Active win32/tenga.gen virus - it took over

Computer 3

info.txt logfile of random's system information tool 1.05 2008-12-22 19:48:36

======Uninstall list======

-->C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe -runfromtemp -l0x0009/cont -removeonly
-->C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe -runfromtemp -l0x0009 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{447716E9-424F-4DA4-92C3-A52B597E1EC7}\Setup.exe" -l0x9 -remove -s -f1 "C:\Program Files\InstallShield Installation Information\{447716E9-424F-4DA4-92C3-A52B597E1EC7}\setup.iss" -f2 "C:\Program Files\InstallShield Installation Information\{447716E9-424F-4DA4-92C3-A52B597E1EC7}\remove.log" -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DE4AC83-5D22-40C5-B4D1-CC2285C0CAA0}\Setup.exe" -l0x9 -remove -s -f1 "C:\Program Files\InstallShield Installation Information\{8DE4AC83-5D22-40C5-B4D1-CC2285C0CAA0}\setup.iss" -f2 "C:\Program Files\InstallShield Installation Information\{8DE4AC83-5D22-40C5-B4D1-CC2285C0CAA0}\remove.log" -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCC-->MsiExec.exe /I{95749C5B-BC37-41E3-8D39-EEF4C21A2825}
ClamWin Free Antivirus 0.94.1--> "C:\Program Files\ClamWin\unins000.exe "
Color LaserJet 2600n-->C:\Program Files\Zenographics\{0DF1F4BF-0E32-4D4D-9AE6-148EDB9AF61A}\setup.exe -u "HPCLJKCInstaller.dll=CLJ2600.INF "
ESET NOD32 Antivirus-->MsiExec.exe /I{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}
FormsComponent-->MsiExec.exe /I{BC728F95-2D3F-4D05-9E1E-F2A3CEBF3FE8}
FOSS-->MsiExec.exe /I{EA9629DA-5715-48BA-B054-28169702B176}
Free PDF to Word Doc Converter v1.1--> "C:\Program Files\Free PDF to Word Doc Converter\unins000.exe "
GIMP 2.4.2--> "C:\Program Files\GIMP-2.0\setup\unins000.exe "
High Definition Audio Driver Package - KB888111--> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe "
HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)--> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe "
Hotfix for Windows Media Format 11 SDK (KB929399)--> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
Hotfix for Windows Media Player 11 (KB939683)--> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB914440)--> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB915865)--> "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB926239)--> "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB935448)--> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Macromedia Dreamweaver MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP--> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007--> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server Desktop Engine (UPSWSDBSERVER)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0--> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
MiniRingtone 1.5--> "C:\Program Files\MiniRingtone\unins000.exe "
Mirar-->mshta.exe http://remove.getmirar.com/
Mirar-->mshta.exe http://remove.getmirar.com/
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.18)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSIChecker-->MsiExec.exe /I{C9D43B38-34AD-4EC2-B696-46F42D49D174}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NA1Messenger-->MsiExec.exe /I{9376D1C4-434F-40C9-90AC-ED6F22D36F3A}
NA1Messenger-->MsiExec.exe /I{D44E7219-947E-4F1B-830E-66EF11ACC543}
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)--> "C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe "
NRF-->MsiExec.exe /I{68AF09E3-1167-4771-903C-CCCDCF7E171C}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PolicyManager-->MsiExec.exe /I{56B59C2A-EFB8-44AC-88F5-3280171E4522}
psqlODBC-->MsiExec.exe /I{838E187D-8B7A-473D-B93C-C8E970B15D2B}
QuickBooks Product Listing Service-->MsiExec.exe /I{55584E16-4D70-44EE-93DD-F144E8B7D4B7}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Ralink Wireless LAN-->C:\Program Files\InstallShield Installation Information\{E91E8912-769D-42F0-8408-0E329443BABC}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Reconciler-->MsiExec.exe /I{5AE59A84-B2F3-42CC-A246-5AF80F6EE770}
ReportServer-->MsiExec.exe /I{33035862-543C-4405-9CC6-08593CF2C25F}
RRU-->MsiExec.exe /I{ED782024-4713-4DD6-85FA-B2B038DE4007}
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for Windows Internet Explorer 7 (KB938127)--> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB942615)--> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB944533)--> "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB953838)--> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB956390)--> "C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe "
Security Update for Windows Media Player (KB911564)--> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB954154)--> "C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe "
Security Update for Windows Media Player 6.4 (KB925398)--> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe "
Security Update for Windows XP (KB890046)--> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe "
Security Update for Windows XP (KB893756)--> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896358)--> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896423)--> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896428)--> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe "
Security Update for Windows XP (KB899587)--> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe "
Security Update for Windows XP (KB899591)--> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe "
Security Update for Windows XP (KB900725)--> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe "
Security Update for Windows XP (KB901017)--> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe "
Security Update for Windows XP (KB901214)--> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe "
Security Update for Windows XP (KB902400)--> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe "
Security Update for Windows XP (KB905414)--> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe "
Security Update for Windows XP (KB905749)--> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe "
Security Update for Windows XP (KB908519)--> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe "
Security Update for Windows XP (KB911562)--> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe "
Security Update for Windows XP (KB911927)--> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe "
Security Update for Windows XP (KB913580)--> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe "
Security Update for Windows XP (KB914388)--> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe "
Security Update for Windows XP (KB914389)--> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe "
Security Update for Windows XP (KB917953)--> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe "
Security Update for Windows XP (KB918118)--> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe "
Security Update for Windows XP (KB918439)--> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe "
Security Update for Windows XP (KB919007)--> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920213)--> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920670)--> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920683)--> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920685)--> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe "
Security Update for Windows XP (KB921503)--> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe "
Security Update for Windows XP (KB922819)--> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923191)--> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923414)--> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)--> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe "
Security Update for Windows XP (KB924270)--> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe "
Security Update for Windows XP (KB924496)--> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe "
Security Update for Windows XP (KB924667)--> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe "
Security Update for Windows XP (KB925902)--> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe "
Security Update for Windows XP (KB926255)--> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe "
Security Update for Windows XP (KB926436)--> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe "
Security Update for Windows XP (KB927779)--> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe "
Security Update for Windows XP (KB927802)--> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe "
Security Update for Windows XP (KB928255)--> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe "
Security Update for Windows XP (KB928843)--> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe "
Security Update for Windows XP (KB929123)--> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe "
Security Update for Windows XP (KB930178)--> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe "
Security Update for Windows XP (KB931261)--> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe "
Security Update for Windows XP (KB931784)--> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe "
Security Update for Windows XP (KB932168)--> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe "
Security Update for Windows XP (KB933729)--> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe "
Security Update for Windows XP (KB935839)--> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe "
Security Update for Windows XP (KB935840)--> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe "
Security Update for Windows XP (KB936021)--> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe "
Security Update for Windows XP (KB937894)--> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938127)--> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938829)--> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941202)--> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941568)--> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941644)--> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941693)--> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe "
Security Update for Windows XP (KB942615)--> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe "
Security Update for Windows XP (KB943055)--> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe "
Security Update for Windows XP (KB943460)--> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe "
Security Update for Windows XP (KB943485)--> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe "
Security Update for Windows XP (KB944653)--> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe "
Security Update for Windows XP (KB945553)--> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946026)--> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
Security Update for Windows XP (KB948590)--> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe "
Security Update for Windows XP (KB948881)--> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950749)--> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954211)--> "C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe "
Security Update for Windows XP (KB955069)--> "C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956391)--> "C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956803)--> "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956841)--> "C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957095)--> "C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957097)--> "C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe "
Security Update for Windows XP (KB958644)--> "C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe "
Sony Image Data Suite-->C:\Program Files\InstallShield Installation Information\{359FCAA7-B544-4147-AE3B-8C8A526E2427}\setup.exe -runfromtemp -l0x0009 -removeonly
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 /removeonly uninstall -removeonly
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SupportSoft Assisted Service-->MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
SupportUtility-->MsiExec.exe /I{C30E30A6-0AB5-470A-AB67-D322938F5429}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
System-->MsiExec.exe /I{DB2C58E0-6284-4B48-97F2-22A980B6360B}
Update for Windows XP (KB894391)--> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe "
Update for Windows XP (KB898461)--> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe "
Update for Windows XP (KB900485)--> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe "
Update for Windows XP (KB904942)--> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe "
Update for Windows XP (KB908531)--> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe "
Update for Windows XP (KB910437)--> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe "
Update for Windows XP (KB911280)--> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe "
Update for Windows XP (KB916595)--> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe "
Update for Windows XP (KB920872)--> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe "
Update for Windows XP (KB922582)--> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe "
Update for Windows XP (KB925876)--> "C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe "
Update for Windows XP (KB927891)--> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe "
Update for Windows XP (KB930916)--> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe "
Update for Windows XP (KB932823-v3)--> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe "
Update for Windows XP (KB938828)--> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe "
Update for Windows XP (KB942763)--> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe "
Update for Windows XP (KB942840)--> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe "
Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
UPSDB-->MsiExec.exe /I{4AE3EAC8-FAD9-4ECC-A339-BBAD8C72DE71}
UPSICC-->MsiExec.exe /I{390160B4-D276-4A04-8002-8D3101A0D367}
UPSlinkHTTP-->MsiExec.exe /I{E358CC1E-4953-4E27-ADEB-8B27D8BBC20E}
WebHelp-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C5BD501-AD5D-4A75-9321-076509B438FC}\Setup.exe" -l0x9 -removeonly
Windows Installer 3.1 (KB893803)--> "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe "
Windows Internet Explorer 7--> "C:\WINDOWS\ie7\spuninst\spuninst.exe "
Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11--> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe "
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859--> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe "
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.0.5--> "C:\Program Files\WinSCP\unins000.exe "
WinZip Self-Extractor--> "C:\Program Files\WinZip Self-Extractor\setup.exe" /uninstall
WorldShip-->MsiExec.exe /I{2A033A00-FE0D-4609-B0E8-2C49CC494FC8}

======Security center information======

AV: ESET NOD32 Antivirus 3.0 (disabled)

System event log

Computer Name: TIGERDIST3
Event Code: 7036
Message: The Wireless Zero Configuration service entered the running state.

Record Number: 1296
Source Name: Service Control Manager
Time Written: 20081022163933.000000-300
Event Type: information
User:

Computer Name: TIGERDIST3
Event Code: 7035
Message: The Wireless Zero Configuration service was successfully sent a start control.

Record Number: 1295
Source Name: Service Control Manager
Time Written: 20081022163933.000000-300
Event Type: information
User: TIGERDIST3\Tigerdistrict3

Computer Name: TIGERDIST3
Event Code: 4201
Message: The system detected that network adapter USB...802.11 b/g Adaptor - Packet Scheduler Miniport was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 1294
Source Name: Tcpip
Time Written: 20081022163829.000000-300
Event Type: information
User:

Computer Name: TIGERDIST3
Event Code: 4202
Message: The system detected that network adapter USB...802.11 b/g Adaptor - Packet Scheduler Miniport was disconnected from the network,
and the adapter's network configuration has been released. If the network
adapter was not disconnected, this may indicate that it has malfunctioned.
Please contact your vendor for updated drivers.

Record Number: 1293
Source Name: Tcpip
Time Written: 20081022163824.000000-300
Event Type: information
User:

Computer Name: TIGERDIST3
Event Code: 8033
Message: The browser has forced an election on network \Device\NetBT_Tcpip_{988D2FD8-1381-4117-870D-9894BCFB6290} because a master browser was stopped.

Record Number: 1292
Source Name: BROWSER
Time Written: 20081022163732.000000-300
Event Type: information
User:

Application event log

Computer Name: TIGERDIST3
Event Code: 0
Message:
Record Number: 888
Source Name: iPod Service
Time Written: 20081216163357.000000-360
Event Type: information
User:

Computer Name: TIGERDIST3
Event Code: 19011
Message:
Record Number: 887
Source Name: MSSQL$UPSWSDBSERVER
Time Written: 20081216163349.000000-360
Event Type: warning
User:

Computer Name: TIGERDIST3
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 886
Source Name: SecurityCenter
Time Written: 20081216163349.000000-360
Event Type: information
User:

Computer Name: TIGERDIST3
Event Code: 1005
Message: The Windows Installer initiated a system restart to complete or continue the configuration of 'iTunes'.

Record Number: 885
Source Name: MsiInstaller
Time Written: 20081216163201.000000-360
Event Type: information
User: TIGERDIST3\Tigerdistrict3

Computer Name: TIGERDIST3
Event Code: 11707
Message: Product: iTunes -- Installation completed successfully.

Record Number: 884
Source Name: MsiInstaller
Time Written: 20081216163200.000000-360
Event Type: information
User: TIGERDIST3\Tigerdistrict3

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
"windir "=%SystemRoot%
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=15
"PROCESSOR_IDENTIFIER "=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION "=6b02
"NUMBER_OF_PROCESSORS "=2
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"CLASSPATH "=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA "=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

 

Computer 3

tjxioq.dll;c:\windows\system32;Trojan.Juan.60;Deleted.;
__1.tmp;C:\Documents and Settings\Tigerdistrict3\Local Settings\Temp;Probably Trojan.Packed.299;;
152[1].net;C:\Documents and Settings\Tigerdistrict3\Local Settings\Temporary Internet Files\Content.IE5\7T3ZED0G;Probably Trojan.Packed.299;;
zc113432[1];C:\Documents and Settings\Tigerdistrict3\Local Settings\Temporary Internet Files\Content.IE5\7T3ZED0G;Trojan.Virtumod.854;;
style[1];C:\Documents and Settings\Tigerdistrict3\Local Settings\Temporary Internet Files\Content.IE5\8PECJUD9;Probably Trojan.Packed.412;;
index[1];C:\Documents and Settings\Tigerdistrict3\Local Settings\Temporary Internet Files\Content.IE5\BZ7559JJ;Trojan.Juan.60;;
Dc1360.bac_a02840;C:\RECYCLER\S-1-5-21-527237240-413027322-682003330-1003;Trojan.Proxy.493;;
Dc1361.bac_a02840;C:\RECYCLER\S-1-5-21-527237240-413027322-682003330-1003;Trojan.Proxy.493;;
Dc1362.bac_a02840;C:\RECYCLER\S-1-5-21-527237240-413027322-682003330-1003;Trojan.Virtumod.1466;;
Dc1364.bac_a02840;C:\RECYCLER\S-1-5-21-527237240-413027322-682003330-1003;Trojan.DownLoader.5013;;
Dc1365.bac_a02840;C:\RECYCLER\S-1-5-21-527237240-413027322-682003330-1003;Trojan.Juan.60;;
Dc1368.bac_a02840;C:\RECYCLER\S-1-5-21-527237240-413027322-682003330-1003;Trojan.Juan.60;;
Dc1371.bac_a02840;C:\RECYCLER\S-1-5-21-527237240-413027322-682003330-1003;Trojan.Virtumod.1466;;
Dc1372.bac_a02840;C:\RECYCLER\S-1-5-21-527237240-413027322-682003330-1003;Trojan.Virtumod.1466;;
A0037336.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP304;Trojan.DnsChange;;
A0038730.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP304;Trojan.Virtumod.1534;;
A0039259.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP306;Trojan.DnsChange;;
A0040536.dll;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP306;Probably Trojan.Packed.375;;
A0040640.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP306;Win32.Gael.3666;;
A0040643.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP306;Win32.Gael.3666;;
A0040743.dll;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP306;Probably Trojan.Packed.375;;
A0040761.dll;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP306;Probably Trojan.Packed.375;;
A0040859.dll;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP307;Probably Trojan.Packed.375;;
A0040860.dll;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP307;Probably Trojan.Packed.375;;
A0040861.dll;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP307;Probably Trojan.Packed.375;;
A0040862.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP307;Trojan.DnsChange;;
A0040873.dll;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP307;Probably Trojan.Packed.375;;
A0040874.dll;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP307;Trojan.Juan.60;;
A0040875.dll;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP307;Trojan.Virtumod.855;;
A0041600.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041601.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041602.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041603.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041604.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041605.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041606.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041608.dll;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Probably Trojan.Packed.375;;
A0041609.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041610.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041611.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041612.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041613.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041614.dll;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Trojan.DownLoad.25701;;
A0041615.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041616.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041617.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041618.dll;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Trojan.Juan.60;;
A0041619.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041620.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041621.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041622.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041623.dll;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Trojan.Virtumod.854;;
A0041624.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041625.dll;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Probably Trojan.Packed.375;;
A0041626.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041627.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041628.dll;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Probably Trojan.Packed.375;;
A0041629.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041630.exe;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Win32.Gael.3666;;
A0041731.dll;C:\System Volume Information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP312;Trojan.Juan.60;;
fyvrkexb.dll;C:\WINDOWS\system32;Probably Trojan.Packed.375;;
rsqaoldj.dll;C:\WINDOWS\system32;Trojan.Virtumod.854;;
xgocppyo.dll;C:\WINDOWS\system32;Probably Trojan.Packed.375;;

 

Computer 3

Download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
C:\WINDOWS\tasks\yfrhjugv.job
C:\WINDOWS\SYSTEM32\TJXIOQ.DLL 
C:\WINDOWS\system32\hufabaro.dll
C:\WINDOWS\system32\opnmLBQH
C:\WINDOWS\system32\symant.dll
C:\Config.Msi
C:\WINDOWS\system32\rsqaoldj.dll
C:\WINDOWS\system32\pafigewi.exe
C:\WINDOWS\system32\xgocppyo.dll
C:\WINDOWS\system32\fyvrkexb.dll
C:\WINDOWS\system32\a38c05a8-.txt
C:\WINDOWS\system32\HQBLmnpo.ini2
C:\WINDOWS\system32\HQBLmnpo.ini
C:\WINDOWS\system32\prunnet.exe
Folder::
C:\Program Files\Mjcore
C:\WINDOWS\VGlnZXJEaXN0cmljdDM
C:\WINDOWS\system32\ki3
C:\WINDOWS\system32\in
C:\WINDOWS\system32\C
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
 "AppInit_DLLS "=" "
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d40a8112-ac8f-11dc-a685-806d6172696f}]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log here.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

 

I accidentally ran ComboFix before dragging and dropping the CFScript.txt file. This is the report that came from it.

