Inactive Control Panel, Task Manager & Run Prompt has been disabled

[Inactive] Control Panel, Task Manager & Run Prompt has been disabled

The said applications on subject has been disabled suddenly. I've ran the rsit and the result are as follows:

info.txt logfile of random's system information tool 1.05 2009-01-14 15:07:22

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll "
Adobe Acrobat 6.0 Professional-->MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Advantage Ingres [ II ] Enterprise Edition-->C:\WINDOWS\System32\ingwrap.exe C:\WINDOWS\System32\inguninst.exe "C:\IngresII "
AMPS-->MsiExec.exe /X{8CF2CBAB-5DEE-4136-9E53-60D09601D53D}
AMPS-->MsiExec.exe /X{9B12DDD3-F1BE-4FB6-9FD2-308549244609}
AMPS-->MsiExec.exe /X{A0A13FFF-0535-4908-8A1F-39CE8BA815C8}
AMPSSupplyMobileWsSetup-->MsiExec.exe /I{BA0554A1-5401-4D5E-AE5C-DAE5767915C6}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Blue Cube USB Modem -->C:\Program Files\InstallShield Installation Information\{48F464CC-061D-4ED2-A6DF-B4EA5BC31DA7}\setup.exe -runfromtemp -l0x0409
Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Celcom Broadband-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}\setup.exe" -l0x9 -removeonly
Drag'n Drop CD+DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDC146FA-73E0-4FA1-A353-841EA14BF600}\Setup.exe" -l0x9 deleteall
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\Setup.exe" DVD-RAM Driver
FUJIFILM FinePixViewer S Ver.2.1-->C:\Program Files\InstallShield Installation Information\{88B32652-CAE0-4909-A463-5840D2689D93}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Home Media Server 3.4.3.0048-->C:\Program Files\nokia\SimpleCenter\uninstall.exe
Hotfix for Windows XP (KB909394)--> "C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB914440)--> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB915865)--> "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe "
HP LaserJet M1005-->C:\Program Files\Agilent-HP\{9b1fde43-5704-4e79-a363-dc9e6a9faeed}\uninstall.exe SYSTEM "C:\Program Files\Agilent-HP\{9b1fde43-5704-4e79-a363-dc9e6a9faeed} "
HP LaserJet P1000 series-->C:\Program Files\Avago-HP\{0ebefe5b-2fdf-4037-92b4-19c2b9cae468}\uninstall.exe SYSTEMHORNET "C:\Program Files\Avago-HP\{0ebefe5b-2fdf-4037-92b4-19c2b9cae468} "
HP OrderReminder--> "C:\Program Files\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1018
HPSSupply-->MsiExec.exe /X{7902E313-FF0F-4493-ACB1-A8147B78DCD0}
Hummingbird BI Query-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D6F43BD6-0625-11D7-9D89-00010277CEE8}\setup.exe" -l0x9
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
InterVideo WinDVD 4--> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
InterVideo WinDVD Creator 2--> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
MetaTrader - FXOpen 4.00--> "C:\Program Files\MetaTrader - FXOpen\Uninstall.exe" "C:\Program Files\MetaTrader - FXOpen\install.log "
Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Office OneNote 2003-->MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MrvlUsgTracking-->MsiExec.exe /I{02C85EC5-E864-4847-AF55-42730861004C}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
Nokia PC Connectivity Solution-->MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite-->MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
OpenROAD 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8568E000-AE70-11D4-8EE7-00C04F81B484}\Setup.exe" -l0x9 -wa
PA Mobile-->MsiExec.exe /I{8AC9C8D1-62F2-4B8A-80E4-117F560DC274}
PaperPort-->MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
Scan To-->MsiExec.exe /I{9356940C-B360-4EF4-BE6C-BD488350AB17}
Security Update for Step By Step Interactive Training (KB923723)--> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB942615)--> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB944533)--> "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe "
Security Update for Windows Media Player (KB911564)--> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe "
Security Update for Windows Media Player 6.4 (KB925398)--> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe "
Security Update for Windows Media Player 9 (KB917734)--> "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe "
Security Update for Windows Media Player 9 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe "
Security Update for Windows XP (KB893756)--> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896358)--> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896423)--> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896424)--> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896428)--> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe "
Security Update for Windows XP (KB899587)--> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe "
Security Update for Windows XP (KB899591)--> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe "
Security Update for Windows XP (KB900725)--> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe "
Security Update for Windows XP (KB901017)--> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe "
Security Update for Windows XP (KB901190)--> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe "
Security Update for Windows XP (KB901214)--> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe "
Security Update for Windows XP (KB902400)--> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe "
Security Update for Windows XP (KB904706)--> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe "
Security Update for Windows XP (KB905414)--> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe "
Security Update for Windows XP (KB905749)--> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe "
Security Update for Windows XP (KB908519)--> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe "
Security Update for Windows XP (KB911562)--> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe "
Security Update for Windows XP (KB911927)--> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe "
Security Update for Windows XP (KB912919)--> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe "
Security Update for Windows XP (KB913580)--> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe "
Security Update for Windows XP (KB914388)--> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe "
Security Update for Windows XP (KB914389)--> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe "
Security Update for Windows XP (KB917344)--> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe "
Security Update for Windows XP (KB917422)--> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe "
Security Update for Windows XP (KB917537)--> "C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe "
Security Update for Windows XP (KB917953)--> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe "
Security Update for Windows XP (KB918118)--> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe "
Security Update for Windows XP (KB918439)--> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe "
Security Update for Windows XP (KB919007)--> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920213)--> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920670)--> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920683)--> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920685)--> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe "
Security Update for Windows XP (KB921503)--> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe "
