\Desktop\RFP\eclipse\eclipse.exe "= "C:\Documents and Settings\ajain3\Desktop\RFP\eclipse\eclipse.exe:*:Enabled:eclipse "
"C:\Program Files\Internet Explorer\iexplore.exe "= "C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer "
"C:\WINDOWS\system32\drivers\svchost.exe "= "C:\WINDOWS\system32\drivers\svchost.exe:*isabled:svchost "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{110b9bfd-42b6-11dd-8461-0015c5381ec3}]
shell\AutoRun\command - xn1i9x.com
shell\explore\command - xn1i9x.com
shell\open\command - xn1i9x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{110b9bfe-42b6-11dd-8461-0015c5381ec3}]
shell\AutoRun\command - xn1i9x.com
shell\explore\command - xn1i9x.com
shell\open\command - xn1i9x.com

======File associations======

.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

======List of files/folders created in the last 3 months======

2008-11-30 17:58:44 ----AH---- C:\WINDOWS\system32\BIT5.tmp
2008-11-30 17:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-30 17:02:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-30 17:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-30 17:02:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-30 17:02:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-30 17:00:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-30 17:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-30 17:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-30 17:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-30 17:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-30 04:11:55 ----D---- C:\Program Files\trend micro
2008-11-30 04:02:27 ----D---- C:\RSIT
2008-11-30 04:00:23 ----RSD---- C:\WINDOWS\assembly
2008-11-30 03:59:51 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-30 03:42:53 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2008-11-27 17:34:15 ----D---- C:\WINDOWS\system32\NtmsData
2008-11-27 17:31:26 ----HD---- C:\Config.Msi
2008-11-27 17:19:42 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-27 12:50:32 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-27 12:48:35 ----D---- C:\Documents and Settings\ajain3\Application Data\SUPERAntiSpyware.com
2008-11-27 12:08:28 ----A---- C:\WINDOWS\system32\msvcrt2.dll
2008-11-27 01:04:38 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-11-26 22:50:41 ----D---- C:\Documents and Settings\ajain3\Application Data\uTorrent
2008-11-26 14:59:59 ----D---- C:\Documents and Settings\ajain3\Application Data\IObit
2008-11-25 23:06:29 ----D---- C:\Documents and Settings\ajain3\Application Data\Antispyware
2008-11-13 18:05:15 ----D---- C:\Documents and Settings\ajain3\Application Data\VoxOx
2008-11-13 14:21:08 ----D---- C:\Program Files\MSECache
2008-11-06 15:36:42 ----D---- C:\Documents and Settings\ajain3\Application Data\VoipBuster
2008-11-06 15:12:00 ----D---- C:\Documents and Settings\ajain3\Application Data\ARGELA
2008-11-06 15:11:44 ----D---- C:\Program Files\tuitalker
2008-11-02 16:46:28 ----D---- C:\Program Files\Attractel
2008-10-29 20:17:23 ----D---- C:\Documents and Settings\ajain3\Application Data\Globe7
2008-10-29 20:00:59 ----D---- C:\Documents and Settings\ajain3\Application Data\NCH Swift Sound
2008-10-29 19:41:56 ----D---- C:\Program Files\Common Files\Vocaltec
2008-10-25 19:13:31 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-10-20 17:06:41 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-10-20 17:02:39 ----A---- C:\WINDOWS\system32\msxml3a.dll
2008-10-20 17:02:09 ----AD---- C:\Documents and Settings\All Users\Application Data\Temp
2008-10-20 15:57:43 ----A---- C:\WINDOWS\system32\sql.dll
2008-10-19 09:24:52 ----A---- C:\WINDOWS\system32\slqejyel.exe
2008-10-17 23:27:18 ----D---- C:\Program Files\Audio CD Maker
2008-10-16 09:01:49 ----A---- C:\WINDOWS\system32\txmutrlw.dll
2008-10-14 22:46:33 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-14 18:43:25 ----SH---- C:\WINDOWS\system32\vfegtnic.ini