ComboFix 08-12-21.04 - Tigerdistrict3 2008-12-22 23:38:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1918.1241 [GMT -6:00]
Running from: c:\documents and settings\Tigerdistrict3\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\LocalService\Application Data\NetMon
c:\documents and settings\LocalService\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService\Application Data\NetMon\log.txt
c:\program files\Mjcore
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\temp\tn3
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\bb1.dat
c:\windows\system32\C
c:\windows\system32\cookie1.dat
c:\windows\system32\cs.dat
c:\windows\system32\fyvrkexb.dll
c:\windows\system32\HQBLmnpo.ini
c:\windows\system32\HQBLmnpo.ini2
c:\windows\system32\IN
c:\windows\system32\ki3
c:\windows\system32\prunnet.exe
c:\windows\system32\ps1.dat
c:\windows\system32\rc.dat
c:\windows\system32\rsqaoldj.dll
c:\windows\system32\xgocppyo.dll
c:\windows\Tasks\yfrhjugv.job

----- BITS: Possible infected sites -----

hxxp://childhe.com
Infected copy of c:\windows\system32\spoolsv.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{EF3E3770-DEBF-4738-9B04-5A708A1D6E4A}\RP306\A0038843.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-23 to 2008-12-23 )))))))))))))))))))))))))))))))
.

2008-12-22 20:18 . 2008-12-22 20:18 <DIR> d-------- c:\documents and settings\Tigerdistrict3\DoctorWeb
2008-12-22 19:48 . 2008-12-22 19:48 <DIR> d-------- C:\rsit
2008-12-22 19:48 . 2008-12-22 19:48 <DIR> d-------- c:\program files\trend micro
2008-12-22 15:37 . 2008-12-22 15:37 46,592 --a------ c:\windows\system32\symant.dll
2008-12-22 15:37 . 2008-12-22 15:37 1 --a------ c:\windows\system32\za.dat
2008-12-16 16:31 . 2008-12-16 16:31 <DIR> d-------- c:\program files\iTunes
2008-12-16 16:31 . 2008-12-16 16:31 <DIR> d-------- c:\program files\iPod
2008-12-16 16:31 . 2008-12-16 16:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-16 15:10 . 2008-12-16 15:10 <DIR> d-------- c:\program files\WinZip Self-Extractor
2008-12-16 15:10 . 2008-12-16 15:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZipSE
2008-12-16 13:01 . 2008-12-16 13:17 <DIR> d-------- c:\program files\Webtools
2008-12-16 13:01 . 2008-12-16 13:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-16 13:00 . 2008-12-16 13:30 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-16 13:00 . 2008-12-16 13:00 <DIR> d-------- c:\documents and settings\Tigerdistrict3\Application Data\SUPERAntiSpyware.com
2008-12-16 12:57 . 2008-12-16 12:57 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-16 03:40 . 2008-12-16 03:40 2,713 ---hs---- c:\windows\system32\pafigewi.exe
2008-12-15 18:00 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-12-15 17:59 . 2008-12-15 17:59 <DIR> d-------- c:\program files\Panda Security
2008-12-15 17:58 . 2008-12-15 17:58 234 --a------ c:\documents and settings\Administrator\dl.exe
2008-12-15 17:25 . 2008-12-15 17:58 <DIR> d-------- c:\documents and settings\Administrator
2008-12-15 17:21 . 2008-12-15 17:21 <DIR> d-------- c:\program files\ESET
2008-12-15 17:21 . 2008-12-15 17:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-12-15 17:21 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg
2008-12-15 09:42 . 2008-12-16 11:39 234 --a------ c:\documents and settings\Tigerdistrict3\dl.exe
2008-12-12 14:21 . 2008-12-12 14:21 <DIR> d-------- c:\temp\REX81
2008-12-12 09:57 . 2008-12-12 09:56 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-12-12 09:55 . 2008-12-12 16:59 <DIR> d-------- c:\documents and settings\Tigerdistrict3\.housecall6.6
2008-12-12 09:54 . 2008-12-12 09:54 <DIR> d-------- c:\windows\Sun
2008-12-12 09:53 . 2008-12-12 09:53 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-12 09:53 . 2008-12-12 09:53 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-12 09:52 . 2008-12-12 09:52 <DIR> d-------- c:\program files\Java
2008-12-10 11:35 . 2008-12-10 11:35 <DIR> d-------- c:\program files\ClamWin
2008-12-10 11:35 . 2008-12-10 11:36 <DIR> d-------- c:\documents and settings\Tigerdistrict3\Application Data\.clamwin
2008-12-10 11:35 . 2008-12-10 11:35 <DIR> d-------- c:\documents and settings\All Users\.clamwin
2008-12-10 10:34 . 2008-12-16 13:17 <DIR> d--hs---- c:\windows\VGlnZXJEaXN0cmljdDM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 16:09 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-16 18:52 283,648 ----a-w c:\windows\winhlp32.exe
2008-12-16 18:52 25,600 ----a-w c:\windows\twunk_32.exe
2008-12-16 18:52 15,360 ----a-w c:\windows\TASKMAN.EXE
2008-12-16 18:43 86,016 ----a-w c:\windows\SOUNDMAN.EXE
2008-12-16 18:38 9,716,736 ----a-w c:\windows\RTLCPL.EXE
2008-12-16 18:38 69,120 ----a-w c:\windows\NOTEPAD.EXE
2008-12-16 18:38 16,857,088 ----a-w c:\windows\RTHDCPL.EXE
2008-12-16 18:38 146,432 ----a-w c:\windows\regedit.exe
2008-12-16 18:38 1,826,816 ----a-w c:\windows\SkyTel.exe
2008-12-16 18:38 1,191,936 ----a-w c:\windows\RtlUpd.exe
2008-12-16 18:37 306,688 ----a-w c:\windows\IsUninst.exe
2008-12-16 18:37 2,166,784 ----a-w c:\windows\MicCal.exe
2008-12-16 18:35 315,392 ----a-w c:\windows\HideWin.exe
2008-12-16 18:35 10,752 ----a-w c:\windows\hh.exe
2008-12-16 18:34 2,810,880 ----a-w c:\windows\ALCWZRD.EXE
2008-12-16 18:22 --------- d-----w c:\program files\WinSCP
2008-12-16 18:21 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-16 18:21 --------- d-----w c:\program files\SystemRequirementsLab
2008-12-16 18:21 --------- d-----w c:\program files\Safari
2008-12-16 18:20 --------- d-----w c:\program files\QuickTime
2008-12-16 18:19 --------- d-----w c:\program files\MiniRingtone
2008-12-16 18:13 --------- d-----w c:\program files\Free PDF to Word Doc Converter
2008-12-16 18:11 --------- d-----w c:\program files\Bonjour
2008-12-15 23:21 69,632 ----a-w c:\windows\ALCMTR.EXE
2008-10-27 18:25 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-27 18:25 --------- d-----w c:\program files\Macromedia
2008-10-27 18:25 --------- d-----w c:\program files\Common Files\Macromedia
2008-10-27 18:22 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

------- Sigcheck -------

2008-12-16 12:28 2056832 5b797c5886f48052dde03f64e75db57d c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2008-12-16 12:30 2059392 380fe122fcc67a9267b1907d5e37e8ec c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2008-12-16 12:32 2062976 424f5fc62babaed3d31fb092bf3f7b70 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
2008-12-16 12:32 2066048 a342760981da0cdda16a7e0ee03da9a1 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
2008-12-16 12:32 2066048 3bba442c7c119c46de872588424138c3 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
2008-12-16 12:32 2015232 0cfdbb53381e4b5a448c3e1325d85391 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
2008-12-16 12:33 2015232 19c057e30a8e97ab9b2910b404e4a2b7 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
2008-12-16 12:34 2015744 e5df359a53cdb413e85dabbb824b751c c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
2008-12-16 12:35 2057728 9c1e4e1677ea176ad658a253d2825de2 c:\windows\Driver Cache\i386\ntkrnlpa.exe
2008-12-16 12:41 2065792 b92fc7b561ac49c615d5326434a38906 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
2008-12-16 12:50 2015744 80e62f8bfaf10bb2339a4fa607181291 c:\windows\system32\ntkrnlpa.exe
2008-12-16 12:46 2057728 9c1e4e1677ea176ad658a253d2825de2 c:\windows\system32\dllcache\ntkrnlpa.exe

2008-12-16 12:39 15360 dc518243eaa8e11df93787d3de51ef43 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
2008-12-16 12:44 15360 2cb1074f1669edc027431fe93cfeed11 c:\windows\system32\ctfmon.exe
2008-12-16 12:44 15360 2cb1074f1669edc027431fe93cfeed11 c:\windows\system32\dllcache\ctfmon.exe

2008-12-16 12:43 111104 fc402a483f8989da1079acb251701f19 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wuauclt.exe
2008-12-16 12:52 44032 0292ee448a4a0320e7b2fd10f55e2ebc c:\windows\system32\wuauclt.exe
2008-12-16 12:48 44032 0292ee448a4a0320e7b2fd10f55e2ebc c:\windows\system32\dllcache\wuauclt.exe

2008-12-16 12:43 26112 f4d702df576bd1d5fa72a136aea55834 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
2008-12-15 17:21 24576 803a55be9692f0baae0f92861a3cb992 c:\windows\system32\userinit.exe
2008-12-16 12:48 24576 46285550f7effb78c2e7679e5b0c7670 c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-12-16 15360]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-16 1809648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-12-16 24064]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-12-15 34304]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-12-15 413696]
"ClamWin "= "c:\program files\ClamWin\bin\ClamTray.exe" [2008-12-16 86016]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 131072]
"egui "= "c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"nwiz "= "nwiz.exe" [2008-12-15 c:\windows\system32\nwiz.exe]
"RTHDCPL "= "RTHDCPL.EXE" [2008-12-16 c:\windows\RTHDCPL.EXE]

c:\documents and settings\Tigerdistrict3\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 91648]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-09-26 368640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2007-12-17 1114112]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]
UPS WorldShip Messaging Utility.lnk - c:\ups\WSTD\WSTDMessaging.exe [2007-12-13 65536]
UPS WorldShip PLD Reminder Utility.lnk - c:\ups\WSTD\wstdPldReminder.exe [2007-12-12 31744]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-16 13:30 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=,c:\windows\system32\hufabaro.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify "=dword:00000001
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\UPS\\WSTD\\MSSQL$UPSWSDBSERVER\\Binn\\sqlservr.exe "=
"c:\\WINDOWS\\system32\\spoolsv.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\WinSCP\\WinSCP.exe "=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1434:UDP "= 1434:UDP:UDP 1434

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-15 28544]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-05-28 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-05-28 55024]
R2 ekrn;Eset Service; "c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-12-21 468224]
R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER []
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]
S1 dxgthkk;dxgthkk;c:\windows\system32\drivers\dxgthkk.sys []
S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\CDStart.Exe
\Shell\Install\Command - D:\Stub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d40a8112-ac8f-11dc-a685-806d6172696f}]
\Shell\AutoRun\command - I:\autorun.exe index.html
.
Contents of the 'Scheduled Tasks' folder

2008-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-12-15 17:21]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{08702F90-279C-466E-B043-A4B185C4903F} - (no file)
WebBrowser-{744C6C84-064B-4CFF-AAAB-AAD4BA3E9302} - (no file)
HKLM-Run-NA1Messenger - c:\ups\WSTD\UPSNA1Msgr.exe


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {96BC7991-4CCF-45F0-A081-F882F6B55DD4} = 205.152.132.23
FF - ProfilePath - c:\documents and settings\Tigerdistrict3\Application Data\Mozilla\Firefox\Profiles\pj0whox7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 23:40:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-22 23:42:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-23 05:42:33

Pre-Run: 31,943,692,288 bytes free
Post-Run: 32,408,727,552 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

257 --- E O F --- 2008-11-12 23:04:01

 

Once I went back and did as you asked me to do with the .txt file, this is the report that came with it:

ComboFix 08-12-21.04 - Tigerdistrict3 2008-12-22 23:43:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1918.1473 [GMT -6:00]
Running from: c:\documents and settings\Tigerdistrict3\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tigerdistrict3\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Config.Msi
c:\windows\system32\a38c05a8-.txt
c:\windows\system32\fyvrkexb.dll
c:\windows\system32\HQBLmnpo.ini
c:\windows\system32\HQBLmnpo.ini2
c:\windows\system32\hufabaro.dll
c:\windows\system32\opnmLBQH
c:\windows\system32\pafigewi.exe
c:\windows\system32\prunnet.exe
c:\windows\system32\rsqaoldj.dll
c:\windows\system32\symant.dll
c:\windows\SYSTEM32\TJXIOQ.DLL
c:\windows\system32\xgocppyo.dll
c:\windows\tasks\yfrhjugv.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\a38c05a8-.txt
c:\windows\system32\pafigewi.exe
c:\windows\system32\symant.dll
c:\windows\VGlnZXJEaXN0cmljdDM

.
((((((((((((((((((((((((( Files Created from 2008-11-23 to 2008-12-23 )))))))))))))))))))))))))))))))
.

2008-12-22 23:42 . 2008-12-22 23:42 <DIR> d-------- c:\windows\LastGood
2008-12-22 20:18 . 2008-12-22 20:18 <DIR> d-------- c:\documents and settings\Tigerdistrict3\DoctorWeb
2008-12-22 19:48 . 2008-12-22 19:48 <DIR> d-------- C:\rsit
2008-12-22 19:48 . 2008-12-22 19:48 <DIR> d-------- c:\program files\trend micro
2008-12-22 15:37 . 2008-12-22 15:37 1 --a------ c:\windows\system32\za.dat
2008-12-16 16:31 . 2008-12-16 16:31 <DIR> d-------- c:\program files\iTunes
2008-12-16 16:31 . 2008-12-16 16:31 <DIR> d-------- c:\program files\iPod
2008-12-16 16:31 . 2008-12-16 16:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-16 15:10 . 2008-12-16 15:10 <DIR> d-------- c:\program files\WinZip Self-Extractor
2008-12-16 15:10 . 2008-12-16 15:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZipSE
2008-12-16 13:01 . 2008-12-16 13:17 <DIR> d-------- c:\program files\Webtools
2008-12-16 13:01 . 2008-12-16 13:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-16 13:00 . 2008-12-16 13:30 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-16 13:00 . 2008-12-16 13:00 <DIR> d-------- c:\documents and settings\Tigerdistrict3\Application Data\SUPERAntiSpyware.com
2008-12-16 12:57 . 2008-12-16 12:57 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-15 18:00 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-12-15 17:59 . 2008-12-15 17:59 <DIR> d-------- c:\program files\Panda Security
2008-12-15 17:58 . 2008-12-15 17:58 234 --a------ c:\documents and settings\Administrator\dl.exe
2008-12-15 17:25 . 2008-12-15 17:58 <DIR> d-------- c:\documents and settings\Administrator
2008-12-15 17:21 . 2008-12-15 17:21 <DIR> d-------- c:\program files\ESET
2008-12-15 17:21 . 2008-12-15 17:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-12-15 17:21 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg
2008-12-15 09:42 . 2008-12-16 11:39 234 --a------ c:\documents and settings\Tigerdistrict3\dl.exe
2008-12-12 14:21 . 2008-12-12 14:21 <DIR> d-------- c:\temp\REX81
2008-12-12 09:57 . 2008-12-12 09:56 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-12-12 09:55 . 2008-12-12 16:59 <DIR> d-------- c:\documents and settings\Tigerdistrict3\.housecall6.6
2008-12-12 09:54 . 2008-12-12 09:54 <DIR> d-------- c:\windows\Sun
2008-12-12 09:53 . 2008-12-12 09:53 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-12 09:53 . 2008-12-12 09:53 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-12 09:52 . 2008-12-12 09:52 <DIR> d-------- c:\program files\Java
2008-12-10 11:35 . 2008-12-10 11:35 <DIR> d-------- c:\program files\ClamWin
2008-12-10 11:35 . 2008-12-10 11:36 <DIR> d-------- c:\documents and settings\Tigerdistrict3\Application Data\.clamwin
2008-12-10 11:35 . 2008-12-10 11:35 <DIR> d-------- c:\documents and settings\All Users\.clamwin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-23 05:39 57,856 ----a-w c:\windows\system32\spoolsv.exe
2008-12-22 16:09 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-16 18:51 98,304 ----a-w c:\windows\system32\verifier.exe
2008-12-16 18:50 95,744 ----a-w c:\windows\system32\scardsvr.exe
2008-12-16 18:49 9,728 ----a-w c:\windows\system32\label.exe
2008-12-16 18:48 83,456 ----a-w c:\windows\system32\dpvsetup.exe
2008-12-16 18:48 81,920 ----a-w c:\windows\system32\dns-sd.exe
2008-12-16 18:48 58,368 ----a-w c:\windows\system32\driverquery.exe
2008-12-16 18:48 4,608 ----a-w c:\windows\system32\dllhst3g.exe
2008-12-16 18:48 30,208 ----a-w c:\windows\system32\dplaysvr.exe
2008-12-16 18:48 224,768 ----a-w c:\windows\system32\dmadmin.exe
2008-12-16 18:48 18,432 ----a-w c:\windows\system32\dpnsvr.exe
2008-12-16 18:48 15,872 ----a-w c:\windows\system32\dmremote.exe
2008-12-16 18:48 10,752 ----a-w c:\windows\system32\doskey.exe
2008-12-16 18:43 98,304 ----a-w c:\windows\system32\ahui.exe
2008-12-16 18:38 99,840 ----a-w c:\windows\pchealth\helpctr\binaries\HelpHost.exe
2008-12-16 18:38 9,716,736 ----a-w c:\windows\RTLCPL.EXE
2008-12-16 18:38 768,512 ----a-w c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
2008-12-16 18:38 743,936 ----a-w c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2008-12-16 18:38 69,120 ----a-w c:\windows\NOTEPAD.EXE
2008-12-16 18:38 35,328 ----a-w c:\windows\pchealth\helpctr\binaries\notiflag.exe
2008-12-16 18:38 18,944 ----a-w c:\windows\pchealth\helpctr\binaries\HscUpd.exe
2008-12-16 18:38 16,857,088 ----a-w c:\windows\RTHDCPL.EXE
2008-12-16 18:38 158,208 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
2008-12-16 18:38 150,528 ----a-w c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
2008-12-16 18:38 146,432 ----a-w c:\windows\regedit.exe
2008-12-16 18:38 1,826,816 ----a-w c:\windows\SkyTel.exe
2008-12-16 18:38 1,191,936 ----a-w c:\windows\RtlUpd.exe
2008-12-16 18:37 306,688 ----a-w c:\windows\IsUninst.exe
2008-12-16 18:37 2,166,784 ----a-w c:\windows\MicCal.exe
2008-12-16 18:35 376,832 ----a-w c:\windows\Help\Tours\mmTour\tour.exe
2008-12-16 18:35 315,392 ----a-w c:\windows\HideWin.exe
2008-12-16 18:35 10,752 ----a-w c:\windows\hh.exe
2008-12-16 18:34 2,810,880 ----a-w c:\windows\ALCWZRD.EXE
2008-12-16 18:22 --------- d-----w c:\program files\WinSCP
2008-12-16 18:21 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-16 18:21 --------- d-----w c:\program files\SystemRequirementsLab
2008-12-16 18:21 --------- d-----w c:\program files\Safari
2008-12-16 18:20 --------- d-----w c:\program files\QuickTime
2008-12-16 18:19 --------- d-----w c:\program files\MiniRingtone
2008-12-16 18:13 --------- d-----w c:\program files\Free PDF to Word Doc Converter
2008-12-16 18:11 --------- d-----w c:\program files\Bonjour
2008-12-15 23:21 69,632 ----a-w c:\windows\ALCMTR.EXE
2008-12-15 23:21 514,560 ----a-w c:\windows\system32\logonui.exe
2008-12-15 23:21 28,672 ----a-w c:\windows\system32\verclsid.exe
2008-12-15 23:21 24,576 ----a-w c:\windows\system32\userinit.exe
2008-12-15 23:21 13,824 ----a-w c:\windows\system32\wscntfy.exe
2008-12-15 23:21 1,626,112 ----a-w c:\windows\system32\nwiz.exe
2008-10-27 18:25 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-27 18:25 --------- d-----w c:\program files\Macromedia
2008-10-27 18:25 --------- d-----w c:\program files\Common Files\Macromedia
2008-10-27 18:22 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
.