Security Update for Windows XP (KB922819)--> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923191)--> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923414)--> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923689)--> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923694)--> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)--> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe "
Security Update for Windows XP (KB924191)--> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe "
Security Update for Windows XP (KB924270)--> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe "
Security Update for Windows XP (KB924496)--> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe "
Security Update for Windows XP (KB924667)--> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe "
Security Update for Windows XP (KB925902)--> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe "
Security Update for Windows XP (KB926255)--> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe "
Security Update for Windows XP (KB926436)--> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe "
Security Update for Windows XP (KB927779)--> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe "
Security Update for Windows XP (KB927802)--> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe "
Security Update for Windows XP (KB928090)--> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe "
Security Update for Windows XP (KB928255)--> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe "
Security Update for Windows XP (KB928843)--> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe "
Security Update for Windows XP (KB929123)--> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe "
Security Update for Windows XP (KB929969)--> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe "
Security Update for Windows XP (KB930178)--> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe "
Security Update for Windows XP (KB931261)--> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe "
Security Update for Windows XP (KB931768)--> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe "
Security Update for Windows XP (KB931784)--> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe "
Security Update for Windows XP (KB932168)--> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe "
Security Update for Windows XP (KB933566)--> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe "
Security Update for Windows XP (KB933729)--> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe "
Security Update for Windows XP (KB935839)--> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe "
Security Update for Windows XP (KB935840)--> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe "
Security Update for Windows XP (KB936021)--> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe "
Security Update for Windows XP (KB937894)--> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938127)--> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938829)--> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe "
Security Update for Windows XP (KB939373)--> "C:\WINDOWS\$NtUninstallKB939373$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941202)--> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941568)--> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941644)--> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe "
Security Update for Windows XP (KB942615)--> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe "
Security Update for Windows XP (KB942830)--> "C:\WINDOWS\$NtUninstallKB942830$\spuninst\spuninst.exe "
Security Update for Windows XP (KB942831)--> "C:\WINDOWS\$NtUninstallKB942831$\spuninst\spuninst.exe "
Security Update for Windows XP (KB943055)--> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe "
Security Update for Windows XP (KB943460)--> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe "
Security Update for Windows XP (KB943485)--> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe "
Security Update for Windows XP (KB944653)--> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946026)--> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe "
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
TextPad 4-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\TextPad 4\Uninst.isu "
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -l0x9
TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Hotkey Utility for Display Devices-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
TOSHIBA PC Diagnostic Tool-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\TOSHIBA\PCDiag\Uninst.isu "
TOSHIBA Power Saver-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c "C:\WINDOWS\System32\TPSDel.dll "
TOSHIBA SD Memory Card Format-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA TouchPad On/Off Utility V2.05.00-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\TOSHIBA\TouchED\Uninst.isu" -c "C:\Program Files\TOSHIBA\TouchED\tpedinst.dll "
TOSHIBA Utilities-->tutildel.exe
Touch and Launch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3470FBE6-B743-420F-B5CE-0D27FA749C16}\Setup.exe"
Update for Windows XP (KB894391)--> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe "
Update for Windows XP (KB898461)--> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe "
Update for Windows XP (KB900485)--> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe "
Update for Windows XP (KB904942)--> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe "
Update for Windows XP (KB908531)--> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe "
Update for Windows XP (KB910437)--> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe "
Update for Windows XP (KB911280)--> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe "
Update for Windows XP (KB916595)--> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe "
Update for Windows XP (KB920872)--> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe "
Update for Windows XP (KB922582)--> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe "
Update for Windows XP (KB927891)--> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe "
Update for Windows XP (KB929338)--> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe "
Update for Windows XP (KB930916)--> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe "
Update for Windows XP (KB931836)--> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe "
Update for Windows XP (KB936357)--> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe "
Update for Windows XP (KB938828)--> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe "
Update for Windows XP (KB942763)--> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe "
Update for Windows XP (KB942840)--> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe "
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
Windows Installer 3.1 (KB893803)--> "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe "
Windows Internet Explorer 7--> "C:\WINDOWS\ie7\spuninst\spuninst.exe "
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859--> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe "
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: MUIR04
Event Code: 64002
Message: File replacement was attempted on the protected system file c:\windows\system32\attrib.exe.
This file was restored to the original version to maintain system stability.
The file version of the system file is 5.1.2600.0.