2008-10-14 12:58:23 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-14 12:22:50 ----D---- C:\Program Files\Windows Live Safety Center
2008-10-14 09:11:38 ----ASH---- C:\WINDOWS\system32\fbagrpqp.ini
2008-10-14 09:09:25 ----A---- C:\WINDOWS\system32\ihpasvwr.dll
2008-10-13 18:52:19 ----ASH---- C:\WINDOWS\system32\nqooqrbc.ini
2008-10-13 18:51:43 ----A---- C:\WINDOWS\system32\bf352661-.txt
2008-10-13 18:50:50 ----ASH---- C:\WINDOWS\system32\wvFeOXbc.ini2
2008-10-13 18:50:49 ----ASH---- C:\WINDOWS\system32\wvFeOXbc.ini
2008-10-05 20:50:05 ----D---- C:\Documents and Settings\All Users\Application Data\PopCap
2008-10-04 14:03:27 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-10-04 14:02:45 ----D---- C:\WINDOWS\Prefetch
2008-10-04 13:19:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-04 13:19:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-04 13:19:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-04 13:19:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-04 13:19:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-04 13:19:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-04 13:18:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-04 13:18:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-04 13:18:27 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-04 13:18:18 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-04 13:12:20 ----D---- C:\WINDOWS\system32\scripting
2008-10-04 13:12:19 ----D---- C:\WINDOWS\l2schemas
2008-10-04 13:12:17 ----D---- C:\WINDOWS\system32\en
2008-10-04 13:12:17 ----D---- C:\WINDOWS\system32\bits
2008-10-04 13:08:28 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-04 12:58:11 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-02 19:47:22 ----D---- C:\Documents and Settings\ajain3\Application Data\JLC's Software
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-30 12:58:32 ----D---- C:\eclipseEuropa
2008-09-29 08:25:02 ----D---- C:\Documents and Settings\ajain3\Application Data\Yahoo!
2008-09-29 08:23:56 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-29 08:22:52 ----A---- C:\YServer.txt
2008-09-29 08:19:29 ----D---- C:\Program Files\Yahoo!
2008-09-26 14:49:31 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-26 14:49:31 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-26 14:49:31 ----A---- C:\WINDOWS\system32\java.exe
2008-09-12 22:56:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-06 23:55:15 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-09-06 23:55:15 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-09-06 23:55:15 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-09-06 23:55:15 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-09-06 23:55:15 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-09-06 23:55:12 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-09-03 03:31:13 ----A---- C:\WINDOWS\system32\wmphoto.dll
2008-09-03 03:31:03 ----A---- C:\WINDOWS\system32\wlanapi.dll
2008-09-03 03:30:57 ----A---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-03 03:30:56 ----A---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-03 03:30:31 ----A---- C:\WINDOWS\system32\tspkg.dll
2008-09-03 03:30:31 ----A---- C:\WINDOWS\system32\tsgqec.dll
2008-09-03 03:30:13 ----A---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-03 03:30:10 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-03 03:30:05 ----A---- C:\WINDOWS\system32\slserv.exe
2008-09-03 03:30:04 ----N---- C:\WINDOWS\slrundll.exe
2008-09-03 03:30:04 ----A---- C:\WINDOWS\system32\slrundll.exe
2008-09-03 03:30:04 ----A---- C:\WINDOWS\system32\slgen.dll
2008-09-03 03:30:04 ----A---- C:\WINDOWS\system32\slextspk.dll
2008-09-03 03:30:04 ----A---- C:\WINDOWS\system32\slcoinst.dll
2008-09-03 03:29:51 ----A---- C:\WINDOWS\system32\setupn.exe
2008-09-03 03:29:36 ----A---- C:\WINDOWS\system32\s3gnb.dll