------- Sigcheck -------

2008-12-16 12:28 2056832 5b797c5886f48052dde03f64e75db57d c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2008-12-16 12:30 2059392 380fe122fcc67a9267b1907d5e37e8ec c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2008-12-16 12:32 2062976 424f5fc62babaed3d31fb092bf3f7b70 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
2008-12-16 12:32 2066048 a342760981da0cdda16a7e0ee03da9a1 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
2008-12-16 12:32 2066048 3bba442c7c119c46de872588424138c3 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
2008-12-16 12:32 2015232 0cfdbb53381e4b5a448c3e1325d85391 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
2008-12-16 12:33 2015232 19c057e30a8e97ab9b2910b404e4a2b7 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
2008-12-16 12:34 2015744 e5df359a53cdb413e85dabbb824b751c c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
2008-12-16 12:35 2057728 9c1e4e1677ea176ad658a253d2825de2 c:\windows\Driver Cache\i386\ntkrnlpa.exe
2008-12-16 12:41 2065792 b92fc7b561ac49c615d5326434a38906 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
2008-12-16 12:50 2015744 80e62f8bfaf10bb2339a4fa607181291 c:\windows\system32\ntkrnlpa.exe
2008-12-16 12:46 2057728 9c1e4e1677ea176ad658a253d2825de2 c:\windows\system32\dllcache\ntkrnlpa.exe

2008-12-16 12:39 15360 dc518243eaa8e11df93787d3de51ef43 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
2008-12-16 12:44 15360 2cb1074f1669edc027431fe93cfeed11 c:\windows\system32\ctfmon.exe
2008-12-16 12:44 15360 2cb1074f1669edc027431fe93cfeed11 c:\windows\system32\dllcache\ctfmon.exe

2008-12-16 12:43 111104 fc402a483f8989da1079acb251701f19 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wuauclt.exe
2008-12-16 12:52 44032 0292ee448a4a0320e7b2fd10f55e2ebc c:\windows\system32\wuauclt.exe
2008-12-16 12:48 44032 0292ee448a4a0320e7b2fd10f55e2ebc c:\windows\system32\dllcache\wuauclt.exe

2008-12-16 12:43 26112 f4d702df576bd1d5fa72a136aea55834 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
2008-12-15 17:21 24576 803a55be9692f0baae0f92861a3cb992 c:\windows\system32\userinit.exe
2008-12-16 12:48 24576 46285550f7effb78c2e7679e5b0c7670 c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((( snapshot@2008-12-22_23.42.17.10 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-12-16 15360]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-16 1809648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-12-16 24064]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-12-15 34304]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-12-15 413696]
"ClamWin "= "c:\program files\ClamWin\bin\ClamTray.exe" [2008-12-16 86016]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 131072]
"egui "= "c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"nwiz "= "nwiz.exe" [2008-12-15 c:\windows\system32\nwiz.exe]
"RTHDCPL "= "RTHDCPL.EXE" [2008-12-16 c:\windows\RTHDCPL.EXE]

c:\documents and settings\Tigerdistrict3\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 91648]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-09-26 368640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2007-12-17 1114112]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]
UPS WorldShip Messaging Utility.lnk - c:\ups\WSTD\WSTDMessaging.exe [2007-12-13 65536]
UPS WorldShip PLD Reminder Utility.lnk - c:\ups\WSTD\wstdPldReminder.exe [2007-12-12 31744]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-16 13:30 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify "=dword:00000001
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\UPS\\WSTD\\MSSQL$UPSWSDBSERVER\\Binn\\sqlservr.exe "=
"c:\\WINDOWS\\system32\\spoolsv.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\WinSCP\\WinSCP.exe "=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1434:UDP "= 1434:UDP:UDP 1434

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-15 28544]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-05-28 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-05-28 55024]
R2 ekrn;Eset Service; "c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-12-21 468224]
R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER []
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]
S1 dxgthkk;dxgthkk;c:\windows\system32\drivers\dxgthkk.sys []
S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER []
.
Contents of the 'Scheduled Tasks' folder

2008-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-12-15 17:21]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {96BC7991-4CCF-45F0-A081-F882F6B55DD4} = 205.152.132.23
FF - ProfilePath - c:\documents and settings\Tigerdistrict3\Application Data\Mozilla\Firefox\Profiles\pj0whox7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 23:44:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2008-12-22 23:45:04
ComboFix-quarantined-files.txt 2008-12-23 05:45:02
ComboFix2.txt 2008-12-23 05:42:36

Pre-Run: 32,394,297,344 bytes free
Post-Run: 32,383,647,744 bytes free

249 --- E O F --- 2008-11-12 23:04:01

 

Computer 3

First, navigate to c:\windows\system32 and rename both of the following files, adding .old to each

ntkrnlpa.exe
userinit.exe

so that they are now named ntkrnlpa.exe.old and userinit.exe.old
Hit the F5 key to refresh.
Verify that both files have been replaced with fresh copies of ntkrnlpa.exe and userinit.exe
If successful, reboot. If not, remove the .old extensions and let me know. Either way, complete the following.


Once again, please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

http://www.windowsbbs.com/malware-virus-removal/79729-active-win32-tenga-gen-virus-took-over.html#post433829
Collect::[22]
c:\documents and settings\Administrator\dl.exe
c:\documents and settings\Tigerdistrict3\dl.exe
c:\windows\system32\za.dat
Folder::
c:\temp\REX81

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log here.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Please note that I have instructed CFScript to collect some files. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send. This will assist the author in adding the files for removal in future updates. Thanks!

 

Computer 2 seems to be a lot less worse than the others. Here's the report from DrWeb

vncviewer.exe;C:\Program Files\RealVNC\VNC4;Program.RemoteAdmin.51;;
sprtctlln.dll;C:\WINDOWS\Downloaded Program Files;Probably DLOADER.Trojan;;

 

If you're using RoadRunner for ISP, that sprtctlln.dll file is of no consequence. You can always delete it regardless. It was likely installed with or as an ActiveX control and will be re-installed as needed/allowed.

 

I'm not using Roadrunner...

I renamed those files and hit refresh, but then it asked me to put in my Windows Service Pack 2 CD. I don't have that, and the files weren't replaced with fresh copies.

I ran the combofix and here's the report:

ComboFix 08-12-21.04 - Tigerdistrict3 2008-12-23 0:29:47.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1918.1454 [GMT -6:00]
Running from: c:\documents and settings\Tigerdistrict3\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tigerdistrict3\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\dl.exe
c:\documents and settings\Tigerdistrict3\dl.exe
c:\temp\REX81
c:\temp\REX81\BDF.log
c:\windows\system32\za.dat

.
((((((((((((((((((((((((( Files Created from 2008-11-23 to 2008-12-23 )))))))))))))))))))))))))))))))
.

2008-12-22 23:42 . 2008-12-22 23:42 <DIR> d-------- c:\windows\LastGood
2008-12-22 20:18 . 2008-12-22 20:18 <DIR> d-------- c:\documents and settings\Tigerdistrict3\DoctorWeb
2008-12-22 19:48 . 2008-12-22 19:48 <DIR> d-------- C:\rsit
2008-12-22 19:48 . 2008-12-22 19:48 <DIR> d-------- c:\program files\trend micro
2008-12-16 16:31 . 2008-12-16 16:31 <DIR> d-------- c:\program files\iTunes
2008-12-16 16:31 . 2008-12-16 16:31 <DIR> d-------- c:\program files\iPod
2008-12-16 16:31 . 2008-12-16 16:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-16 15:10 . 2008-12-16 15:10 <DIR> d-------- c:\program files\WinZip Self-Extractor
2008-12-16 15:10 . 2008-12-16 15:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZipSE
2008-12-16 13:01 . 2008-12-16 13:17 <DIR> d-------- c:\program files\Webtools
2008-12-16 13:01 . 2008-12-16 13:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-16 13:00 . 2008-12-16 13:30 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-16 13:00 . 2008-12-16 13:00 <DIR> d-------- c:\documents and settings\Tigerdistrict3\Application Data\SUPERAntiSpyware.com
2008-12-16 12:57 . 2008-12-16 12:57 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-15 18:00 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-12-15 17:59 . 2008-12-15 17:59 <DIR> d-------- c:\program files\Panda Security
2008-12-15 17:25 . 2008-12-23 00:29 <DIR> d-------- c:\documents and settings\Administrator
2008-12-15 17:21 . 2008-12-15 17:21 <DIR> d-------- c:\program files\ESET
2008-12-15 17:21 . 2008-12-15 17:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-12-15 17:21 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg
2008-12-12 09:57 . 2008-12-12 09:56 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-12-12 09:55 . 2008-12-12 16:59 <DIR> d-------- c:\documents and settings\Tigerdistrict3\.housecall6.6
2008-12-12 09:54 . 2008-12-12 09:54 <DIR> d-------- c:\windows\Sun
2008-12-12 09:53 . 2008-12-12 09:53 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-12 09:53 . 2008-12-12 09:53 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-12 09:52 . 2008-12-12 09:52 <DIR> d-------- c:\program files\Java
2008-12-10 11:35 . 2008-12-10 11:35 <DIR> d-------- c:\program files\ClamWin
2008-12-10 11:35 . 2008-12-10 11:36 <DIR> d-------- c:\documents and settings\Tigerdistrict3\Application Data\.clamwin
2008-12-10 11:35 . 2008-12-10 11:35 <DIR> d-------- c:\documents and settings\All Users\.clamwin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-23 05:39 57,856 ----a-w c:\windows\system32\spoolsv.exe
2008-12-22 16:09 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-16 18:51 98,304 ----a-w c:\windows\system32\verifier.exe
2008-12-16 18:50 95,744 ----a-w c:\windows\system32\scardsvr.exe
2008-12-16 18:49 9,728 ----a-w c:\windows\system32\label.exe
2008-12-16 18:48 83,456 ----a-w c:\windows\system32\dpvsetup.exe
2008-12-16 18:48 81,920 ----a-w c:\windows\system32\dns-sd.exe
2008-12-16 18:48 58,368 ----a-w c:\windows\system32\driverquery.exe
2008-12-16 18:48 4,608 ----a-w c:\windows\system32\dllhst3g.exe
2008-12-16 18:48 30,208 ----a-w c:\windows\system32\dplaysvr.exe
2008-12-16 18:48 224,768 ----a-w c:\windows\system32\dmadmin.exe
2008-12-16 18:48 18,432 ----a-w c:\windows\system32\dpnsvr.exe
2008-12-16 18:48 15,872 ----a-w c:\windows\system32\dmremote.exe
2008-12-16 18:48 10,752 ----a-w c:\windows\system32\doskey.exe
2008-12-16 18:43 98,304 ----a-w c:\windows\system32\ahui.exe
2008-12-16 18:38 99,840 ----a-w c:\windows\pchealth\helpctr\binaries\HelpHost.exe
2008-12-16 18:38 9,716,736 ----a-w c:\windows\RTLCPL.EXE
2008-12-16 18:38 768,512 ----a-w c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
2008-12-16 18:38 743,936 ----a-w c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2008-12-16 18:38 69,120 ----a-w c:\windows\NOTEPAD.EXE
2008-12-16 18:38 35,328 ----a-w c:\windows\pchealth\helpctr\binaries\notiflag.exe
2008-12-16 18:38 18,944 ----a-w c:\windows\pchealth\helpctr\binaries\HscUpd.exe
2008-12-16 18:38 16,857,088 ----a-w c:\windows\RTHDCPL.EXE
2008-12-16 18:38 158,208 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
2008-12-16 18:38 150,528 ----a-w c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
2008-12-16 18:38 146,432 ----a-w c:\windows\regedit.exe
2008-12-16 18:38 1,826,816 ----a-w c:\windows\SkyTel.exe
2008-12-16 18:38 1,191,936 ----a-w c:\windows\RtlUpd.exe
2008-12-16 18:37 306,688 ----a-w c:\windows\IsUninst.exe
2008-12-16 18:37 2,166,784 ----a-w c:\windows\MicCal.exe
2008-12-16 18:35 376,832 ----a-w c:\windows\Help\Tours\mmTour\tour.exe
2008-12-16 18:35 315,392 ----a-w c:\windows\HideWin.exe
2008-12-16 18:35 10,752 ----a-w c:\windows\hh.exe
2008-12-16 18:34 2,810,880 ----a-w c:\windows\ALCWZRD.EXE
2008-12-16 18:22 --------- d-----w c:\program files\WinSCP
2008-12-16 18:21 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-16 18:21 --------- d-----w c:\program files\SystemRequirementsLab
2008-12-16 18:21 --------- d-----w c:\program files\Safari
2008-12-16 18:20 --------- d-----w c:\program files\QuickTime
2008-12-16 18:19 --------- d-----w c:\program files\MiniRingtone
2008-12-16 18:13 --------- d-----w c:\program files\Free PDF to Word Doc Converter
2008-12-16 18:11 --------- d-----w c:\program files\Bonjour
2008-12-15 23:21 69,632 ----a-w c:\windows\ALCMTR.EXE
2008-12-15 23:21 514,560 ----a-w c:\windows\system32\logonui.exe
2008-12-15 23:21 28,672 ----a-w c:\windows\system32\verclsid.exe
2008-12-15 23:21 24,576 ----a-w c:\windows\system32\userinit.exe.old.exe
2008-12-15 23:21 13,824 ----a-w c:\windows\system32\wscntfy.exe
2008-12-15 23:21 1,626,112 ----a-w c:\windows\system32\nwiz.exe
2008-10-27 18:25 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-27 18:25 --------- d-----w c:\program files\Macromedia
2008-10-27 18:25 --------- d-----w c:\program files\Common Files\Macromedia
2008-10-27 18:22 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
.