Record Number: 23074
Source Name: Windows File Protection
Time Written: 20081128084630.000000+480
Event Type: information
User:

Computer Name: MUIR04
Event Code: 64002
Message: File replacement was attempted on the protected system file c:\windows\system32\attrib.exe.
This file was restored to the original version to maintain system stability.
The file version of the system file is 5.1.2600.0.

Record Number: 23073
Source Name: Windows File Protection
Time Written: 20081128084610.000000+480
Event Type: information
User:

Computer Name: MUIR04
Event Code: 64002
Message: File replacement was attempted on the protected system file c:\windows\system32\attrib.exe.
This file was restored to the original version to maintain system stability.
The file version of the system file is 5.1.2600.0.

Record Number: 23072
Source Name: Windows File Protection
Time Written: 20081128084550.000000+480
Event Type: information
User:

Computer Name: MUIR04
Event Code: 64002
Message: File replacement was attempted on the protected system file c:\windows\system32\attrib.exe.
This file was restored to the original version to maintain system stability.
The file version of the system file is 5.1.2600.0.

Record Number: 23071
Source Name: Windows File Protection
Time Written: 20081128084530.000000+480
Event Type: information
User:

Computer Name: MUIR04
Event Code: 64002
Message: File replacement was attempted on the protected system file c:\windows\system32\attrib.exe.
This file was restored to the original version to maintain system stability.
The file version of the system file is 5.1.2600.0.