2008-09-03 03:29:28 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-03 03:29:16 ----A---- C:\WINDOWS\system32\rasqec.dll
2008-09-03 03:29:14 ----A---- C:\WINDOWS\system32\qutil.dll
2008-09-03 03:29:11 ----A---- C:\WINDOWS\system32\qcliprov.dll
2008-09-03 03:29:10 ----A---- C:\WINDOWS\system32\qagentrt.dll
2008-09-03 03:29:09 ----A---- C:\WINDOWS\system32\qagent.dll
2008-09-03 03:28:57 ----A---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-03 03:28:40 ----A---- C:\WINDOWS\system32\onex.dll
2008-09-03 03:28:27 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-03 03:28:17 ----A---- C:\WINDOWS\system32\napstat.exe
2008-09-03 03:28:17 ----A---- C:\WINDOWS\system32\napmontr.dll
2008-09-03 03:28:17 ----A---- C:\WINDOWS\system32\napipsec.dll
2008-09-03 03:28:16 ----A---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-03 03:28:15 ----A---- C:\WINDOWS\system32\msxml6r.dll
2008-09-03 03:28:14 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-09-03 03:28:11 ----A---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-03 03:28:11 ----A---- C:\WINDOWS\system32\mssha.dll
2008-09-03 03:27:34 ----A---- C:\WINDOWS\system32\mmcperf.exe
2008-09-03 03:27:34 ----A---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-03 03:27:33 ----A---- C:\WINDOWS\system32\mmcex.dll
2008-09-03 03:27:33 ----A---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-03 03:27:10 ----A---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-03 03:27:09 ----A---- C:\WINDOWS\system32\kmsvc.dll
2008-09-03 03:27:08 ----A---- C:\WINDOWS\system32\kbdpash.dll
2008-09-03 03:27:08 ----A---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-03 03:27:08 ----A---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-03 03:27:08 ----A---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-03 03:26:37 ----A---- C:\WINDOWS\system32\comsdupd.exe
2008-09-03 03:26:25 ----A---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-03 03:26:14 ----A---- C:\WINDOWS\003057_.tmp
2008-09-03 03:26:12 ----A---- C:\WINDOWS\system32\faxpatch.exe
2008-09-03 03:26:04 ----A---- C:\WINDOWS\system32\eapsvc.dll
2008-09-03 03:26:04 ----A---- C:\WINDOWS\system32\eapqec.dll
2008-09-03 03:26:04 ----A---- C:\WINDOWS\system32\eappprxy.dll
2008-09-03 03:26:04 ----A---- C:\WINDOWS\system32\eapphost.dll
2008-09-03 03:26:04 ----A---- C:\WINDOWS\system32\eappgnui.dll
2008-09-03 03:26:04 ----A---- C:\WINDOWS\system32\eappcfg.dll
2008-09-03 03:26:04 ----A---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-03 03:26:04 ----A---- C:\WINDOWS\system32\eapolqec.dll
2008-09-03 03:25:56 ----A---- C:\WINDOWS\system32\dot3ui.dll
2008-09-03 03:25:56 ----A---- C:\WINDOWS\system32\dot3svc.dll
2008-09-03 03:25:55 ----A---- C:\WINDOWS\system32\dot3msm.dll
2008-09-03 03:25:55 ----A---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-03 03:25:55 ----A---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-03 03:25:55 ----A---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-03 03:25:55 ----A---- C:\WINDOWS\system32\dot3api.dll
2008-09-03 03:25:54 ----A---- C:\WINDOWS\system32\dimsroam.dll
2008-09-03 03:25:53 ----A---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-03 03:25:53 ----A---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-03 03:25:51 ----A---- C:\WINDOWS\system32\credssp.dll
2008-09-03 03:25:36 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-03 03:25:35 ----A---- C:\WINDOWS\system32\azroles.dll
2008-09-03 03:25:29 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-03 03:25:29 ----A---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-03 03:25:25 ----A---- C:\WINDOWS\system32\ati3duag.dll
2008-09-03 03:25:24 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-03 03:25:22 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-03 03:25:22 ----A---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-03 03:25:20 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-03 03:25:08 ----A---- C:\WINDOWS\system32\aaclient.dll