------- Sigcheck -------

2008-12-16 12:39 15360 dc518243eaa8e11df93787d3de51ef43 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
2008-12-16 12:44 15360 2cb1074f1669edc027431fe93cfeed11 c:\windows\system32\ctfmon.exe
2008-12-16 12:44 15360 2cb1074f1669edc027431fe93cfeed11 c:\windows\system32\dllcache\ctfmon.exe

2008-12-16 12:43 111104 fc402a483f8989da1079acb251701f19 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wuauclt.exe
2008-12-16 12:52 44032 0292ee448a4a0320e7b2fd10f55e2ebc c:\windows\system32\wuauclt.exe
2008-12-16 12:48 44032 0292ee448a4a0320e7b2fd10f55e2ebc c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot@2008-12-22_23.42.17.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-16 18:50:12 2,015,744 ----a-w c:\windows\system32\ntkrnlpa.exe.old.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-12-16 15360]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-16 1809648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-12-16 24064]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-12-15 34304]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-12-15 413696]
"ClamWin "= "c:\program files\ClamWin\bin\ClamTray.exe" [2008-12-16 86016]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 131072]
"egui "= "c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"nwiz "= "nwiz.exe" [2008-12-15 c:\windows\system32\nwiz.exe]
"RTHDCPL "= "RTHDCPL.EXE" [2008-12-16 c:\windows\RTHDCPL.EXE]

c:\documents and settings\Tigerdistrict3\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 91648]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-09-26 368640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2007-12-17 1114112]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]
UPS WorldShip Messaging Utility.lnk - c:\ups\WSTD\WSTDMessaging.exe [2007-12-13 65536]
UPS WorldShip PLD Reminder Utility.lnk - c:\ups\WSTD\wstdPldReminder.exe [2007-12-12 31744]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-16 13:30 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify "=dword:00000001
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\UPS\\WSTD\\MSSQL$UPSWSDBSERVER\\Binn\\sqlservr.exe "=
"c:\\WINDOWS\\system32\\spoolsv.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\WinSCP\\WinSCP.exe "=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1434:UDP "= 1434:UDP:UDP 1434

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-15 28544]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-05-28 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-05-28 55024]
R2 ekrn;Eset Service; "c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-12-21 468224]
R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER []
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]
S1 dxgthkk;dxgthkk;c:\windows\system32\drivers\dxgthkk.sys []
S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER []
.
Contents of the 'Scheduled Tasks' folder

2008-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-12-15 17:21]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {96BC7991-4CCF-45F0-A081-F882F6B55DD4} = 205.152.132.23
FF - ProfilePath - c:\documents and settings\Tigerdistrict3\Application Data\Mozilla\Firefox\Profiles\pj0whox7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 00:30:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2008-12-23 0:30:44
ComboFix-quarantined-files.txt 2008-12-23 06:30:40
ComboFix2.txt 2008-12-23 05:45:05
ComboFix3.txt 2008-12-23 05:42:36

Pre-Run: 32,302,153,728 bytes free
Post-Run: 32,289,484,800 bytes free

218 --- E O F --- 2008-11-12 23:04:01


When I run ComboFix now, a warning screen pops up in the beginning saying "Windows cannot find '32788R22FWJFW\nircmd.com'

 

My guess would be that you did not disable Nod32 and it ate the nircmd.com file. Please make sure Nod32 is disabled. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

FCopy::
c:\windows\system32\dllcache\ntkrnlpa.exe | c:\windows\system32\ntkrnlpa.exe
c:\windows\system32\dllcache\userinit.exe | c:\windows\system32\userinit.exe

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

 

I think I've messed something up. I hope it's not too bad.

I turned off Nod32 the first time, but I double-checked it. I made sure it was off, and tried the ComboFix again. It still said it couldn't find it. I had something asking me to reboot earlier and I had kept ignoring, plus I had a windows update, so I decided to restart. When I did that, the computer started acting weird.

The welcome screen would appear with the Windows welcome sound. I clicked on the user icon and it would bring up the desktop background for about one second (with nothing else on the desktop visible), and then all of a sudden it would take me back to the blue welcome screen, and I would hear the Windows log off sound. Every time I clicked on the user icon, it would do the same thing. It was like it was logging and logging off back-to-back. I tried turning off the computer and then turning it back on in safe mode. It still did the same thing.

Please tell me I didn't fry the computer somehow...

 

Please start the computer and when the choice of operating systems displays, press the arrow up button to select the Recovery Console.

Once the RC loads it should ask what operating system to connect to. Select C:\Windows.
If prompted, type the Administrator password. If a password was not created, press Enter.

At the C:\Windows> prompt, type the following commands, hitting Enter after each.

cd system32
ren userinit.exe olduserinit.exe
ren ntkrnlpa.exe oldntkrnlpa.exe
cd dllcache
copy userinit.exe c:\windows\system32
copy ntkrnlpa.exe c:\windows\system32
exit

The computer should start normally upon restart.

 

ren userinit.exe olduserinit.exe
ren ntkrnlpa.exe oldntkrnlpa.exe

These commands did not work. Once I skipped those two steps, it let me continue with booting up. It got caught in this loop, though, of going to Recovery Console or Windows XP Professional. Every time I didn't select anything, it would start itself over and reboot. If I selected Windows XP Professional, it would ask me how to boot (safe mode, safe mode with networking, Start Normally, etc). If I started Normally, it would keep rebooting and starting over. I could only get it to start in Safe Mode. I checked the windows\system32 folder for those files. They had been recreated. I tried to restart and start it back up in Normal mode. That still didn't work. I went back in to safe mode to change the file names of those files to .exe.old again (except this time it was changed to .exe.old2 for both of them). When I restarted it again, it would bring me to the Windows welcome screen and do the simultaneous login/logoff as mentioned in the above post.

I'm doing this all from Safe Mode with Networking now.

 

Here's the newest log file (it doesn't give me an info file now)

Logfile of random's system information tool 1.05 (written by random/random)
Run by Tigerdistrict3 at 2008-12-23 02:21:36
Microsoft Windows XP Professional Service Pack 2
System drive C: has 31 GB (60%) free of 51 GB
Total RAM: 1918 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:21, on 2008-12-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tigerdistrict3\Desktop\RSIT.exe
C:\Program Files\trend micro\Tigerdistrict3.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe
O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1197920083140
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://www.netchexonline.net/ActiveX/activexviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96BC7991-4CCF-45F0-A081-F882F6B55DD4}: NameServer = 205.152.132.23
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe
O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\system32\rsvp.exe
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe

--
End of file - 6648 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-12 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-12 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor "=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-12-16 24064]
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2007-10-04 8491008]
"nwiz "=nwiz.exe /install []
"NvMediaCenter "=C:\WINDOWS\system32\NvMcTray.dll [2007-10-04 81920]
"RTHDCPL "=C:\WINDOWS\RTHDCPL.EXE [2008-12-16 16857088]
"Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-12-15 34304]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2008-12-15 413696]
"ClamWin "=C:\Program Files\ClamWin\bin\ClamTray.exe [2008-12-16 86016]
"SunJavaUpdateSched "=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-16 131072]
"egui "=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2007-12-21 1443072]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-12-16 15360]
"SUPERAntiSpyware "=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-16 1809648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
UPS WorldShip Messaging Utility.lnk - C:\UPS\WSTD\WSTDMessaging.exe
UPS WorldShip PLD Reminder Utility.lnk - C:\UPS\WSTD\wstdPldReminder.exe

C:\Documents and Settings\Tigerdistrict3\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-12-16 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=323
"NoDriveAutoRun "=67108863
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun "=
"NoDriveTypeAutoRun "=
"NoDrives "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE "= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook "
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE "= "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove "
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE "= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote "
"C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe "= "C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe:*:Enabled:UPS WorldShip MSDE "
"C:\WINDOWS\system32\spoolsv.exe "= "C:\WINDOWS\system32\spoolsv.exe:*isabled:Spooler SubSystem App "
"C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\Program Files\WinSCP\WinSCP.exe "= "C:\Program Files\WinSCP\WinSCP.exe:*:Enabled:Windows SFTP, FTP and SCP client "
"C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe "= "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabledreamweaver MX "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

======File associations======

.js - open - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1 "

======List of files/folders created in the last 3 months======

2008-12-23 01:08:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-23 01:08:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-23 01:07:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-23 01:07:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-23 01:04:16 ----D---- C:\ComboFix
2008-12-23 01:04:16 ----A---- C:\WINDOWS\system32\CF12819.exe
2008-12-23 00:41:37 ----A---- C:\WINDOWS\system32\CF8381.exe
2008-12-23 00:34:12 ----SHD---- C:\RECYCLER
2008-12-23 00:34:09 ----A---- C:\WINDOWS\system32\CF6918.exe
2008-12-22 23:38:18 ----A---- C:\Boot.bak
2008-12-22 23:38:15 ----RASHD---- C:\cmdcons
2008-12-22 23:33:32 ----A---- C:\WINDOWS\zip.exe
2008-12-22 23:33:32 ----A---- C:\WINDOWS\VFIND.exe
2008-12-22 23:33:32 ----A---- C:\WINDOWS\SWSC.exe
2008-12-22 23:33:32 ----A---- C:\WINDOWS\SWREG.exe
2008-12-22 23:33:32 ----A---- C:\WINDOWS\sed.exe
2008-12-22 23:33:32 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-22 23:33:32 ----A---- C:\WINDOWS\grep.exe
2008-12-22 23:33:32 ----A---- C:\WINDOWS\fdsv.exe
2008-12-22 23:33:31 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-22 23:33:29 ----D---- C:\WINDOWS\ERDNT
2008-12-22 23:33:29 ----D---- C:\Qoobox
2008-12-22 19:48:30 ----D---- C:\rsit
2008-12-22 19:48:30 ----D---- C:\Program Files\trend micro
2008-12-17 16:50:04 ----A---- C:\WINDOWS\system32\InstallBackup.txt
2008-12-17 16:50:04 ----A---- C:\WINDOWS\system32\Install_10.0.40.txt
2008-12-16 16:31:30 ----D---- C:\Program Files\iPod
2008-12-16 16:31:28 ----D---- C:\Program Files\iTunes
2008-12-16 16:31:28 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-16 15:10:58 ----D---- C:\Documents and Settings\All Users\Application Data\WinZipSE
2008-12-16 15:10:57 ----D---- C:\Program Files\WinZip Self-Extractor
2008-12-16 13:01:18 ----D---- C:\Program Files\Webtools
2008-12-16 13:01:06 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-16 13:00:58 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-16 13:00:56 ----D---- C:\Documents and Settings\Tigerdistrict3\Application Data\SUPERAntiSpyware.com
2008-12-16 12:57:32 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-16 12:56:49 ----SHD---- C:\Config.Msi
2008-12-15 17:59:59 ----D---- C:\Program Files\Panda Security
2008-12-15 17:24:42 ----SHD---- C:\WINDOWS\CSC
2008-12-15 17:24:36 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-15 17:21:04 ----D---- C:\Program Files\ESET
2008-12-15 17:21:04 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2008-12-15 17:18:25 ----D---- C:\Documents and Settings\Tigerdistrict3\Application Data\WinRAR
2008-12-15 17:18:10 ----D---- C:\Program Files\WinRAR
2008-12-12 09:54:40 ----D---- C:\WINDOWS\Sun
2008-12-12 09:53:09 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-12 09:53:09 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-12 09:53:09 ----A---- C:\WINDOWS\system32\java.exe
2008-12-12 09:53:09 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-12 09:52:58 ----D---- C:\Program Files\Java
2008-12-12 09:51:44 ----D---- C:\Documents and Settings\Tigerdistrict3\Application Data\Sun
2008-12-10 11:35:59 ----D---- C:\Documents and Settings\Tigerdistrict3\Application Data\.clamwin
2008-12-10 11:35:53 ----D---- C:\Program Files\ClamWin
2008-11-12 17:03:59 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 17:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-27 12:25:46 ----D---- C:\Program Files\Common Files\Macromedia
2008-10-27 12:25:18 ----D---- C:\Program Files\Macromedia
2008-10-24 15:51:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-20 14:50:29 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-10-20 09:04:42 ----D---- C:\Program Files\Safari
2008-10-16 02:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 02:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 02:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 02:00:23 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 02:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-26 09:48:22 ----D---- C:\Documents and Settings\Tigerdistrict3\Application Data\Sony Corporation
2008-09-26 09:45:30 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-09-26 09:45:30 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-09-26 09:45:30 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-09-26 09:45:30 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-09-26 09:45:30 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-09-26 09:45:26 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-09-26 09:45:26 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-09-26 09:45:26 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-09-26 09:45:25 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-09-26 09:45:25 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-09-26 09:45:25 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-09-26 09:45:25 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-09-26 09:45:25 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-09-26 09:45:25 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-09-26 09:45:23 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-09-26 09:44:37 ----A---- C:\WINDOWS\system32\vxblock.dll
2008-09-26 09:44:37 ----A---- C:\WINDOWS\system32\PxInsI64.exe
2008-09-26 09:44:37 ----A---- C:\WINDOWS\system32\PxInsA64.exe
2008-09-26 09:44:37 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2008-09-26 09:44:37 ----A---- C:\WINDOWS\system32\PxCpyI64.exe
2008-09-26 09:44:37 ----A---- C:\WINDOWS\system32\PxCpyA64.exe
2008-09-26 09:39:47 ----D---- C:\Program Files\Sony
2008-09-24 08:52:44 ----D---- C:\WINDOWS\system32\CatRoot_bak