Record Number: 23070
Source Name: Windows File Protection
Time Written: 20081128084510.000000+480
Event Type: information
User:

Application event log

Computer Name: MUIR04
Event Code: 5000
Message: 'Computer Associates Licensing -2X0E - License Failure. Please run the appropriate license program to properly license your product. LRF=2X0E, bcee81a68e18, DESKTOP, MUIR04, 0'

Record Number: 2050
Source Name: CA_LIC
Time Written: 20080920222253.000000+480
Event Type: error
User:

Computer Name: MUIR04
Event Code: 5000
Message: 'Computer Associates Licensing -2X0E - License Failure. Please run the appropriate license program to properly license your product. LRF=2X0E, 7b6cb3d955fb, DESKTOP, MUIR04, 0'

Record Number: 2049
Source Name: CA_LIC
Time Written: 20080920222018.000000+480
Event Type: error
User:

Computer Name: MUIR04
Event Code: 5000
Message: 'Computer Associates Licensing -2X0E - License Failure. Please run the appropriate license program to properly license your product. LRF=2X0E, 134a7bf3d162, DESKTOP, MUIR04, 0'

Record Number: 2048
Source Name: CA_LIC
Time Written: 20080920222003.000000+480
Event Type: error
User:

Computer Name: MUIR04
Event Code: 5
Message:
Record Number: 2047
Source Name: Active Server Pages
Time Written: 20080920221933.000000+480
Event Type: error
User:

Computer Name: MUIR04
Event Code: 0
Message:
Record Number: 2046
Source Name: ServiceLayer
Time Written: 20080920221613.000000+480
Event Type: information
User:

======Environment variables======

"ADVLOC "=C:\AMPS
"AMPSBIN "=C:\AMPS\Bin\
"AMPSWEB "=http://MUIR04/amps
"BI_ROOT "=C:\Program Files\Hummingbird\BI
"ComSpec "=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK "=NO
"II_DATE_CENTURY_BOUNDARY "=50
"II_DATE_FORMAT "=MULTINATIONAL4
"II_EMBED_SET "=dbmserror
"II_LIBU3GL "=kernel32.dll;user32.dll;introp32.dll;amps32.dll;comlogin.dll;fmmsing.dll;shell32.dll;random.dll;crpe32.dll;crwrap32.dll;sdsscat.dll;sdss_ame.dll;sdss.dll
"II_SYSTEM "=C:\IngresII
"II_W4GLAPPS_DIR "=C:\AMPS\Bin\
"Include "=C:\IngresII\ingres\files
"ING_SET "=set lockmode session where readlock=nolock
"JSERV "=C:\oracle\ora92/Apache/Jserv/conf
"Lib "=C:\IngresII\ingres\lib
"NUMBER_OF_PROCESSORS "=1
"ORACLE_HOME "=C:\ORACLE\ORA92
"OS "=Windows_NT
"OSAGENT_ADDR "=
"OSAGENT_PORT "=
"Path "=C:\oracle\ora92\bin;C:\Program Files\Oracle\jre\1.3.1\bin;C:\Program Files\Oracle\jre\1.1.8\bin;C:\AMPS\Bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\IngresII\ingres\bin;C:\IngresII\ingres\utility;C:\IngresII\ingres\vdba;C:\PROGRA~1\HUMMIN~1\BI\Utility
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_IDENTIFIER "=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_LEVEL "=15
"PROCESSOR_REVISION "=0209
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"windir "=%SystemRoot%
"WV_GATEWAY_CFG "=C:\oracle\ora92\Apache\modplsql\cfg\wdbsvr.app

-----------------EOF-----------------

 