======List of files/folders modified in the last 3 months======

2008-11-30 17:58:44 ----HD---- C:\WINDOWS\inf
2008-11-30 17:58:44 ----D---- C:\WINDOWS\system32
2008-11-30 17:56:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-30 17:54:57 ----D---- C:\WINDOWS
2008-11-30 17:11:01 ----D---- C:\WINDOWS\Temp
2008-11-30 17:09:02 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-30 17:08:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-30 17:02:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-30 17:02:44 ----D---- C:\WINDOWS\system32\drivers
2008-11-30 17:02:42 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-30 17:02:40 ----A---- C:\WINDOWS\imsins.BAK
2008-11-30 17:02:24 ----D---- C:\Program Files\Internet Explorer
2008-11-30 17:00:24 ----SHD---- C:\WINDOWS\Installer
2008-11-30 17:00:24 ----D---- C:\WINDOWS\WinSxS
2008-11-30 13:34:09 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-30 13:34:08 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-30 13:32:14 ----SD---- C:\Documents and Settings\ajain3\Application Data\Microsoft
2008-11-30 04:13:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-30 04:11:55 ----D---- C:\Program Files
2008-11-30 04:06:42 ----SD---- C:\WINDOWS\system32\Microsoft
2008-11-30 04:05:54 ----D---- C:\WINDOWS\system32\config
2008-11-30 04:03:12 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-30 03:43:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-29 21:12:19 ----A---- C:\WINDOWS\ODBC.INI
2008-11-29 18:59:12 ----SHD---- C:\RECYCLER
2008-11-29 18:53:36 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-29 18:53:24 ----D---- C:\Documents and Settings
2008-11-29 18:40:26 ----SHD---- C:\WINDOWS\CSC
2008-11-27 21:39:59 ----D---- C:\Program Files\Common Files
2008-11-27 21:39:15 ----D---- C:\WINDOWS\system32\Adobe
2008-11-27 21:39:05 ----D---- C:\WINDOWS\system32\Macromed
2008-11-27 21:39:05 ----D---- C:\Documents and Settings\ajain3\Application Data\Macromedia
2008-11-27 21:39:05 ----D---- C:\Documents and Settings\ajain3\Application Data\Adobe
2008-11-27 21:32:31 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-11-27 21:30:49 ----D---- C:\Program Files\Google
2008-11-27 21:28:31 ----D---- C:\Documents and Settings\ajain3\Application Data\Mozilla
2008-11-27 21:07:46 ----D---- C:\QUARANTINE
2008-11-27 17:38:37 ----D---- C:\Documents and Settings\ajain3\Application Data\Notepad++
2008-11-27 12:09:26 ----A---- C:\WINDOWS\ModemLog_Standard 33600 bps Modem.txt
2008-11-26 12:02:06 ----D---- C:\Program Files\Common Files\GTK
2008-11-26 11:49:01 ----D---- C:\Program Files\CyberLink
2008-11-25 23:06:33 ----SD---- C:\WINDOWS\Tasks
2008-11-25 20:29:20 ----D---- C:\Documents and Settings\ajain3\Application Data\Google
2008-11-23 13:06:24 ----D---- C:\WINDOWS\system32\ias
2008-11-13 14:23:12 ----D---- C:\Program Files\Microsoft Office
2008-11-12 14:50:34 ----SHD---- C:\System Volume Information
2008-11-03 18:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-02 21:09:45 ----A---- C:\WINDOWS\WirelessFTP.INI
2008-10-31 19:11:18 ----D---- C:\personal
2008-10-25 19:14:45 ----A---- C:\WINDOWS\ModemLog_CDMA_1X Modem.txt
2008-10-20 17:06:37 ----D---- C:\Documents and Settings\ajain3\Application Data\CyberLink
2008-10-20 17:05:11 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-20 17:01:57 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-10-20 17:01:56 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-10-20 12:41:22 ----D---- C:\WINDOWS\pchealth
2008-10-15 10:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 23:10:34 ----A---- C:\WINDOWS\wininit.ini
2008-10-14 18:54:09 ----D---- C:\installs
2008-10-14 18:52:48 ----D---- C:\Program Files\Mozilla Firefox
2008-10-14 12:35:58 ----D---- C:\Documents and Settings\ajain3\Application Data\Orbit
2008-10-14 12:34:40 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-10-14 10:24:48 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-14 10:19:06 ----D---- C:\Program Files\Online Services
2008-10-14 10:18:53 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-07 02:43:27 ----D---- C:\WINDOWS\security
2008-10-04 14:04:20 ----A---- C:\WINDOWS\setuplog.txt
2008-10-04 14:02:13 ----D---- C:\WINDOWS\system32\wbem
2008-10-04 14:02:13 ----D---- C:\WINDOWS\system32\Setup
2008-10-04 14:02:13 ----D---- C:\WINDOWS\AppPatch
2008-10-04 14:02:11 ----RSD---- C:\WINDOWS\Fonts
2008-10-04 13:18:28 ----D---- C:\Program Files\Messenger
2008-10-04 13:13:38 ----D---- C:\Program Files\Windows Media Player
2008-10-04 13:13:09 ----D---- C:\WINDOWS\network diagnostic
2008-10-04 13:13:09 ----D---- C:\WINDOWS\ime
2008-10-04 13:13:09 ----D---- C:\WINDOWS\Help
2008-10-04 13:12:21 ----D---- C:\WINDOWS\system32\usmt
2008-10-04 13:12:21 ----D---- C:\WINDOWS\system32\en-US
2008-10-04 13:12:17 ----D---- C:\WINDOWS\PeerNet
2008-10-04 13:12:16 ----D---- C:\Program Files\Movie Maker
2008-10-04 13:08:09 ----D---- C:\WINDOWS\system32\Restore
2008-10-04 13:08:09 ----D---- C:\WINDOWS\system32\npp
2008-10-04 13:08:09 ----D---- C:\WINDOWS\mui
2008-10-04 13:08:07 ----D---- C:\WINDOWS\msagent
2008-10-04 13:08:04 ----D---- C:\WINDOWS\srchasst
2008-10-04 13:08:03 ----D---- C:\Program Files\NetMeeting
2008-10-04 13:08:00 ----D---- C:\WINDOWS\system32\Com
2008-10-04 13:07:54 ----D---- C:\Program Files\Windows NT
2008-10-04 13:07:54 ----D---- C:\Program Files\Outlook Express