======List of files/folders modified in the last 3 months======

2008-12-23 02:15:04 ----D---- C:\Program Files\Mozilla Firefox
2008-12-23 02:14:48 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-23 02:09:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-23 02:08:30 ----D---- C:\WINDOWS\Temp
2008-12-23 01:09:33 ----D---- C:\WINDOWS
2008-12-23 01:08:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-23 01:08:07 ----HD---- C:\WINDOWS\inf
2008-12-23 01:08:04 ----D---- C:\WINDOWS\Prefetch
2008-12-23 01:08:03 ----A---- C:\WINDOWS\imsins.BAK
2008-12-23 01:07:47 ----D---- C:\Program Files\Internet Explorer
2008-12-23 01:07:38 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-23 00:40:01 ----D---- C:\Program Files\Mozilla Thunderbird
2008-12-23 00:30:17 ----A---- C:\WINDOWS\system.ini
2008-12-23 00:30:03 ----D---- C:\WINDOWS\system32\drivers
2008-12-23 00:30:03 ----D---- C:\WINDOWS\AppPatch
2008-12-23 00:30:03 ----D---- C:\Program Files\Common Files
2008-12-23 00:29:52 ----D---- C:\temp
2008-12-22 23:39:33 ----D---- C:\WINDOWS\system32\config
2008-12-22 23:39:18 ----A---- C:\WINDOWS\system32\spoolsv.exe
2008-12-22 23:38:53 ----SD---- C:\WINDOWS\Tasks
2008-12-22 23:38:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-22 23:38:41 ----RD---- C:\Program Files
2008-12-22 23:38:18 ----RASH---- C:\boot.ini
2008-12-22 20:13:01 ----D---- C:\WINDOWS\system32
2008-12-16 16:32:01 ----SHD---- C:\WINDOWS\Installer
2008-12-16 12:52:13 ----A---- C:\WINDOWS\winhlp32.exe
2008-12-16 12:52:12 ----A---- C:\WINDOWS\twunk_32.exe
2008-12-16 12:52:11 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-12-16 12:52:08 ----A---- C:\WINDOWS\system32\xcopy.exe
2008-12-16 12:52:07 ----A---- C:\WINDOWS\system32\wupdmgr.exe
2008-12-16 12:52:07 ----A---- C:\WINDOWS\system32\WudfHost.exe
2008-12-16 12:52:06 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-12-16 12:52:05 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-12-16 12:52:05 ----A---- C:\WINDOWS\system32\wscript.exe
2008-12-16 12:52:04 ----A---- C:\WINDOWS\system32\write.exe
2008-12-16 12:52:04 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2008-12-16 12:52:03 ----A---- C:\WINDOWS\system32\wpdshextautoplay.exe
2008-12-16 12:52:02 ----A---- C:\WINDOWS\system32\wpabaln.exe
2008-12-16 12:52:00 ----A---- C:\WINDOWS\system32\WISPTIS.EXE
2008-12-16 12:51:59 ----A---- C:\WINDOWS\system32\winver.exe
2008-12-16 12:51:59 ----A---- C:\WINDOWS\system32\winmsd.exe
2008-12-16 12:51:58 ----A---- C:\WINDOWS\system32\winmine.exe
2008-12-16 12:51:58 ----A---- C:\WINDOWS\system32\winhlp32.exe
2008-12-16 12:51:57 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe
2008-12-16 12:51:57 ----A---- C:\WINDOWS\system32\winchat.exe
2008-12-16 12:51:56 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2008-12-16 12:51:55 ----A---- C:\WINDOWS\system32\WgaTray.exe
2008-12-16 12:51:55 ----A---- C:\WINDOWS\system32\wextract.exe
2008-12-16 12:51:54 ----A---- C:\WINDOWS\system32\wdfmgr.exe
2008-12-16 12:51:53 ----D---- C:\WINDOWS\system32\wbem
2008-12-16 12:51:45 ----A---- C:\WINDOWS\system32\w32tm.exe
2008-12-16 12:51:44 ----A---- C:\WINDOWS\system32\vssvc.exe
2008-12-16 12:51:44 ----A---- C:\WINDOWS\system32\vssadmin.exe
2008-12-16 12:51:43 ----A---- C:\WINDOWS\system32\verifier.exe
2008-12-16 12:51:42 ----A---- C:\WINDOWS\system32\uwdf.exe
2008-12-16 12:51:42 ----A---- C:\WINDOWS\system32\utilman.exe
2008-12-16 12:51:41 ----A---- C:\WINDOWS\system32\usrshuta.exe
2008-12-16 12:51:41 ----A---- C:\WINDOWS\system32\usrprbda.exe
2008-12-16 12:51:40 ----A---- C:\WINDOWS\system32\usrmlnka.exe
2008-12-16 12:51:39 ----D---- C:\WINDOWS\system32\usmt
2008-12-16 12:51:37 ----D---- C:\WINDOWS\system32\URTTemp
2008-12-16 12:51:37 ----A---- C:\WINDOWS\system32\ups.exe
2008-12-16 12:51:36 ----A---- C:\WINDOWS\system32\upnpcont.exe
2008-12-16 12:51:35 ----A---- C:\WINDOWS\system32\unlodctr.exe
2008-12-16 12:51:34 ----A---- C:\WINDOWS\system32\typeperf.exe
2008-12-16 12:51:33 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-12-16 12:51:33 ----A---- C:\WINDOWS\system32\tskill.exe
2008-12-16 12:51:32 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-12-16 12:51:32 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-12-16 12:51:31 ----A---- C:\WINDOWS\system32\tscon.exe
2008-12-16 12:51:30 ----A---- C:\WINDOWS\system32\tracert6.exe
2008-12-16 12:51:30 ----A---- C:\WINDOWS\system32\tracert.exe
2008-12-16 12:51:30 ----A---- C:\WINDOWS\system32\tracerpt.exe
2008-12-16 12:51:29 ----A---- C:\WINDOWS\system32\tourstart.exe
2008-12-16 12:51:29 ----A---- C:\WINDOWS\system32\tlntsvr.exe
2008-12-16 12:51:28 ----A---- C:\WINDOWS\system32\tlntsess.exe
2008-12-16 12:51:28 ----A---- C:\WINDOWS\system32\tlntadmn.exe
2008-12-16 12:51:27 ----A---- C:\WINDOWS\system32\tftp.exe
2008-12-16 12:51:27 ----A---- C:\WINDOWS\system32\telnet.exe
2008-12-16 12:51:26 ----A---- C:\WINDOWS\system32\tcpsvcs.exe
2008-12-16 12:51:26 ----A---- C:\WINDOWS\system32\tcmsetup.exe
2008-12-16 12:51:25 ----A---- C:\WINDOWS\system32\taskmgr.exe
2008-12-16 12:51:25 ----A---- C:\WINDOWS\system32\taskman.exe
2008-12-16 12:51:24 ----A---- C:\WINDOWS\system32\tasklist.exe
2008-12-16 12:51:24 ----A---- C:\WINDOWS\system32\taskkill.exe
2008-12-16 12:51:23 ----A---- C:\WINDOWS\system32\systray.exe
2008-12-16 12:51:23 ----A---- C:\WINDOWS\system32\systeminfo.exe
2008-12-16 12:51:22 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2008-12-16 12:51:21 ----A---- C:\WINDOWS\system32\syskey.exe
2008-12-16 12:51:20 ----A---- C:\WINDOWS\system32\syncapp.exe
2008-12-16 12:51:20 ----A---- C:\WINDOWS\system32\subst.exe
2008-12-16 12:51:19 ----A---- C:\WINDOWS\system32\stimon.exe
2008-12-16 12:51:18 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-16 12:51:18 ----A---- C:\WINDOWS\system32\sprestrt.exe
2008-12-16 12:51:09 ----A---- C:\WINDOWS\system32\spnpinst.exe
2008-12-16 12:51:08 ----A---- C:\WINDOWS\system32\spiisupd.exe
2008-12-16 12:51:08 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-16 12:51:07 ----A---- C:\WINDOWS\system32\sort.exe
2008-12-16 12:51:07 ----A---- C:\WINDOWS\system32\sol.exe
2008-12-16 12:51:06 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-12-16 12:51:06 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-16 12:51:05 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2008-12-16 12:51:05 ----A---- C:\WINDOWS\system32\smbinst.exe
2008-12-16 12:51:04 ----A---- C:\WINDOWS\system32\skeys.exe
2008-12-16 12:51:04 ----A---- C:\WINDOWS\system32\sigverif.exe
2008-12-16 12:51:03 ----A---- C:\WINDOWS\system32\shutdown.exe
2008-12-16 12:51:02 ----A---- C:\WINDOWS\system32\shrpubw.exe
2008-12-16 12:51:02 ----A---- C:\WINDOWS\system32\shmgrate.exe
2008-12-16 12:51:01 ----A---- C:\WINDOWS\system32\shadow.exe
2008-12-16 12:51:00 ----A---- C:\WINDOWS\system32\sfc.exe
2008-12-16 12:51:00 ----A---- C:\WINDOWS\system32\setup.exe
2008-12-16 12:50:59 ----A---- C:\WINDOWS\system32\sethc.exe
2008-12-16 12:50:59 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-16 12:50:58 ----A---- C:\WINDOWS\system32\secedit.exe
2008-12-16 12:50:57 ----A---- C:\WINDOWS\system32\sdbinst.exe
2008-12-16 12:50:57 ----A---- C:\WINDOWS\system32\schtasks.exe
2008-12-16 12:50:56 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-12-16 12:50:56 ----A---- C:\WINDOWS\system32\sc.exe
2008-12-16 12:50:55 ----A---- C:\WINDOWS\system32\savedump.exe
2008-12-16 12:50:55 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-12-16 12:50:54 ----A---- C:\WINDOWS\system32\runonce.exe
2008-12-16 12:50:54 ----A---- C:\WINDOWS\system32\rundll32.exe
2008-12-16 12:50:53 ----A---- C:\WINDOWS\system32\runas.exe
2008-12-16 12:50:53 ----A---- C:\WINDOWS\system32\rtcshare.exe
2008-12-16 12:50:52 ----A---- C:\WINDOWS\system32\rsvp.exe
2008-12-16 12:50:52 ----A---- C:\WINDOWS\system32\rsopprov.exe
2008-12-16 12:50:51 ----A---- C:\WINDOWS\system32\rsnotify.exe
2008-12-16 12:50:51 ----A---- C:\WINDOWS\system32\rsmui.exe
2008-12-16 12:50:50 ----A---- C:\WINDOWS\system32\rsmsink.exe
2008-12-16 12:50:50 ----A---- C:\WINDOWS\system32\rsm.exe
2008-12-16 12:50:49 ----A---- C:\WINDOWS\system32\rsh.exe
2008-12-16 12:50:49 ----A---- C:\WINDOWS\system32\routemon.exe
2008-12-16 12:50:48 ----A---- C:\WINDOWS\system32\route.exe
2008-12-16 12:50:47 ----D---- C:\WINDOWS\system32\Restore
2008-12-16 12:50:47 ----A---- C:\WINDOWS\system32\rexec.exe
2008-12-16 12:50:46 ----A---- C:\WINDOWS\system32\reset.exe
2008-12-16 12:50:45 ----A---- C:\WINDOWS\system32\replace.exe
2008-12-16 12:50:45 ----A---- C:\WINDOWS\system32\relog.exe
2008-12-16 12:50:44 ----A---- C:\WINDOWS\system32\regwiz.exe
2008-12-16 12:50:44 ----A---- C:\WINDOWS\system32\regsvr32.exe
2008-12-16 12:50:43 ----A---- C:\WINDOWS\system32\regini.exe
2008-12-16 12:50:43 ----A---- C:\WINDOWS\system32\regedt32.exe
2008-12-16 12:50:42 ----A---- C:\WINDOWS\system32\reg.exe
2008-12-16 12:50:42 ----A---- C:\WINDOWS\system32\recover.exe
2008-12-16 12:50:41 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-16 12:50:41 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-16 12:50:40 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-16 12:50:40 ----A---- C:\WINDOWS\system32\rcp.exe
2008-12-16 12:50:39 ----A---- C:\WINDOWS\system32\rcimlby.exe
2008-12-16 12:50:39 ----A---- C:\WINDOWS\system32\rasphone.exe
2008-12-16 12:50:38 ----A---- C:\WINDOWS\system32\rasdial.exe
2008-12-16 12:50:38 ----A---- C:\WINDOWS\system32\rasautou.exe
2008-12-16 12:50:37 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-12-16 12:50:36 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-16 12:50:35 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-12-16 12:50:32 ----A---- C:\WINDOWS\system32\proxycfg.exe
2008-12-16 12:50:32 ----A---- C:\WINDOWS\system32\proquota.exe
2008-12-16 12:50:31 ----A---- C:\WINDOWS\system32\progman.exe
2008-12-16 12:50:31 ----A---- C:\WINDOWS\system32\print.exe
2008-12-16 12:50:30 ----A---- C:\WINDOWS\system32\powercfg.exe
2008-12-16 12:50:29 ----A---- C:\WINDOWS\system32\ping6.exe
2008-12-16 12:50:29 ----A---- C:\WINDOWS\system32\ping.exe
2008-12-16 12:50:28 ----A---- C:\WINDOWS\system32\perfmon.exe
2008-12-16 12:50:28 ----A---- C:\WINDOWS\system32\pentnt.exe
2008-12-16 12:50:27 ----A---- C:\WINDOWS\system32\pathping.exe
2008-12-16 12:50:27 ----A---- C:\WINDOWS\system32\packager.exe
2008-12-16 12:50:26 ----A---- C:\WINDOWS\system32\osuninst.exe
2008-12-16 12:50:26 ----A---- C:\WINDOWS\system32\osk.exe
2008-12-16 12:50:25 ----A---- C:\WINDOWS\system32\openfiles.exe
2008-12-16 12:50:24 ----D---- C:\WINDOWS\system32\oobe
2008-12-16 12:50:22 ----A---- C:\WINDOWS\system32\odbcconf.exe
2008-12-16 12:50:22 ----A---- C:\WINDOWS\system32\odbcad32.exe
2008-12-16 12:50:21 ----A---- C:\WINDOWS\system32\nwscript.exe
2008-12-16 12:50:20 ----A---- C:\WINDOWS\system32\nvunrm.exe
2008-12-16 12:50:19 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-12-16 12:50:19 ----A---- C:\WINDOWS\system32\nvuide.exe
2008-12-16 12:50:18 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-12-16 12:50:18 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-12-16 12:50:17 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-12-16 12:50:16 ----A---- C:\WINDOWS\system32\nvcplui.exe
2008-12-16 12:50:15 ----A---- C:\WINDOWS\system32\nvcolor.exe
2008-12-16 12:50:15 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-12-16 12:50:14 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-12-16 12:50:13 ----A---- C:\WINDOWS\system32\ntsd.exe
2008-12-16 12:50:12 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe.old.exe
2008-12-16 12:50:12 ----A---- C:\WINDOWS\system32\ntbackup.exe
2008-12-16 12:50:11 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-12-16 12:50:10 ----D---- C:\WINDOWS\system32\npp
2008-12-16 12:50:10 ----A---- C:\WINDOWS\system32\notepad.exe
2008-12-16 12:50:09 ----A---- C:\WINDOWS\system32\netstat.exe
2008-12-16 12:50:09 ----A---- C:\WINDOWS\system32\netsh.exe
2008-12-16 12:50:08 ----A---- C:\WINDOWS\system32\netsetup.exe
2008-12-16 12:50:07 ----A---- C:\WINDOWS\system32\netdde.exe
2008-12-16 12:50:07 ----A---- C:\WINDOWS\system32\net1.exe
2008-12-16 12:50:06 ----A---- C:\WINDOWS\system32\net.exe
2008-12-16 12:50:06 ----A---- C:\WINDOWS\system32\nddeapir.exe
2008-12-16 12:50:05 ----A---- C:\WINDOWS\system32\nbtstat.exe
2008-12-16 12:50:05 ----A---- C:\WINDOWS\system32\narrator.exe
2008-12-16 12:50:00 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-16 12:50:00 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-16 12:49:59 ----A---- C:\WINDOWS\system32\msswchx.exe
2008-12-16 12:49:58 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-16 12:49:57 ----A---- C:\WINDOWS\system32\msiexec.exe
2008-12-16 12:49:56 ----A---- C:\WINDOWS\system32\mshta.exe
2008-12-16 12:49:56 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-12-16 12:49:55 ----A---- C:\WINDOWS\system32\msg.exe
2008-12-16 12:49:55 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2008-12-16 12:49:54 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-16 12:49:53 ----A---- C:\WINDOWS\system32\mrinfo.exe
2008-12-16 12:49:52 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2008-12-16 12:49:52 ----A---- C:\WINDOWS\system32\mqsvc.exe
2008-12-16 12:49:51 ----A---- C:\WINDOWS\system32\mqbkup.exe
2008-12-16 12:49:50 ----A---- C:\WINDOWS\system32\mpnotify.exe
2008-12-16 12:49:50 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-16 12:49:49 ----A---- C:\WINDOWS\system32\mountvol.exe
2008-12-16 12:49:49 ----A---- C:\WINDOWS\system32\mobsync.exe
2008-12-16 12:49:48 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-16 12:49:47 ----A---- C:\WINDOWS\system32\mmc.exe
2008-12-16 12:49:47 ----A---- C:\WINDOWS\system32\migpwd.exe
2008-12-16 12:49:45 ----A---- C:\WINDOWS\system32\makecab.exe
2008-12-16 12:49:45 ----A---- C:\WINDOWS\system32\magnify.exe
2008-12-16 12:49:41 ----A---- C:\WINDOWS\system32\lpr.exe
2008-12-16 12:49:41 ----A---- C:\WINDOWS\system32\lpq.exe
2008-12-16 12:49:40 ----A---- C:\WINDOWS\system32\logoff.exe
2008-12-16 12:49:40 ----A---- C:\WINDOWS\system32\logman.exe
2008-12-16 12:49:39 ----A---- C:\WINDOWS\system32\lodctr.exe
2008-12-16 12:49:38 ----A---- C:\WINDOWS\system32\locator.exe
2008-12-16 12:49:38 ----A---- C:\WINDOWS\system32\lnkstub.exe
2008-12-16 12:49:37 ----A---- C:\WINDOWS\system32\lights.exe
2008-12-16 12:49:36 ----A---- C:\WINDOWS\system32\label.exe
2008-12-16 12:49:35 ----A---- C:\WINDOWS\system32\keystone.exe
2008-12-16 12:49:31 ----A---- C:\WINDOWS\system32\ipxroute.exe
2008-12-16 12:49:30 ----A---- C:\WINDOWS\system32\ipv6.exe
2008-12-16 12:49:30 ----A---- C:\WINDOWS\system32\ipsec6.exe
2008-12-16 12:49:29 ----A---- C:\WINDOWS\system32\ipconfig.exe
2008-12-16 12:49:28 ----A---- C:\WINDOWS\system32\imapi.exe
2008-12-16 12:49:27 ----A---- C:\WINDOWS\system32\iexpress.exe
2008-12-16 12:49:24 ----A---- C:\WINDOWS\system32\hostname.exe
2008-12-16 12:49:24 ----A---- C:\WINDOWS\system32\help.exe
2008-12-16 12:49:23 ----A---- C:\WINDOWS\system32\HdAShCut.exe
2008-12-16 12:49:22 ----A---- C:\WINDOWS\system32\grpconv.exe
2008-12-16 12:49:22 ----A---- C:\WINDOWS\system32\gpupdate.exe
2008-12-16 12:49:21 ----A---- C:\WINDOWS\system32\gpresult.exe
2008-12-16 12:49:21 ----A---- C:\WINDOWS\system32\getmac.exe
2008-12-16 12:49:20 ----A---- C:\WINDOWS\system32\GetHostIP.exe
2008-12-16 12:49:19 ----A---- C:\WINDOWS\system32\ftp.exe
2008-12-16 12:49:19 ----A---- C:\WINDOWS\system32\fsutil.exe
2008-12-16 12:49:18 ----A---- C:\WINDOWS\system32\fsquirt.exe
2008-12-16 12:49:18 ----A---- C:\WINDOWS\system32\freecell.exe
2008-12-16 12:49:17 ----A---- C:\WINDOWS\system32\forcedos.exe
2008-12-16 12:49:17 ----A---- C:\WINDOWS\system32\fontview.exe
2008-12-16 12:49:16 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-12-16 12:49:16 ----A---- C:\WINDOWS\system32\fixmapi.exe
2008-12-16 12:49:15 ----A---- C:\WINDOWS\system32\finger.exe
2008-12-16 12:49:15 ----A---- C:\WINDOWS\system32\findstr.exe
2008-12-16 12:49:14 ----A---- C:\WINDOWS\system32\find.exe
2008-12-16 12:49:14 ----A---- C:\WINDOWS\system32\fc.exe
2008-12-16 12:49:13 ----A---- C:\WINDOWS\system32\extrac32.exe
2008-12-16 12:49:13 ----A---- C:\WINDOWS\system32\expand.exe
2008-12-16 12:49:12 ----A---- C:\WINDOWS\system32\eventvwr.exe
2008-12-16 12:49:12 ----A---- C:\WINDOWS\system32\eventtriggers.exe
2008-12-16 12:49:11 ----A---- C:\WINDOWS\system32\eventcreate.exe
2008-12-16 12:49:11 ----A---- C:\WINDOWS\system32\eudcedit.exe
2008-12-16 12:49:10 ----A---- C:\WINDOWS\system32\esentutl.exe
2008-12-16 12:49:09 ----A---- C:\WINDOWS\system32\dxdiag.exe
2008-12-16 12:49:08 ----A---- C:\WINDOWS\system32\dwwin.exe
2008-12-16 12:49:07 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2008-12-16 12:49:07 ----A---- C:\WINDOWS\system32\dvdplay.exe
2008-12-16 12:49:06 ----A---- C:\WINDOWS\system32\dumprep.exe
2008-12-16 12:49:06 ----A---- C:\WINDOWS\system32\drwtsn32.exe
2008-12-16 12:49:05 ----A---- C:\WINDOWS\system32\drmupgds.exe
2008-12-16 12:48:59 ----A---- C:\WINDOWS\system32\driverquery.exe
2008-12-16 12:48:59 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2008-12-16 12:48:58 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2008-12-16 12:48:58 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2008-12-16 12:48:57 ----A---- C:\WINDOWS\system32\doskey.exe
2008-12-16 12:48:57 ----A---- C:\WINDOWS\system32\dns-sd.exe
2008-12-16 12:48:56 ----A---- C:\WINDOWS\system32\dmremote.exe
2008-12-16 12:48:56 ----A---- C:\WINDOWS\system32\dmadmin.exe
2008-12-16 12:48:55 ----A---- C:\WINDOWS\system32\dllhst3g.exe
2008-12-16 12:48:55 ----A---- C:\WINDOWS\system32\dllhost.exe
2008-12-16 12:48:29 ----A---- C:\WINDOWS\system32\userinit.exe.old2.exe
2008-12-16 12:48:29 ----A---- C:\WINDOWS\system32\userinit.exe
2008-12-16 12:48:29 ----A---- C:\WINDOWS\system32\olduserinit.exe
2008-12-16 12:46:52 ----A---- C:\WINDOWS\system32\oldntkrnlpa.exe
2008-12-16 12:46:52 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe.old2.exe
2008-12-16 12:46:52 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-12-16 12:44:15 ----A---- C:\WINDOWS\system32\diskperf.exe
2008-12-16 12:44:15 ----A---- C:\WINDOWS\system32\diskpart.exe
2008-12-16 12:44:14 ----A---- C:\WINDOWS\system32\diantz.exe
2008-12-16 12:44:13 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2008-12-16 12:44:13 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2008-12-16 12:44:12 ----A---- C:\WINDOWS\system32\defrag.exe
2008-12-16 12:44:12 ----A---- C:\WINDOWS\system32\ddeshare.exe
2008-12-16 12:44:11 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-16 12:44:09 ----A---- C:\WINDOWS\system32\ctfmon.exe
2008-12-16 12:44:08 ----A---- C:\WINDOWS\system32\cscript.exe
2008-12-16 12:44:07 ----A---- C:\WINDOWS\system32\convert.exe
2008-12-16 12:44:07 ----A---- C:\WINDOWS\system32\control.exe
2008-12-16 12:44:06 ----A---- C:\WINDOWS\system32\conime.exe
2008-12-16 12:44:04 ----A---- C:\WINDOWS\system32\compact.exe
2008-12-16 12:44:03 ----D---- C:\WINDOWS\system32\Com
2008-12-16 12:44:03 ----A---- C:\WINDOWS\system32\comp.exe
2008-12-16 12:44:02 ----A---- C:\WINDOWS\system32\cmstp.exe
2008-12-16 12:44:01 ----A---- C:\WINDOWS\system32\cmmon32.exe
2008-12-16 12:44:01 ----A---- C:\WINDOWS\system32\cmdl32.exe
2008-12-16 12:44:00 ----A---- C:\WINDOWS\system32\cmd.exe
2008-12-16 12:44:00 ----A---- C:\WINDOWS\system32\clipsrv.exe
2008-12-16 12:43:59 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-16 12:43:59 ----A---- C:\WINDOWS\system32\cliconfg.exe
2008-12-16 12:43:58 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2008-12-16 12:43:58 ----A---- C:\WINDOWS\system32\ckcnv.exe
2008-12-16 12:43:57 ----A---- C:\WINDOWS\system32\cisvc.exe
2008-12-16 12:43:57 ----A---- C:\WINDOWS\system32\cipher.exe
2008-12-16 12:43:56 ----A---- C:\WINDOWS\system32\cidaemon.exe
2008-12-16 12:43:56 ----A---- C:\WINDOWS\system32\chkntfs.exe
2008-12-16 12:43:55 ----A---- C:\WINDOWS\system32\chkdsk.exe
2008-12-16 12:43:55 ----A---- C:\WINDOWS\system32\ChCfg.exe
2008-12-16 12:43:54 ----A---- C:\WINDOWS\system32\charmap.exe
2008-12-16 12:43:51 ----A---- C:\WINDOWS\system32\CapabilityTable.exe
2008-12-16 12:43:51 ----A---- C:\WINDOWS\system32\calc.exe
2008-12-16 12:43:50 ----A---- C:\WINDOWS\system32\cacls.exe
2008-12-16 12:43:50 ----A---- C:\WINDOWS\system32\bootvrfy.exe
2008-12-16 12:43:49 ----A---- C:\WINDOWS\system32\bootok.exe
2008-12-16 12:43:49 ----A---- C:\WINDOWS\system32\bootcfg.exe
2008-12-16 12:43:48 ----A---- C:\WINDOWS\system32\blastcln.exe
2008-12-16 12:43:47 ----A---- C:\WINDOWS\system32\autolfn.exe
2008-12-16 12:43:47 ----A---- C:\WINDOWS\system32\autofmt.exe
2008-12-16 12:43:46 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-12-16 12:43:46 ----A---- C:\WINDOWS\system32\autochk.exe
2008-12-16 12:43:45 ----A---- C:\WINDOWS\system32\auditusr.exe
2008-12-16 12:43:45 ----A---- C:\WINDOWS\system32\attrib.exe
2008-12-16 12:43:44 ----A---- C:\WINDOWS\system32\atmadm.exe
2008-12-16 12:43:44 ----A---- C:\WINDOWS\system32\at.exe
2008-12-16 12:43:43 ----A---- C:\WINDOWS\system32\asr_pfu.exe
2008-12-16 12:43:43 ----A---- C:\WINDOWS\system32\asr_ldm.exe
2008-12-16 12:43:42 ----A---- C:\WINDOWS\system32\asr_fmt.exe
2008-12-16 12:43:42 ----A---- C:\WINDOWS\system32\arp.exe
2008-12-16 12:43:41 ----A---- C:\WINDOWS\system32\alg.exe
2008-12-16 12:43:41 ----A---- C:\WINDOWS\system32\ahui.exe
2008-12-16 12:43:40 ----A---- C:\WINDOWS\system32\actmovie.exe
2008-12-16 12:43:40 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-16 12:43:38 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2008-12-16 12:38:31 ----A---- C:\WINDOWS\SkyTel.exe
2008-12-16 12:38:30 ----A---- C:\WINDOWS\RtlUpd.exe
2008-12-16 12:38:28 ----A---- C:\WINDOWS\RTLCPL.EXE
2008-12-16 12:38:28 ----A---- C:\WINDOWS\RTHDCPL.EXE
2008-12-16 12:38:26 ----A---- C:\WINDOWS\regedit.exe
2008-12-16 12:38:07 ----A---- C:\WINDOWS\NOTEPAD.EXE
2008-12-16 12:38:06 ----D---- C:\WINDOWS\network diagnostic
2008-12-16 12:38:05 ----D---- C:\WINDOWS\mui
2008-12-16 12:38:04 ----D---- C:\WINDOWS\msagent
2008-12-16 12:37:12 ----A---- C:\WINDOWS\MicCal.exe
2008-12-16 12:37:06 ----A---- C:\WINDOWS\IsUninst.exe
2008-12-16 12:35:54 ----HDC---- C:\WINDOWS\ie7
2008-12-16 12:35:51 ----A---- C:\WINDOWS\HideWin.exe
2008-12-16 12:35:51 ----A---- C:\WINDOWS\hh.exe
2008-12-16 12:34:43 ----A---- C:\WINDOWS\ALCWZRD.EXE
2008-12-16 12:34:41 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-12-16 12:34:36 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-12-16 12:34:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-16 12:33:58 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-16 12:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2008-12-16 12:33:44 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2008-12-16 12:33:28 ----HDC---- C:\WINDOWS\$NtUninstallKB925876$
2008-12-16 12:33:20 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2008-12-16 12:33:15 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2008-12-16 12:32:57 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2008-12-16 12:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-12-16 12:32:48 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-12-16 12:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-12-16 12:32:42 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-12-16 12:32:38 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2008-12-16 12:32:31 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-12-16 12:28:26 ----D---- C:\WDM_R181
2008-12-16 12:28:21 ----D---- C:\UPS DRIVERS
2008-12-16 12:22:09 ----D---- C:\Program Files\WinSCP
2008-12-16 12:22:02 ----D---- C:\Program Files\Windows NT
2008-12-16 12:22:00 ----D---- C:\Program Files\Windows Media Player
2008-12-16 12:21:51 ----D---- C:\Program Files\Windows Media Connect 2
2008-12-16 12:21:50 ----D---- C:\Program Files\SystemRequirementsLab
2008-12-16 12:20:56 ----D---- C:\Program Files\QuickTime
2008-12-16 12:20:33 ----D---- C:\Program Files\Outlook Express
2008-12-16 12:20:29 ----D---- C:\Program Files\NetMeeting
2008-12-16 12:20:00 ----D---- C:\Program Files\Movie Maker
2008-12-16 12:19:59 ----D---- C:\Program Files\MiniRingtone
2008-12-16 12:18:18 ----D---- C:\Program Files\Messenger
2008-12-16 12:13:28 ----D---- C:\Program Files\Free PDF to Word Doc Converter
2008-12-16 12:11:54 ----D---- C:\Program Files\Bonjour
2008-12-16 12:09:56 ----D---- C:\monitor
2008-12-15 17:25:15 ----D---- C:\Documents and Settings
2008-12-15 17:21:39 ----A---- C:\WINDOWS\system32\userinit.exe.old.exe
2008-12-15 17:21:39 ----A---- C:\WINDOWS\system32\logonui.exe
2008-12-15 17:21:38 ----A---- C:\WINDOWS\ALCMTR.EXE
2008-12-15 17:21:37 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-12-15 17:21:30 ----A---- C:\WINDOWS\system32\verclsid.exe
2008-12-15 17:21:29 ----A---- C:\WINDOWS\system32\wscntfy.exe
2008-12-15 09:41:28 ----A---- C:\WINDOWS\wstdUPSWSHIP.INI
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 12:37:13 ----SD---- C:\Documents and Settings\Tigerdistrict3\Application Data\Microsoft
2008-11-24 09:42:48 ----D---- C:\WINDOWS\Help
2008-11-12 17:03:45 ----D---- C:\WINDOWS\WinSxS
2008-11-03 09:55:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-27 12:25:55 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-27 12:22:01 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-23 07:01:36 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-22 03:47:07 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-10-20 09:09:21 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-16 14:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 14:38:39 ----N---- C:\WINDOWS\system32\occache.dll
2008-10-16 14:38:39 ----N---- C:\WINDOWS\system32\mstime.dll
2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 14:38:38 ----N---- C:\WINDOWS\system32\msrating.dll
2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 14:38:37 ----N---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 14:38:37 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 07:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-16 07:11:09 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-15 10:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 01:04:53 ----N---- C:\WINDOWS\system32\ieakui.dll
2008-10-07 15:19:50 ----D---- C:\UPS
2008-10-03 04:15:47 ----A---- C:\WINDOWS\system32\strmdll.dll
2008-09-30 09:48:08 ----D---- C:\Documents and Settings\Tigerdistrict3\Application Data\Apple Computer
2008-09-26 09:45:30 ----RSD---- C:\WINDOWS\assembly
2008-09-26 09:45:08 ----D---- C:\WINDOWS\system32\DirectX
2008-09-24 09:01:08 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-24 08:52:43 ----D---- C:\WINDOWS\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 RT73;USB Wireless 802.11 b/g Adaptor Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2007-10-01 451968]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S1 dxgthkk;dxgthkk; C:\WINDOWS\System32\drivers\dxgthkk.sys []
S1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-12-17 21419]
S2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
S2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-25 4623872]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-10-04 6854464]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-16 233472]
S2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-16 147456]
S2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe [2008-12-16 9150464]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-16 155648]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-12-16 24576]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-12-16 60928]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2007-12-21 19200]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-12-16 58880]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2008-12-16 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-12-16 434176]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2008-12-16 138240]
S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE [2008-12-16 323584]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2008-12-16 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