Logfile of random's system information tool 1.05 (written by random/random)
Run by ingres at 2009-01-14 15:07:15
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (8%) free of 38 GB
Total RAM: 1007 MB (36% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\{42547333-B926-4811-92A1-23D29BA630FD}_MUIR04_lovie.job
C:\WINDOWS\tasks\{714B05C5-36DD-4252-B5AE-B3974D6A93C5}_MUIR04_lovie.job
C:\WINDOWS\tasks\{D456A364-F64B-4C42-B6D8-E0DCC27B4F47}_MUIR04_lovie.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-01-14 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-14 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D615BD7D-5ED0-4F29-B8CB-5DC5C1F39AE3}]
IEHelper Class - C:\WINDOWS\system32\EdenUtil.dll [2003-07-17 143431]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-14 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "=C:\WINDOWS\System32\igfxtray.exe [2003-04-06 155648]
"HotKeysCmds "=C:\WINDOWS\System32\hkcmd.exe [2003-04-06 114688]
"00THotkey "=C:\WINDOWS\System32\00THotkey.exe [2003-04-16 258048]
"000StTHK "=C:\WINDOWS\system32\000StTHK.exe [2001-06-24 24576]
"TouchED "=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2003-01-22 126976]
"TFNF5 "=C:\WINDOWS\system32\TFNF5.exe [2003-10-15 73728]
"TPSMain "=C:\WINDOWS\system32\TPSMain.exe [2003-11-20 278528]
"TFncKy "=TFncKy.exe []
"ezShieldProtector for Px "=C:\WINDOWS\System32\ezSP_Px.exe [2002-08-20 40960]
"PadTouch "=C:\Program Files\TOSHIBA\PadTouch\PadExe.exe [2003-11-01 1019904]
"LTSMMSG "=C:\WINDOWS\LTSMMSG.exe [2003-04-19 32768]
"MsmqIntCert "=regsvr32 /s mqrt.dll []
"SSBkgdUpdate "=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD "=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]
"IndexSearch "=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]
"SetDefPrt "=C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe [2005-01-26 49152]
"ControlCenter2.0 "=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2005-05-17 933888]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe [2005-04-13 36975]
"PCSuiteTrayApplication "=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-06-15 229376]
"Adobe Photo Downloader "=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"Drag'n Drop CD+DVD "=C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe [2003-08-09 1175552]
" "= []
"HPUsageTracking "=C:\Program Files\HP\HP UT\bin\hppusg.exe [2007-05-04 36864]
"OrderReminder "=C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [2005-12-21 98304]
"vr64 "=C:\WINDOWS\system32\prnjobt.vbe [2008-12-01 709764]
"SYS1 "=C:\WINDOWS\system32\system.exe []
"SYS2 "=C:\WINDOWS\system32\bad1.exe []
"SYS3 "=C:\WINDOWS\system32\bad2.exe []
"SYS4 "=C:\WINDOWS\system32\bad3.exe []
"Msmsgs "=C:\WINDOWS\system32\Msmsgs.exe [2007-09-18 215456]
"AVG8_TRAY "=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-14 1261336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2003-09-05 65536]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2004-10-14 1694208]
"H/PC Connection Agent "=C:\PROGRA~1\MICROS~3\wcescomm.exe [2005-11-15 1200128]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe
Ingres Visual Manager [ II ].lnk - C:\WINDOWS\system32\ingwrap.exe
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "avgrsstx.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-06 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools "=1
"NoFolderOptions "=0
"DisableTaskMgr "=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1
"DisableTaskMgr "=1
"NoFolderOptions "=0
"DisableRegistryTools "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=91
"NoRun "=1
"NoFind "=1
"NoFolderOptions "=1
"NoFileMenu "=1
"NoSaveSetting "=1
"HideRunAsVerb "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFolderOptions "=
"NoDriveTypeAutoRun "=
"NoRun "=
"NoFind "=
"NoTrayContextMenu "=
"NoSaveSetting "=
"HideRunAsVerb "=
"InternetOpenWith "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\WINDOWS\system32\mqsvc.exe "= "C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing "
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= "C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:Connection Manager "
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application "
"C:\AMPS\ActiveSync_Remote_Display\ASRDisp.exe "= "C:\AMPS\ActiveSync_Remote_Display\ASRDisp.exe:*:Enabled:ASRDisp "
"C:\Program Files\Grisoft\AVG Free\avginet.exe "= "C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe "
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe "= "C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe "
"C:\Program Files\Grisoft\AVG Free\avgcc.exe "= "C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe "
"C:\StubInstaller.exe "= "C:\StubInstaller.exe:*isabled:LimeWire swarmed installer "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\Nokia\SimpleCenter\Home Media Server.exe "= "C:\Program Files\Nokia\SimpleCenter\Home Media Server.exe:*:Enabled:Nokia's Media Manager and Server "
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\IngresII\ingres\bin\iigcc.exe "= "C:\IngresII\ingres\bin\iigcc.exe:*:Enabled:Ingres 2.6/0305 Application "
"C:\Documents and Settings\ingres\Local Settings\Temp\{D6F43BD6-0625-11D7-9D89-00010277CEE8}\bisrvloc.exe "= "C:\Documents and Settings\ingres\Local Settings\Temp\{D6F43BD6-0625-11D7-9D89-00010277CEE8}\bisrvloc.exe:*:Enabled:bisrvloc "
"C:\oracle\ora92\Apache\Apache\Apache.exe "= "C:\oracle\ora92\Apache\Apache\Apache.exe:*:Enabled:Apache "
"C:\Documents and Settings\ingres\Local Settings\Temp\OraInstall2008-07-28_04-25-59PM\jre\bin\javaw.exe "= "C:\Documents and Settings\ingres\Local Settings\Temp\OraInstall2008-07-28_04-25-59PM\jre\bin\javaw.exe:*:Enabled:javaw "
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe "= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "
"C:\temp\ActiveSync_Remote_Display\ASRDisp.exe "= "C:\temp\ActiveSync_Remote_Display\ASRDisp.exe:*:Enabled:ASRDisp "
"C:\Program Files\AVG\AVG8\avgupd.exe "= "C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\WINDOWS\system32\mqsvc.exe "= "C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe "= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= "C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{041554bf-2ba1-11dd-a9a5-00080d7667f9}]
shell\AutoRun\command - tgtighg.cmd
shell\explore\command - tgtighg.cmd
shell\open\command - tgtighg.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f3ae6e0-3c33-11dd-a9c0-00080d7667f9}]
shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f3ae6e1-3c33-11dd-a9c0-00080d7667f9}]
shell\AutoRun\command - D:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20401cfc-8207-11dd-aa27-00080d7667f9}]
shell\AutoRun\command - F:\password_viewer.exe %1
shell\Explore\command - F:\password_viewer.exe %1
shell\Open\command - F:\password_viewer.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49e9b968-4257-11dd-a9d2-00080d7667f9}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
shell\Explore\command - F:\system.exe
shell\Open\command - F:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52c3fc68-9a8d-11dd-aa44-00080d7667f9}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52c3fc69-9a8d-11dd-aa44-00080d7667f9}]
shell\AutoRun\command - D:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59bc1ed4-40f0-11dd-a9ce-00080d7667f9}]
shell\AutoRun\command - yp.bat
shell\explore\command - yp.bat
shell\open\command - yp.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6585f7bc-3079-11dd-a9b0-00080d7667f9}]
shell\Auto\command - project.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL project.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9151ed96-e1cd-11dd-aa9a-00080d7667f9}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
shell\Explore\command - D:\system.exe
shell\Open\command - D:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3a94e04-b13f-11dd-aa67-00080d7667f9}]
shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe
shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec4dfe5c-2593-11dd-a98e-00080d7667f9}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
shell\Explore\command - D:\system.exe
shell\Open\command - D:\system.exe