2008-10-04 13:07:49 ----D---- C:\Program Files\Common Files\System
2008-10-04 13:07:24 ----D---- C:\WINDOWS\system32\oobe
2008-10-04 13:07:21 ----D---- C:\WINDOWS\system
2008-10-04 13:02:22 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-04 12:55:41 ----D---- C:\WINDOWS\ehome
2008-10-03 11:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-27 02:28:18 ----D---- C:\Downloads
2008-09-27 02:14:34 ----D---- C:\Documents and Settings\ajain3\Application Data\BitTorrent
2008-09-26 14:49:31 ----D---- C:\Program Files\Java
2008-09-04 11:15:04 ----A---- C:\WINDOWS\system32\msxml3.dll
2008-09-03 00:45:23 ----D---- C:\WINDOWS\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2007-10-16 51944]
R1 msfwhlpr;MSFWHLPR; C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys [2007-11-27 116416]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-21 13632]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-01-23 21275]
R2 CVPNDRVA;Trilogy IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 msfwdrv;MSFWDrv; C:\WINDOWS\system32\DRIVERS\msfwdrv.sys [2007-11-27 91328]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-12-28 13568]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2003-07-24 139604]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-11-30 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-11-30 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2007-10-16 64168]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-10-16 72680]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-10-16 33960]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-10-16 171272]
R3 mpfilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2008-05-15 53168]
R3 NgLog;Aventail VPN Logging; C:\WINDOWS\system32\DRIVERS\nglog.sys [2007-01-17 17920]
R3 NgVpn;Aventail VPN Adapter; C:\WINDOWS\system32\DRIVERS\ngvpn.sys [2007-01-17 70144]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-12 5888]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-11-21 47104]
R3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-01-20 108928]
R3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2005-09-15 36480]
R3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-01-11 62848]
R3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-02-09 39936]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-13 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-11-30 669696]
S1 7088dd34;7088dd34; C:\WINDOWS\System32\drivers\7088dd34.sys []
S1 oxser;OX16C95x Serial port driver; C:\WINDOWS\system32\DRIVERS\oxser.sys [2005-05-22 49792]
S1 sasdifsv;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 saskutil;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-25 142720]
S3 BCOREUSB;BCOREUSB.Sys CSR test driver; C:\WINDOWS\System32\Drivers\BCOREUSB.sys [2005-10-03 86867]
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NgFilter;Aventail VPN Filter; C:\WINDOWS\system32\DRIVERS\ngfilter.sys [2007-01-17 15360]
S3 restore;restore; \??\C:\WINDOWS\system32\drivers\restore.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 sasenum;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-12 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\TrilogyVPN\cvpnd.exe [2004-06-16 1433616]
R2 DB2;DB2 - DB2; D:\DB2\bin\db2syscs.exe [2002-10-23 140968]
R2 DB2DAS00;DB2DAS - DB2DAS00; D:\DB2\\bin\db2dasrrm.exe [2002-10-23 812712]
R2 DB2JDS;DB2 JDBC Applet Server; D:\DB2\BIN\db2jds.exe [2002-10-23 194216]
R2 DB2NTSECSERVER;DB2 Security Server; D:\DB2\BIN\db2sec.exe [2002-10-23 30368]
R2 DB2REMOTECMD;DB2 Remote Command Server; D:\DB2\BIN\db2rcmd.exe [2002-10-23 38568]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-12-28 114753]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2007-10-24 103744]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2007-10-16 144704]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2007-10-16 54608]
R2 msfwsvc;OneCare Firewall; C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe [2007-11-27 755264]
R2 Multi-user Cleanup Service;Multi-user Cleanup Service; C:\Program Files\lotus\notes\ntmulti.exe [2006-09-26 53248]
R2 NgVpnMgr;Aventail VPN Client; C:\WINDOWS\system32\ngvpnmgr.exe [2007-01-17 194115]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
R2 ochealthmon;Windows Live OneCare Health Monitor; C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-11-05 25968]
R2 onecaremp;OneCare AntiSpyware and AntiVirus; C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe [2008-07-09 18704]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-12-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-12-28 540745]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 winss;Windows Live OneCare; C:\Program Files\Microsoft Windows OneCare Live\winss.exe [2008-11-05 1132912]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2005-12-28 262217]
S2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe -service []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 DB2GOVERNOR;DB2 Governor; D:\DB2\BIN\db2govds.exe [2002-10-23 30376]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-21 73728]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S3 Tomcat5;Apache Tomcat; C:\installs\Tomcat5.5\bin\tomcat5.exe [2006-04-14 102400]
S4 Bluetooth Hid Switch Service;Bluetooth Hid Switch Service; C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe [2005-08-30 188416]