-----------------EOF-----------------

 

Try doing a system restore to the restore point created by ComboFix at 2008-12-22 23:43
If that doesn't work try the next, etc.

 

That restore point wasn't available. There were two - both 12-23 (00:29 and 1:22). I tried both of those, and neither worked to be able to get me to restart normally.

All I can do right now is boot in safe mode. I did notice that when I did the system restore, it made a copy of the userinit.exe and ntkrnlpa.exe file.

 

Logfile of random's system information tool 1.05 (written by random/random)
Run by Tigerdistrict3 at 2008-12-23 12:34:42
Microsoft Windows XP Professional Service Pack 2
System drive C: has 31 GB (60%) free of 51 GB
Total RAM: 1918 MB (86% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34, on 2008-12-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Tigerdistrict3\Desktop\RSIT.exe
C:\Program Files\trend micro\Tigerdistrict3.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe
O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1197920083140
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://www.netchexonline.net/ActiveX/activexviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96BC7991-4CCF-45F0-A081-F882F6B55DD4}: NameServer = 205.152.132.23
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe
O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\system32\rsvp.exe
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe

--
End of file - 6634 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-12 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-12 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor "=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-12-16 24064]
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2007-10-04 8491008]
"nwiz "=nwiz.exe /install []
"NvMediaCenter "=C:\WINDOWS\system32\NvMcTray.dll [2007-10-04 81920]
"RTHDCPL "=C:\WINDOWS\RTHDCPL.EXE [2008-12-16 16857088]
"Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-12-15 34304]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2008-12-15 413696]
"ClamWin "=C:\Program Files\ClamWin\bin\ClamTray.exe [2008-12-16 86016]
"SunJavaUpdateSched "=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-16 131072]
"egui "=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2007-12-21 1443072]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-12-16 15360]
"SUPERAntiSpyware "=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-16 1809648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
UPS WorldShip Messaging Utility.lnk - C:\UPS\WSTD\WSTDMessaging.exe
UPS WorldShip PLD Reminder Utility.lnk - C:\UPS\WSTD\wstdPldReminder.exe

C:\Documents and Settings\Tigerdistrict3\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-12-16 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=323
"NoDriveAutoRun "=67108863
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun "=
"NoDriveTypeAutoRun "=
"NoDrives "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE "= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook "
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE "= "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove "
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE "= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote "
"C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe "= "C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe:*:Enabled:UPS WorldShip MSDE "
"C:\WINDOWS\system32\spoolsv.exe "= "C:\WINDOWS\system32\spoolsv.exe:*isabled:Spooler SubSystem App "
"C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\Program Files\WinSCP\WinSCP.exe "= "C:\Program Files\WinSCP\WinSCP.exe:*:Enabled:Windows SFTP, FTP and SCP client "
"C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe "= "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabledreamweaver MX "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

======File associations======

.js - open - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1 "

======List of files/folders created in the last 3 months======

2008-12-23 01:08:05 ----DC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-23 01:08:00 ----DC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-23 01:07:25 ----DC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-23 01:07:17 ----DC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-23 01:04:16 ----D---- C:\ComboFix
2008-12-23 01:04:16 ----A---- C:\WINDOWS\system32\CF12819.exe
2008-12-23 00:41:37 ----A---- C:\WINDOWS\system32\CF8381.exe
2008-12-23 00:34:12 ----SHD---- C:\RECYCLER
2008-12-23 00:34:09 ----A---- C:\WINDOWS\system32\CF6918.exe
2008-12-22 23:38:18 ----A---- C:\Boot.bak
2008-12-22 23:38:15 ----RASHD---- C:\cmdcons
2008-12-22 23:33:32 ----A---- C:\WINDOWS\zip.exe
2008-12-22 23:33:32 ----A---- C:\WINDOWS\VFIND.exe
2008-12-22 23:33:32 ----A---- C:\WINDOWS\SWSC.exe
2008-12-22 23:33:32 ----A---- C:\WINDOWS\SWREG.exe
2008-12-22 23:33:32 ----A---- C:\WINDOWS\sed.exe
2008-12-22 23:33:32 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-22 23:33:32 ----A---- C:\WINDOWS\grep.exe
2008-12-22 23:33:32 ----A---- C:\WINDOWS\fdsv.exe
2008-12-22 23:33:31 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-22 23:33:29 ----D---- C:\WINDOWS\ERDNT
2008-12-22 23:33:29 ----D---- C:\Qoobox
2008-12-22 19:48:30 ----D---- C:\rsit
2008-12-22 19:48:30 ----D---- C:\Program Files\trend micro
2008-12-17 16:50:04 ----A---- C:\WINDOWS\system32\InstallBackup.txt
2008-12-17 16:50:04 ----A---- C:\WINDOWS\system32\Install_10.0.40.txt
2008-12-16 16:31:30 ----D---- C:\Program Files\iPod
2008-12-16 16:31:28 ----D---- C:\Program Files\iTunes
2008-12-16 16:31:28 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-16 15:10:58 ----D---- C:\Documents and Settings\All Users\Application Data\WinZipSE
2008-12-16 15:10:57 ----D---- C:\Program Files\WinZip Self-Extractor
2008-12-16 13:01:18 ----D---- C:\Program Files\Webtools
2008-12-16 13:01:06 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-16 13:00:58 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-16 13:00:56 ----D---- C:\Documents and Settings\Tigerdistrict3\Application Data\SUPERAntiSpyware.com
2008-12-16 12:57:32 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-16 12:56:49 ----SHD---- C:\Config.Msi
2008-12-15 17:59:59 ----D---- C:\Program Files\Panda Security
2008-12-15 17:24:42 ----SHD---- C:\WINDOWS\CSC
2008-12-15 17:24:36 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-15 17:21:04 ----D---- C:\Program Files\ESET
2008-12-15 17:21:04 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2008-12-15 17:18:25 ----D---- C:\Documents and Settings\Tigerdistrict3\Application Data\WinRAR
2008-12-15 17:18:10 ----D---- C:\Program Files\WinRAR
2008-12-12 09:54:40 ----D---- C:\WINDOWS\Sun
2008-12-12 09:53:09 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-12 09:53:09 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-12 09:53:09 ----A---- C:\WINDOWS\system32\java.exe
2008-12-12 09:53:09 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-12 09:52:58 ----D---- C:\Program Files\Java
2008-12-12 09:51:44 ----D---- C:\Documents and Settings\Tigerdistrict3\Application Data\Sun
2008-12-10 11:35:59 ----D---- C:\Documents and Settings\Tigerdistrict3\Application Data\.clamwin
2008-12-10 11:35:53 ----D---- C:\Program Files\ClamWin
2008-11-12 17:03:59 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 17:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-27 12:25:46 ----D---- C:\Program Files\Common Files\Macromedia
2008-10-27 12:25:18 ----D---- C:\Program Files\Macromedia
2008-10-24 15:51:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-20 14:50:29 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-10-20 09:04:42 ----D---- C:\Program Files\Safari
2008-10-16 02:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 02:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 02:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 02:00:23 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 02:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-26 09:48:22 ----D---- C:\Documents and Settings\Tigerdistrict3\Application Data\Sony Corporation
2008-09-26 09:45:30 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-09-26 09:45:30 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-09-26 09:45:30 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-09-26 09:45:30 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-09-26 09:45:30 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-09-26 09:45:26 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-09-26 09:45:26 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-09-26 09:45:26 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-09-26 09:45:25 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-09-26 09:45:25 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-09-26 09:45:25 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-09-26 09:45:25 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-09-26 09:45:25 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-09-26 09:45:25 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-09-26 09:45:23 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-09-26 09:44:37 ----A---- C:\WINDOWS\system32\vxblock.dll
2008-09-26 09:44:37 ----A---- C:\WINDOWS\system32\PxInsI64.exe
2008-09-26 09:44:37 ----A---- C:\WINDOWS\system32\PxInsA64.exe
2008-09-26 09:44:37 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2008-09-26 09:44:37 ----A---- C:\WINDOWS\system32\PxCpyI64.exe
2008-09-26 09:44:37 ----A---- C:\WINDOWS\system32\PxCpyA64.exe
2008-09-26 09:39:47 ----D---- C:\Program Files\Sony
2008-09-24 08:52:44 ----D---- C:\WINDOWS\system32\CatRoot_bak