======List of files/folders created in the last 3 months======

2009-01-14 15:07:16 ----D---- C:\Program Files\trend micro
2009-01-14 15:07:15 ----D---- C:\rsit
2009-01-14 10:04:52 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-01-14 10:04:42 ----D---- C:\Documents and Settings\ingres\Application Data\AVGTOOLBAR
2009-01-14 10:04:32 ----D---- C:\Program Files\AVG
2009-01-14 10:04:32 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-01-14 07:58:29 ----HDC---- C:\WINDOWS\$NtUninstallKB909394$
2009-01-14 07:56:49 ----D---- C:\WINDOWS\Downloaded Installations
2009-01-13 16:31:31 ----SHD---- C:\Config.Msi
2009-01-13 16:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
2008-12-01 12:23:24 ----A---- C:\WINDOWS\system32\bad3.exe
2008-12-01 12:23:15 ----A---- C:\WINDOWS\system32\bad2.exe
2008-12-01 12:23:08 ----A---- C:\WINDOWS\system32\bad1.exe
2008-12-01 12:22:55 ----RASH---- C:\WINDOWS\system32\msmsgs.exe
2008-11-18 17:32:14 ----D---- C:\Program Files\MetaTrader - FXOpen
2008-10-19 13:29:26 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-10-19 13:29:21 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-10-17 15:05:09 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2008-10-15 20:56:19 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt

======List of files/folders modified in the last 3 months======

2009-01-14 15:07:18 ----AD---- C:\WINDOWS\Temp
2009-01-14 15:07:16 ----RD---- C:\Program Files
2009-01-14 15:07:04 ----D---- C:\WINDOWS\Prefetch
2009-01-14 12:29:41 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-14 12:10:32 ----D---- C:\temp
2009-01-14 11:53:53 ----SHD---- C:\WINDOWS\Installer
2009-01-14 11:50:53 ----D---- C:\WINDOWS
2009-01-14 11:41:23 ----D---- C:\WINDOWS\Registration
2009-01-14 11:37:55 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-14 11:37:15 ----D---- C:\WINDOWS\system32
2009-01-14 11:34:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-14 11:12:50 ----D---- C:\WINDOWS\system32\drivers
2009-01-14 11:00:09 ----HD---- C:\WINDOWS\inf
2009-01-14 11:00:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-14 10:33:20 ----D---- C:\athome
2009-01-14 10:04:57 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft
2009-01-14 10:04:08 ----D---- C:\WINDOWS\WinSxS
2009-01-14 10:04:08 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-14 08:10:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-14 07:57:37 ----D---- C:\Program Files\Microsoft ActiveSync
2009-01-14 07:57:31 ----D---- C:\WINDOWS\Help
2009-01-13 16:30:09 ----D---- C:\AMPS
2009-01-13 16:25:22 ----A---- C:\WINDOWS\imsins.BAK
2009-01-10 20:16:20 ----D---- C:\Russlan
2008-12-14 18:11:14 ----D---- C:\WINDOWS\system32\NtmsData
2008-12-10 22:26:08 ----A---- C:\WINDOWS\hdkctnts.ini
2008-12-01 12:15:58 ----SD---- C:\WINDOWS\Tasks
2008-11-15 17:28:10 ----D---- C:\WINDOWS\network diagnostic
2008-10-19 18:35:31 ----SD---- C:\Documents and Settings\ingres\Application Data\Microsoft
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-14 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-14 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2003-10-24 90416]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\System32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 tossmbnt;tossmbnt; C:\WINDOWS\system32\drivers\tossmbnt.sys [2002-04-07 19607]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-23 113504]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-23 78752]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-23 90907]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\System32\drivers\mqac.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\System32\drivers\RMCast.sys []
R3 SMBios;Intel (R) System Managment BIOS Service; C:\WINDOWS\system32\DRIVERS\SMBios.sys [2003-06-18 35012]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-11 578752]
R3 TOSHIBASoftModem;TOSHIBA Software Modem; C:\WINDOWS\System32\DRIVERS\LTSM.sys [2002-09-18 809872]
R3 tsdhd;TOSHIBA SD Card Host Controller Driver; C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2003-05-15 25888]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 amoidatacard;HSDPA USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\amoiusbser.sys [2007-06-27 94336]
S3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys []
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver; C:\WINDOWS\System32\DRIVERS\cben5.sys [2001-08-17 46108]
S3 FVNETusb;Linksys Wireless-B USB Network Adapter v2.8 Driver; C:\WINDOWS\system32\DRIVERS\vnet558x.sys [2003-06-12 98304]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-08-08 101120]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-05-29 127488]
S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2006-05-29 13312]
S3 pciSd;pciSd; C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2003-02-13 15143]
S3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-08-25 10240]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2005-06-14 104576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-14 231704]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2003-09-03 28672]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\System32\DVDRAMSV.exe [2003-05-23 106496]
R2 IISADMIN;IIS Admin; C:\WINDOWS\System32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 Ingres_Database_II;Ingres Intelligent Database [II]; C:\IngresII\ingres\bin\servproc.exe [2003-05-14 24576]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 LogWatch;Event Log Watch; C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\System32\mqtgsvc.exe [2004-08-04 117248]
R2 OracleMTSRecoveryService;OracleMTSRecoveryService; C:\oracle\ora92\bin\omtsreco.exe [2002-04-30 57603]
R2 OracleOraHome92Agent;OracleOraHome92Agent; C:\oracle\ora92\bin\agntsrvc.exe [2002-04-26 28944]
R2 OracleOraHome92TNSListener;OracleOraHome92TNSListener; C:\oracle\ora92\BIN\TNSLSNR []
R2 OracleServiceM04;OracleServiceM04; c:\oracle\ora92\bin\ORACLE.EXE [2002-05-14 29475088]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\System32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-21 45056]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\System32\inetsrv\inetinfo.exe [2004-08-04 15872]
R3 MSMQ;Message Queuing; C:\WINDOWS\System32\mqsvc.exe [2004-08-04 4608]
R3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S3 ADEListener;ADEListener; C:\WINDOWS\System32\ADEListener.exe [2006-04-05 28672]
S3 AMPS Email Processor;AMPS Email Processor; c:\windows\system32\emailprocessor.exe [2007-03-06 45056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 CA_LIC_CLNT;CA License Client; C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
S3 CA_LIC_SRVR;CA License Server; C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
S3 FSDFileWatcher;FSDFileWatcher; c:\windows\system32\fsdfilewatcher.exe [2005-11-07 49152]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache; C:\oracle\ora92\BIN\ONRSD.EXE [2002-04-26 242328]
S3 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer; C:\oracle\ora92\Apache\Apache\apache.exe [2002-04-18 4096]
S3 OracleOraHome92PagingServer;OracleOraHome92PagingServer; C:\oracle\ora92/bin/pagntsrv.exe [2002-08-21 49152]
S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator; C:\oracle\ora92\BIN\ENCSVC.EXE [2002-02-13 187392]
S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent; C:\oracle\ora92\BIN\AGNTSVC.EXE [2002-02-13 254464]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S3 SCAMS_FileWatcher;SCAMS_FileWatcher; C:\WINDOWS\System32\SCAMS_FileWatcher.exe [2007-11-05 69632]