-----------------EOF-----------------

aksjain · 2008/11/30

Contents of info file from RSIT

info.txt logfile of random's system information tool 1.04 2008-11-30 18:00:20

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ActivePerl 5.6.1 Build 630-->MsiExec.exe /I{A6DECEBA-35D7-4AA7-B03E-D431D0637858}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
ALZip--> "C:\Program Files\ESTsoft\ALZip\unins000.exe "
Apache Tomcat 5.5 (remove only)--> "C:\installs\Tomcat5.5\Uninstall.exe "
Aventail Connect-->MsiExec.exe /I{A2A78788-2792-49BF-AF22-5E9296E568F3}
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
DB2 Personal Edition-->MsiExec.exe /I{C0AA883A-72AE-495F-9601-49F2EB154E93}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Distribution Channel Management Test Cases-->D:\mcc27\_uninst2\uninstaller.exe
Distribution Channel Management-->D:\mcc33\_uninst\uninstaller.exe
GTOneCare-->MsiExec.exe /X{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
J2SE Development Kit 5.0 Update 11-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150110}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java 2 Runtime Environment, SE v1.4.2_15-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142150}
Java 2 SDK Standard Edition v1.3.1-->C:\WINDOWS\IsUninst.exe -fc:\installs\jdk1.3.1\Uninst.isu
Java 2 SDK, SE v1.4.2_15-->MsiExec.exe /I{35A3A4F4-B792-11D6-A78A-00B0D0142150}
Lotus Notes 7.0.2-->MsiExec.exe /I{3DFB275E-92F1-4D4A-A546-C5475917FA41}
McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Office 2000 Standard-->MsiExec.exe /I{00020409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Visio Viewer 2007-->MsiExec.exe /I{95120000-0052-0409-0000-0000000FF1CE}
Microsoft Protection Service-->MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Live OneCare Resources v2.5.2900.20-->MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus-->MsiExec.exe /I{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}
Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install-->MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Microsoft Windows OneCare Live v2.5.2900.20-->MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
OZ776 SCR CardBus Windows Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48} /l1033
PC Connectivity Solution-->MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
PuTTY version 0.58--> "C:\installs\PuTTY\unins000.exe "
PX Engine-->MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
Security Update for Windows Internet Explorer 7 (KB938127)--> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB953838)--> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB956390)--> "C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe "
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950759)--> "C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954211)--> "C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954459)--> "C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe "
Security Update for Windows XP (KB955069)--> "C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956391)--> "C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956803)--> "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956841)--> "C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957095)--> "C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957097)--> "C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe "
Security Update for Windows XP (KB958644)--> "C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe "
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SurfLite Toolbar-->regsvr32 /u /s "C:\Program Files\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll"
TortoiseSVN 1.4.4.9706 (32 bit)-->MsiExec.exe /X{182A59A6-1AAB-44AC-9C37-59A2A88F2D70}
Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
Update for Windows XP (KB951978)--> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe "
VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
Watson-->MsiExec.exe /I{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll ",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live OneCare--> "C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows Media Format Runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3--> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe "
X-Lite 3.0--> "C:\Program Files\CounterPath\X-Lite\unins001.exe "