======List of files/folders modified in the last 3 months======

2008-12-23 12:30:10 ----D---- C:\Program Files\Mozilla Firefox
2008-12-23 12:24:40 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-23 12:17:16 ----D---- C:\WINDOWS\system32\config
2008-12-23 12:16:58 ----D---- C:\WINDOWS\system32\wbem
2008-12-23 12:16:58 ----D---- C:\WINDOWS\Registration
2008-12-23 12:16:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-23 12:16:51 ----HD---- C:\WINDOWS\inf
2008-12-23 12:16:51 ----D---- C:\WINDOWS
2008-12-23 12:16:49 ----D---- C:\Program Files\Internet Explorer
2008-12-23 06:22:07 ----D---- C:\WINDOWS\system32
2008-12-23 02:09:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-23 02:08:30 ----D---- C:\WINDOWS\Temp
2008-12-23 01:08:04 ----D---- C:\WINDOWS\Prefetch
2008-12-23 01:08:03 ----A---- C:\WINDOWS\imsins.BAK
2008-12-23 01:07:38 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-23 00:40:01 ----D---- C:\Program Files\Mozilla Thunderbird
2008-12-23 00:30:17 ----A---- C:\WINDOWS\system.ini
2008-12-23 00:30:03 ----D---- C:\WINDOWS\system32\drivers
2008-12-23 00:30:03 ----D---- C:\WINDOWS\AppPatch
2008-12-23 00:30:03 ----D---- C:\Program Files\Common Files
2008-12-23 00:29:52 ----D---- C:\temp
2008-12-22 23:39:18 ----A---- C:\WINDOWS\system32\spoolsv.exe
2008-12-22 23:38:53 ----SD---- C:\WINDOWS\Tasks
2008-12-22 23:38:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-22 23:38:41 ----RD---- C:\Program Files
2008-12-22 23:38:18 ----RASH---- C:\boot.ini
2008-12-16 16:32:01 ----SHD---- C:\WINDOWS\Installer
2008-12-16 12:52:13 ----A---- C:\WINDOWS\winhlp32.exe
2008-12-16 12:52:12 ----A---- C:\WINDOWS\twunk_32.exe
2008-12-16 12:52:11 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-12-16 12:52:08 ----A---- C:\WINDOWS\system32\xcopy.exe
2008-12-16 12:52:07 ----A---- C:\WINDOWS\system32\wupdmgr.exe
2008-12-16 12:52:07 ----A---- C:\WINDOWS\system32\WudfHost.exe
2008-12-16 12:52:06 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-12-16 12:52:05 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-12-16 12:52:05 ----A---- C:\WINDOWS\system32\wscript.exe
2008-12-16 12:52:04 ----A---- C:\WINDOWS\system32\write.exe
2008-12-16 12:52:04 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2008-12-16 12:52:03 ----A---- C:\WINDOWS\system32\wpdshextautoplay.exe
2008-12-16 12:52:02 ----A---- C:\WINDOWS\system32\wpabaln.exe
2008-12-16 12:52:00 ----A---- C:\WINDOWS\system32\WISPTIS.EXE
2008-12-16 12:51:59 ----A---- C:\WINDOWS\system32\winver.exe
2008-12-16 12:51:59 ----A---- C:\WINDOWS\system32\winmsd.exe
2008-12-16 12:51:58 ----A---- C:\WINDOWS\system32\winmine.exe
2008-12-16 12:51:58 ----A---- C:\WINDOWS\system32\winhlp32.exe
2008-12-16 12:51:57 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe
2008-12-16 12:51:57 ----A---- C:\WINDOWS\system32\winchat.exe
2008-12-16 12:51:56 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2008-12-16 12:51:55 ----A---- C:\WINDOWS\system32\WgaTray.exe
2008-12-16 12:51:55 ----A---- C:\WINDOWS\system32\wextract.exe
2008-12-16 12:51:54 ----A---- C:\WINDOWS\system32\wdfmgr.exe
2008-12-16 12:51:45 ----A---- C:\WINDOWS\system32\w32tm.exe
2008-12-16 12:51:44 ----A---- C:\WINDOWS\system32\vssvc.exe
2008-12-16 12:51:44 ----A---- C:\WINDOWS\system32\vssadmin.exe
2008-12-16 12:51:43 ----A---- C:\WINDOWS\system32\verifier.exe
2008-12-16 12:51:42 ----A---- C:\WINDOWS\system32\uwdf.exe
2008-12-16 12:51:42 ----A---- C:\WINDOWS\system32\utilman.exe
2008-12-16 12:51:41 ----A---- C:\WINDOWS\system32\usrshuta.exe
2008-12-16 12:51:41 ----A---- C:\WINDOWS\system32\usrprbda.exe
2008-12-16 12:51:40 ----A---- C:\WINDOWS\system32\usrmlnka.exe
2008-12-16 12:51:39 ----D---- C:\WINDOWS\system32\usmt
2008-12-16 12:51:37 ----D---- C:\WINDOWS\system32\URTTemp
2008-12-16 12:51:37 ----A---- C:\WINDOWS\system32\ups.exe
2008-12-16 12:51:36 ----A---- C:\WINDOWS\system32\upnpcont.exe
2008-12-16 12:51:35 ----A---- C:\WINDOWS\system32\unlodctr.exe
2008-12-16 12:51:35 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-12-16 12:51:34 ----A---- C:\WINDOWS\system32\typeperf.exe
2008-12-16 12:51:33 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-12-16 12:51:33 ----A---- C:\WINDOWS\system32\tskill.exe
2008-12-16 12:51:32 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-12-16 12:51:32 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-12-16 12:51:31 ----A---- C:\WINDOWS\system32\tscon.exe
2008-12-16 12:51:30 ----A---- C:\WINDOWS\system32\tracert6.exe
2008-12-16 12:51:30 ----A---- C:\WINDOWS\system32\tracert.exe
2008-12-16 12:51:30 ----A---- C:\WINDOWS\system32\tracerpt.exe
2008-12-16 12:51:29 ----A---- C:\WINDOWS\system32\tourstart.exe
2008-12-16 12:51:29 ----A---- C:\WINDOWS\system32\tlntsvr.exe
2008-12-16 12:51:28 ----A---- C:\WINDOWS\system32\tlntsess.exe
2008-12-16 12:51:28 ----A---- C:\WINDOWS\system32\tlntadmn.exe
2008-12-16 12:51:27 ----A---- C:\WINDOWS\system32\tftp.exe
2008-12-16 12:51:27 ----A---- C:\WINDOWS\system32\telnet.exe
2008-12-16 12:51:26 ----A---- C:\WINDOWS\system32\tcpsvcs.exe
2008-12-16 12:51:26 ----A---- C:\WINDOWS\system32\tcmsetup.exe
2008-12-16 12:51:25 ----A---- C:\WINDOWS\system32\taskmgr.exe
2008-12-16 12:51:25 ----A---- C:\WINDOWS\system32\taskman.exe
2008-12-16 12:51:24 ----A---- C:\WINDOWS\system32\tasklist.exe
2008-12-16 12:51:24 ----A---- C:\WINDOWS\system32\taskkill.exe
2008-12-16 12:51:23 ----A---- C:\WINDOWS\system32\systray.exe
2008-12-16 12:51:23 ----A---- C:\WINDOWS\system32\systeminfo.exe
2008-12-16 12:51:22 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2008-12-16 12:51:21 ----A---- C:\WINDOWS\system32\syskey.exe
2008-12-16 12:51:20 ----A---- C:\WINDOWS\system32\syncapp.exe
2008-12-16 12:51:20 ----A---- C:\WINDOWS\system32\subst.exe
2008-12-16 12:51:19 ----A---- C:\WINDOWS\system32\stimon.exe
2008-12-16 12:51:18 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-16 12:51:18 ----A---- C:\WINDOWS\system32\sprestrt.exe
2008-12-16 12:51:09 ----A---- C:\WINDOWS\system32\spnpinst.exe
2008-12-16 12:51:08 ----A---- C:\WINDOWS\system32\spiisupd.exe
2008-12-16 12:51:08 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-16 12:51:07 ----A---- C:\WINDOWS\system32\sort.exe
2008-12-16 12:51:07 ----A---- C:\WINDOWS\system32\sol.exe
2008-12-16 12:51:06 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-12-16 12:51:06 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-16 12:51:05 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2008-12-16 12:51:05 ----A---- C:\WINDOWS\system32\smbinst.exe
2008-12-16 12:51:04 ----A---- C:\WINDOWS\system32\skeys.exe
2008-12-16 12:51:04 ----A---- C:\WINDOWS\system32\sigverif.exe
2008-12-16 12:51:03 ----A---- C:\WINDOWS\system32\shutdown.exe
2008-12-16 12:51:02 ----A---- C:\WINDOWS\system32\shrpubw.exe
2008-12-16 12:51:02 ----A---- C:\WINDOWS\system32\shmgrate.exe
2008-12-16 12:51:01 ----A---- C:\WINDOWS\system32\shadow.exe
2008-12-16 12:51:00 ----A---- C:\WINDOWS\system32\sfc.exe
2008-12-16 12:51:00 ----A---- C:\WINDOWS\system32\setup.exe
2008-12-16 12:50:59 ----A---- C:\WINDOWS\system32\sethc.exe
2008-12-16 12:50:59 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-16 12:50:58 ----A---- C:\WINDOWS\system32\secedit.exe
2008-12-16 12:50:57 ----A---- C:\WINDOWS\system32\sdbinst.exe
2008-12-16 12:50:57 ----A---- C:\WINDOWS\system32\schtasks.exe
2008-12-16 12:50:56 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-12-16 12:50:56 ----A---- C:\WINDOWS\system32\sc.exe
2008-12-16 12:50:55 ----A---- C:\WINDOWS\system32\savedump.exe
2008-12-16 12:50:55 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-12-16 12:50:54 ----A---- C:\WINDOWS\system32\runonce.exe
2008-12-16 12:50:54 ----A---- C:\WINDOWS\system32\rundll32.exe
2008-12-16 12:50:53 ----A---- C:\WINDOWS\system32\runas.exe
2008-12-16 12:50:53 ----A---- C:\WINDOWS\system32\rtcshare.exe
2008-12-16 12:50:52 ----A---- C:\WINDOWS\system32\rsvp.exe
2008-12-16 12:50:52 ----A---- C:\WINDOWS\system32\rsopprov.exe
2008-12-16 12:50:51 ----A---- C:\WINDOWS\system32\rsnotify.exe
2008-12-16 12:50:51 ----A---- C:\WINDOWS\system32\rsmui.exe
2008-12-16 12:50:50 ----A---- C:\WINDOWS\system32\rsmsink.exe
2008-12-16 12:50:50 ----A---- C:\WINDOWS\system32\rsm.exe
2008-12-16 12:50:49 ----A---- C:\WINDOWS\system32\rsh.exe
2008-12-16 12:50:49 ----A---- C:\WINDOWS\system32\routemon.exe
2008-12-16 12:50:48 ----A---- C:\WINDOWS\system32\route.exe
2008-12-16 12:50:47 ----D---- C:\WINDOWS\system32\Restore
2008-12-16 12:50:47 ----A---- C:\WINDOWS\system32\rexec.exe
2008-12-16 12:50:46 ----A---- C:\WINDOWS\system32\reset.exe
2008-12-16 12:50:45 ----A---- C:\WINDOWS\system32\replace.exe
2008-12-16 12:50:45 ----A---- C:\WINDOWS\system32\relog.exe
2008-12-16 12:50:44 ----A---- C:\WINDOWS\system32\regwiz.exe
2008-12-16 12:50:44 ----A---- C:\WINDOWS\system32\regsvr32.exe
2008-12-16 12:50:43 ----A---- C:\WINDOWS\system32\regini.exe
2008-12-16 12:50:43 ----A---- C:\WINDOWS\system32\regedt32.exe
2008-12-16 12:50:42 ----A---- C:\WINDOWS\system32\reg.exe
2008-12-16 12:50:42 ----A---- C:\WINDOWS\system32\recover.exe
2008-12-16 12:50:41 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-16 12:50:41 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-16 12:50:40 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-16 12:50:40 ----A---- C:\WINDOWS\system32\rcp.exe
2008-12-16 12:50:39 ----A---- C:\WINDOWS\system32\rcimlby.exe
2008-12-16 12:50:39 ----A---- C:\WINDOWS\system32\rasphone.exe
2008-12-16 12:50:38 ----A---- C:\WINDOWS\system32\rasdial.exe
2008-12-16 12:50:38 ----A---- C:\WINDOWS\system32\rasautou.exe
2008-12-16 12:50:37 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-12-16 12:50:36 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-16 12:50:35 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-12-16 12:50:32 ----A---- C:\WINDOWS\system32\proxycfg.exe
2008-12-16 12:50:32 ----A---- C:\WINDOWS\system32\proquota.exe
2008-12-16 12:50:31 ----A---- C:\WINDOWS\system32\progman.exe
2008-12-16 12:50:31 ----A---- C:\WINDOWS\system32\print.exe
2008-12-16 12:50:30 ----A---- C:\WINDOWS\system32\powercfg.exe
2008-12-16 12:50:29 ----A---- C:\WINDOWS\system32\ping6.exe
2008-12-16 12:50:29 ----A---- C:\WINDOWS\system32\ping.exe
2008-12-16 12:50:28 ----A---- C:\WINDOWS\system32\perfmon.exe
2008-12-16 12:50:28 ----A---- C:\WINDOWS\system32\pentnt.exe
2008-12-16 12:50:27 ----A---- C:\WINDOWS\system32\pathping.exe
2008-12-16 12:50:27 ----A---- C:\WINDOWS\system32\packager.exe
2008-12-16 12:50:26 ----A---- C:\WINDOWS\system32\osuninst.exe
2008-12-16 12:50:26 ----A---- C:\WINDOWS\system32\osk.exe
2008-12-16 12:50:25 ----A---- C:\WINDOWS\system32\openfiles.exe
2008-12-16 12:50:24 ----D---- C:\WINDOWS\system32\oobe
2008-12-16 12:50:22 ----A---- C:\WINDOWS\system32\odbcconf.exe
2008-12-16 12:50:22 ----A---- C:\WINDOWS\system32\odbcad32.exe
2008-12-16 12:50:21 ----A---- C:\WINDOWS\system32\nwscript.exe
2008-12-16 12:50:20 ----A---- C:\WINDOWS\system32\nvunrm.exe
2008-12-16 12:50:19 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-12-16 12:50:19 ----A---- C:\WINDOWS\system32\nvuide.exe
2008-12-16 12:50:18 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-12-16 12:50:18 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-12-16 12:50:17 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-12-16 12:50:16 ----A---- C:\WINDOWS\system32\nvcplui.exe
2008-12-16 12:50:15 ----A---- C:\WINDOWS\system32\nvcolor.exe
2008-12-16 12:50:15 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-12-16 12:50:14 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-12-16 12:50:13 ----A---- C:\WINDOWS\system32\ntsd.exe
2008-12-16 12:50:12 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe.old.exe
2008-12-16 12:50:12 ----A---- C:\WINDOWS\system32\ntbackup.exe
2008-12-16 12:50:11 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-12-16 12:50:10 ----D---- C:\WINDOWS\system32\npp
2008-12-16 12:50:10 ----A---- C:\WINDOWS\system32\notepad.exe
2008-12-16 12:50:09 ----A---- C:\WINDOWS\system32\netstat.exe
2008-12-16 12:50:09 ----A---- C:\WINDOWS\system32\netsh.exe
2008-12-16 12:50:08 ----A---- C:\WINDOWS\system32\netsetup.exe
2008-12-16 12:50:07 ----A---- C:\WINDOWS\system32\netdde.exe
2008-12-16 12:50:07 ----A---- C:\WINDOWS\system32\net1.exe
2008-12-16 12:50:06 ----A---- C:\WINDOWS\system32\net.exe
2008-12-16 12:50:06 ----A---- C:\WINDOWS\system32\nddeapir.exe
2008-12-16 12:50:05 ----A---- C:\WINDOWS\system32\nbtstat.exe
2008-12-16 12:50:05 ----A---- C:\WINDOWS\system32\narrator.exe
2008-12-16 12:50:00 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-16 12:50:00 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-16 12:49:59 ----A---- C:\WINDOWS\system32\msswchx.exe
2008-12-16 12:49:58 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-16 12:49:57 ----A---- C:\WINDOWS\system32\msiexec.exe
2008-12-16 12:49:56 ----A---- C:\WINDOWS\system32\mshta.exe
2008-12-16 12:49:56 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-12-16 12:49:55 ----A---- C:\WINDOWS\system32\msg.exe
2008-12-16 12:49:55 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2008-12-16 12:49:54 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-16 12:49:53 ----A---- C:\WINDOWS\system32\mrinfo.exe
2008-12-16 12:49:52 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2008-12-16 12:49:52 ----A---- C:\WINDOWS\system32\mqsvc.exe
2008-12-16 12:49:51 ----A---- C:\WINDOWS\system32\mqbkup.exe
2008-12-16 12:49:50 ----A---- C:\WINDOWS\system32\mpnotify.exe
2008-12-16 12:49:50 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-16 12:49:49 ----A---- C:\WINDOWS\system32\mountvol.exe
2008-12-16 12:49:49 ----A---- C:\WINDOWS\system32\mobsync.exe
2008-12-16 12:49:48 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-16 12:49:47 ----A---- C:\WINDOWS\system32\mmc.exe
2008-12-16 12:49:47 ----A---- C:\WINDOWS\system32\migpwd.exe
2008-12-16 12:49:45 ----A---- C:\WINDOWS\system32\makecab.exe
2008-12-16 12:49:45 ----A---- C:\WINDOWS\system32\magnify.exe
2008-12-16 12:49:41 ----A---- C:\WINDOWS\system32\lpr.exe
2008-12-16 12:49:41 ----A---- C:\WINDOWS\system32\lpq.exe
2008-12-16 12:49:40 ----A---- C:\WINDOWS\system32\logoff.exe
2008-12-16 12:49:40 ----A---- C:\WINDOWS\system32\logman.exe
2008-12-16 12:49:39 ----A---- C:\WINDOWS\system32\logagent.exe
2008-12-16 12:49:39 ----A---- C:\WINDOWS\system32\lodctr.exe
2008-12-16 12:49:38 ----A---- C:\WINDOWS\system32\locator.exe
2008-12-16 12:49:38 ----A---- C:\WINDOWS\system32\lnkstub.exe
2008-12-16 12:49:37 ----A---- C:\WINDOWS\system32\lights.exe
2008-12-16 12:49:36 ----A---- C:\WINDOWS\system32\label.exe
2008-12-16 12:49:35 ----A---- C:\WINDOWS\system32\keystone.exe
2008-12-16 12:49:31 ----A---- C:\WINDOWS\system32\ipxroute.exe
2008-12-16 12:49:30 ----A---- C:\WINDOWS\system32\ipv6.exe
2008-12-16 12:49:30 ----A---- C:\WINDOWS\system32\ipsec6.exe
2008-12-16 12:49:29 ----A---- C:\WINDOWS\system32\ipconfig.exe
2008-12-16 12:49:28 ----A---- C:\WINDOWS\system32\imapi.exe
2008-12-16 12:49:27 ----A---- C:\WINDOWS\system32\iexpress.exe
2008-12-16 12:49:26 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-12-16 12:49:26 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-12-16 12:49:24 ----A---- C:\WINDOWS\system32\hostname.exe
2008-12-16 12:49:24 ----A---- C:\WINDOWS\system32\help.exe
2008-12-16 12:49:23 ----A---- C:\WINDOWS\system32\HdAShCut.exe
2008-12-16 12:49:22 ----A---- C:\WINDOWS\system32\grpconv.exe
2008-12-16 12:49:22 ----A---- C:\WINDOWS\system32\gpupdate.exe
2008-12-16 12:49:21 ----A---- C:\WINDOWS\system32\gpresult.exe
2008-12-16 12:49:21 ----A---- C:\WINDOWS\system32\getmac.exe
2008-12-16 12:49:20 ----A---- C:\WINDOWS\system32\GetHostIP.exe
2008-12-16 12:49:19 ----A---- C:\WINDOWS\system32\ftp.exe
2008-12-16 12:49:19 ----A---- C:\WINDOWS\system32\fsutil.exe
2008-12-16 12:49:18 ----A---- C:\WINDOWS\system32\fsquirt.exe
2008-12-16 12:49:18 ----A---- C:\WINDOWS\system32\freecell.exe
2008-12-16 12:49:17 ----A---- C:\WINDOWS\system32\forcedos.exe
2008-12-16 12:49:17 ----A---- C:\WINDOWS\system32\fontview.exe
2008-12-16 12:49:16 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-12-16 12:49:16 ----A---- C:\WINDOWS\system32\fixmapi.exe
2008-12-16 12:49:15 ----A---- C:\WINDOWS\system32\finger.exe
2008-12-16 12:49:15 ----A---- C:\WINDOWS\system32\findstr.exe
2008-12-16 12:49:14 ----A---- C:\WINDOWS\system32\find.exe
2008-12-16 12:49:14 ----A---- C:\WINDOWS\system32\fc.exe
2008-12-16 12:49:13 ----A---- C:\WINDOWS\system32\extrac32.exe
2008-12-16 12:49:13 ----A---- C:\WINDOWS\system32\expand.exe
2008-12-16 12:49:12 ----A---- C:\WINDOWS\system32\eventvwr.exe
2008-12-16 12:49:12 ----A---- C:\WINDOWS\system32\eventtriggers.exe
2008-12-16 12:49:11 ----A---- C:\WINDOWS\system32\eventcreate.exe
2008-12-16 12:49:11 ----A---- C:\WINDOWS\system32\eudcedit.exe
2008-12-16 12:49:10 ----A---- C:\WINDOWS\system32\esentutl.exe
2008-12-16 12:49:09 ----A---- C:\WINDOWS\system32\dxdiag.exe
2008-12-16 12:49:08 ----A---- C:\WINDOWS\system32\dwwin.exe
2008-12-16 12:49:07 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2008-12-16 12:49:07 ----A---- C:\WINDOWS\system32\dvdplay.exe
2008-12-16 12:49:06 ----A---- C:\WINDOWS\system32\dumprep.exe
2008-12-16 12:49:06 ----A---- C:\WINDOWS\system32\drwtsn32.exe
2008-12-16 12:49:05 ----A---- C:\WINDOWS\system32\drmupgds.exe
2008-12-16 12:48:59 ----A---- C:\WINDOWS\system32\driverquery.exe
2008-12-16 12:48:59 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2008-12-16 12:48:58 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2008-12-16 12:48:58 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2008-12-16 12:48:57 ----A---- C:\WINDOWS\system32\doskey.exe
2008-12-16 12:48:57 ----A---- C:\WINDOWS\system32\dns-sd.exe
2008-12-16 12:48:56 ----A---- C:\WINDOWS\system32\dmremote.exe
2008-12-16 12:48:56 ----A---- C:\WINDOWS\system32\dmadmin.exe
2008-12-16 12:48:55 ----A---- C:\WINDOWS\system32\dllhst3g.exe
2008-12-16 12:48:55 ----A---- C:\WINDOWS\system32\dllhost.exe
2008-12-16 12:48:29 ----A---- C:\WINDOWS\system32\userinit.exe
2008-12-16 12:48:29 ----A---- C:\WINDOWS\system32\userinit(2).exe
2008-12-16 12:48:29 ----A---- C:\WINDOWS\system32\olduserinit.exe
2008-12-16 12:46:52 ----A---- C:\WINDOWS\system32\oldntkrnlpa.exe
2008-12-16 12:46:52 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-12-16 12:46:52 ----A---- C:\WINDOWS\system32\ntkrnlpa(2).exe
2008-12-16 12:44:15 ----A---- C:\WINDOWS\system32\diskperf.exe
2008-12-16 12:44:15 ----A---- C:\WINDOWS\system32\diskpart.exe
2008-12-16 12:44:14 ----A---- C:\WINDOWS\system32\diantz.exe
2008-12-16 12:44:13 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2008-12-16 12:44:13 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2008-12-16 12:44:12 ----A---- C:\WINDOWS\system32\defrag.exe
2008-12-16 12:44:12 ----A---- C:\WINDOWS\system32\ddeshare.exe
2008-12-16 12:44:11 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-16 12:44:09 ----A---- C:\WINDOWS\system32\ctfmon.exe
2008-12-16 12:44:08 ----A---- C:\WINDOWS\system32\cscript.exe
2008-12-16 12:44:07 ----A---- C:\WINDOWS\system32\convert.exe
2008-12-16 12:44:07 ----A---- C:\WINDOWS\system32\control.exe
2008-12-16 12:44:06 ----A---- C:\WINDOWS\system32\conime.exe
2008-12-16 12:44:04 ----A---- C:\WINDOWS\system32\compact.exe
2008-12-16 12:44:03 ----D---- C:\WINDOWS\system32\Com
2008-12-16 12:44:03 ----A---- C:\WINDOWS\system32\comp.exe
2008-12-16 12:44:02 ----A---- C:\WINDOWS\system32\cmstp.exe
2008-12-16 12:44:01 ----A---- C:\WINDOWS\system32\cmmon32.exe
2008-12-16 12:44:01 ----A---- C:\WINDOWS\system32\cmdl32.exe
2008-12-16 12:44:00 ----A---- C:\WINDOWS\system32\cmd.exe
2008-12-16 12:44:00 ----A---- C:\WINDOWS\system32\clipsrv.exe
2008-12-16 12:43:59 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-16 12:43:59 ----A---- C:\WINDOWS\system32\cliconfg.exe
2008-12-16 12:43:58 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2008-12-16 12:43:58 ----A---- C:\WINDOWS\system32\ckcnv.exe
2008-12-16 12:43:57 ----A---- C:\WINDOWS\system32\cisvc.exe
2008-12-16 12:43:57 ----A---- C:\WINDOWS\system32\cipher.exe
2008-12-16 12:43:56 ----A---- C:\WINDOWS\system32\cidaemon.exe
2008-12-16 12:43:56 ----A---- C:\WINDOWS\system32\chkntfs.exe
2008-12-16 12:43:55 ----A---- C:\WINDOWS\system32\chkdsk.exe
2008-12-16 12:43:55 ----A---- C:\WINDOWS\system32\ChCfg.exe
2008-12-16 12:43:54 ----A---- C:\WINDOWS\system32\charmap.exe
2008-12-16 12:43:51 ----A---- C:\WINDOWS\system32\CapabilityTable.exe
2008-12-16 12:43:51 ----A---- C:\WINDOWS\system32\calc.exe
2008-12-16 12:43:50 ----A---- C:\WINDOWS\system32\cacls.exe
2008-12-16 12:43:50 ----A---- C:\WINDOWS\system32\bootvrfy.exe
2008-12-16 12:43:49 ----A---- C:\WINDOWS\system32\bootok.exe
2008-12-16 12:43:49 ----A---- C:\WINDOWS\system32\bootcfg.exe
2008-12-16 12:43:48 ----A---- C:\WINDOWS\system32\blastcln.exe
2008-12-16 12:43:47 ----A---- C:\WINDOWS\system32\autolfn.exe
2008-12-16 12:43:47 ----A---- C:\WINDOWS\system32\autofmt.exe
2008-12-16 12:43:46 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-12-16 12:43:46 ----A---- C:\WINDOWS\system32\autochk.exe
2008-12-16 12:43:45 ----A---- C:\WINDOWS\system32\auditusr.exe
2008-12-16 12:43:45 ----A---- C:\WINDOWS\system32\attrib.exe
2008-12-16 12:43:44 ----A---- C:\WINDOWS\system32\atmadm.exe
2008-12-16 12:43:44 ----A---- C:\WINDOWS\system32\at.exe
2008-12-16 12:43:43 ----A---- C:\WINDOWS\system32\asr_pfu.exe
2008-12-16 12:43:43 ----A---- C:\WINDOWS\system32\asr_ldm.exe
2008-12-16 12:43:42 ----A---- C:\WINDOWS\system32\asr_fmt.exe
2008-12-16 12:43:42 ----A---- C:\WINDOWS\system32\arp.exe
2008-12-16 12:43:41 ----A---- C:\WINDOWS\system32\alg.exe
2008-12-16 12:43:41 ----A---- C:\WINDOWS\system32\ahui.exe
2008-12-16 12:43:40 ----A---- C:\WINDOWS\system32\actmovie.exe
2008-12-16 12:43:40 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-16 12:43:38 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2008-12-16 12:38:31 ----A---- C:\WINDOWS\SkyTel.exe
2008-12-16 12:38:30 ----A---- C:\WINDOWS\RtlUpd.exe
2008-12-16 12:38:28 ----A---- C:\WINDOWS\RTLCPL.EXE
2008-12-16 12:38:28 ----A---- C:\WINDOWS\RTHDCPL.EXE
2008-12-16 12:38:26 ----A---- C:\WINDOWS\regedit.exe
2008-12-16 12:38:07 ----A---- C:\WINDOWS\NOTEPAD.EXE
2008-12-16 12:38:06 ----D---- C:\WINDOWS\network diagnostic
2008-12-16 12:38:05 ----D---- C:\WINDOWS\mui
2008-12-16 12:38:04 ----D---- C:\WINDOWS\msagent
2008-12-16 12:37:12 ----A---- C:\WINDOWS\MicCal.exe
2008-12-16 12:37:06 ----A---- C:\WINDOWS\IsUninst.exe
2008-12-16 12:35:54 ----HDC---- C:\WINDOWS\ie7
2008-12-16 12:35:51 ----A---- C:\WINDOWS\HideWin.exe
2008-12-16 12:35:51 ----A---- C:\WINDOWS\hh.exe
2008-12-16 12:34:43 ----A---- C:\WINDOWS\ALCWZRD.EXE
2008-12-16 12:34:41 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-12-16 12:34:36 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-12-16 12:34:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-16 12:33:58 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-16 12:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2008-12-16 12:33:44 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2008-12-16 12:33:28 ----HDC---- C:\WINDOWS\$NtUninstallKB925876$
2008-12-16 12:33:20 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2008-12-16 12:33:15 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2008-12-16 12:32:57 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2008-12-16 12:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-12-16 12:32:48 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-12-16 12:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-12-16 12:32:42 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-12-16 12:32:38 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2008-12-16 12:32:31 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-12-16 12:28:26 ----D---- C:\WDM_R181
2008-12-16 12:28:21 ----D---- C:\UPS DRIVERS
2008-12-16 12:22:09 ----D---- C:\Program Files\WinSCP
2008-12-16 12:22:02 ----D---- C:\Program Files\Windows NT
2008-12-16 12:22:00 ----D---- C:\Program Files\Windows Media Player
2008-12-16 12:21:51 ----D---- C:\Program Files\Windows Media Connect 2
2008-12-16 12:21:50 ----D---- C:\Program Files\SystemRequirementsLab
2008-12-16 12:20:56 ----D---- C:\Program Files\QuickTime
2008-12-16 12:20:33 ----D---- C:\Program Files\Outlook Express
2008-12-16 12:20:29 ----D---- C:\Program Files\NetMeeting
2008-12-16 12:20:00 ----D---- C:\Program Files\Movie Maker
2008-12-16 12:19:59 ----D---- C:\Program Files\MiniRingtone
2008-12-16 12:18:18 ----D---- C:\Program Files\Messenger
2008-12-16 12:13:28 ----D---- C:\Program Files\Free PDF to Word Doc Converter
2008-12-16 12:11:54 ----D---- C:\Program Files\Bonjour
2008-12-16 12:09:56 ----D---- C:\monitor
2008-12-15 17:25:15 ----D---- C:\Documents and Settings
2008-12-15 17:21:39 ----A---- C:\WINDOWS\system32\userinit.exe.old.exe
2008-12-15 17:21:39 ----A---- C:\WINDOWS\system32\logonui.exe
2008-12-15 17:21:38 ----A---- C:\WINDOWS\ALCMTR.EXE
2008-12-15 17:21:37 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-12-15 17:21:30 ----A---- C:\WINDOWS\system32\verclsid.exe
2008-12-15 17:21:29 ----A---- C:\WINDOWS\system32\wscntfy.exe
2008-12-15 09:41:28 ----A---- C:\WINDOWS\wstdUPSWSHIP.INI
2008-12-12 12:37:13 ----SD---- C:\Documents and Settings\Tigerdistrict3\Application Data\Microsoft
2008-11-24 09:42:48 ----D---- C:\WINDOWS\Help
2008-11-12 17:03:45 ----D---- C:\WINDOWS\WinSxS
2008-11-03 09:55:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-27 12:25:55 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-27 12:22:01 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-20 09:09:21 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-15 10:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-07 15:19:50 ----D---- C:\UPS
2008-10-03 11:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-30 09:48:08 ----D---- C:\Documents and Settings\Tigerdistrict3\Application Data\Apple Computer
2008-09-26 09:45:30 ----RSD---- C:\WINDOWS\assembly
2008-09-26 09:45:08 ----D---- C:\WINDOWS\system32\DirectX
2008-09-24 09:01:08 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-24 08:52:43 ----D---- C:\WINDOWS\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 RT73;USB Wireless 802.11 b/g Adaptor Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2007-10-01 451968]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S1 dxgthkk;dxgthkk; C:\WINDOWS\System32\drivers\dxgthkk.sys []
S1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-12-17 21419]
S2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
S2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-25 4623872]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-10-04 6854464]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-16 233472]
S2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-16 147456]
S2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe [2008-12-16 9150464]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-16 155648]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-12-16 24576]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-12-16 60928]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2007-12-21 19200]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-12-16 58880]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2008-12-16 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-12-16 434176]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2008-12-16 138240]
S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE [2008-12-16 323584]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2008-12-16 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

-----------------EOF-----------------

 

First, you need to be logged onto the same account you were using in normal mode. Please delete the copy of ComboFix you have and grab a fresh copy from here, saving the file to your desktop. Do not do anything with it yet.

Download this file and save it to the desktop. Double click the file to run it. I'll need to see the contents of the log it opens when complete.

Next highlight and copy the contents of the code box below.

Code:

@echo off
echo.>peek.txt
if exist C:\32788R22FWJFW del /q C:\32788R22FWJFW\*
if exist C:\32788R22FWJFW rmdir C:\32788R22FWJFW
if exist C:\32788R22FWJFW echo C:\32788R22FWJFW remains>>peek.txt
del /q C:\WINDOWS\system32\CF12819.exe
del /q C:\WINDOWS\system32\CF8381.exe
del /q C:\WINDOWS\system32\CF6918.exe
cls
echo Searching ........ please wait
dir %systemroot%\*userinit* /a h /s>>peek.txt
dir %systemroot%\*ntkrnlpa* /a h /s>>peek.txt
dir %systemroot%\erdnt\* /s>>peek.txt
start notepad peek.txt
exit
cls

Click Start>Run and type cmd then hit enter to open a command window. Right click in the command window and select paste. The command window will close on it's own and peek.txt will open. Post it's contents here.

 

What do you mean by this? Where account are you talking about being logged in to? Tigerdistrict3?

 

The same user profile. If that is Tigerdistrict3 in normal mode then select it in safe mode as well. Just didn't want you using the Administrator account at this time.