======Security center information======

AV: McAfee VirusScan Enterprise
AV: Windows Live OneCare
FW: Windows Live OneCare Firewall

======Environment variables======

"CLASSPATH "=D:\DB2\java\db2java.zip;D:\DB2\java\db2jcc.jar;D:\DB2\java\sqlj.zip;D:\DB2\java\common.jar;D:\DB2\java\db2jcc_license_cisuz.jar;D:\DB2\java\db2jcc_license_cu.jar;
"ComSpec "=%SystemRoot%\system32\cmd.exe
"DB2INSTANCE "=DB2
"DB2TEMPDIR "=D:\DB2\
"DEFLOGDIR "=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"FP_NO_HOST_CHECK "=NO
"INCLUDE "=D:\DB2\INCLUDE;D:\DB2\LIB
"JAVA_HOME "=C:\installs\jdk1.4.2
"LIB "=D:\DB2\LIB
"MCC_DIR "=D:\dcm312
"NUMBER_OF_PROCESSORS "=2
"OS "=Windows_NT
"Path "=C:\cygwin\bin;C:\installs\ant1.6.5\bin;%JAVA_HOME%\bin;C:\installs\perl\bin\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Progra~1\ESTsoft\ALZip\;D:\DB2\BIN;D:\DB2\FUNCTION;D:\DB2\SAMPLES\REPL;
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_IDENTIFIER "=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_LEVEL "=6
"PROCESSOR_REVISION "=0e08
"R4BUILD "=D:\aefa\dcm312
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"VSEDEFLOGDIR "=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"windir "=%SystemRoot%

-----------------EOF-----------------

aksjain · 2008/11/30

ComboFix not running

I have tried downloading ComboFix.exe. But it does not run. It is showed as a running process in Task Manager but nothing seems to happen on UI. Is there anything that needs to be done before running it?

Geri · 2008/12/05

Hi
Sorry I missed your post.

Delete the Combofix you have and follow these instructions.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

Vista users right click Combofix.exe and select Run As Administrator.

When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - Allow ComboFix to update if prompted.

Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

Thanks
Geri

Log in or Sign up

Inactive [InActive] Getting firewall alert for Spyware.ISpyNow in windows XP

aksjain Inactive Thread Starter

Geri Inactive Alumni

dj9816 Inactive

Geri Inactive Alumni

aksjain Inactive Thread Starter

aksjain Inactive Thread Starter

aksjain Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Log in or Sign up

Inactive [InActive] Getting firewall alert for Spyware.ISpyNow in windows XP

aksjain Inactive Thread Starter

Geri Inactive Alumni

dj9816 Inactive

Geri Inactive Alumni

aksjain Inactive Thread Starter

aksjain Inactive Thread Starter

aksjain Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Useful Searches