-----------------EOF-----------------

 

You have another flash drive infection. Please download Flash_Disinfector by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

• Plug in your USB flash drive.
• If the flash drive doesn't contain any data you need to keep, please right click it's icon in My Computer and select Format, then allow it to format using the default settings.
• Double-click Flash_Disinfector.exe to run it.
• Follow any prompts that may appear.
• Your desktop will vanish for a while, and then reappear. This is normal.
• Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

Next, download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

 

ComboFix 09-01-13.04 - ingres 2009-01-16 14:55:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1007.486 [GMT 8:00]
Running from: c:\documents and settings\ingres\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\autorun.inf
c:\windows\system32\bad1.exe
c:\windows\system32\bad2.exe
c:\windows\system32\bad3.exe
c:\windows\system32\Cache
c:\windows\system32\msmsgs.exe
E:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.

2009-01-14 16:47 . 2009-01-14 16:48 <DIR> d-------- C:\PDAMobile
2009-01-14 15:07 . 2009-01-14 15:07 <DIR> d-------- C:\rsit
2009-01-14 15:07 . 2009-01-14 15:07 <DIR> d-------- c:\program files\trend micro
2009-01-14 10:33 . 2009-01-14 10:33 <DIR> d--h----- c:\temp\RE PA MOBILE INSTALL_files
2009-01-14 10:33 . 2009-01-14 09:58 783,186 --a------ c:\temp\pda cab files.zip
2009-01-14 10:04 . 2009-01-14 10:50 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-14 10:04 . 2009-01-14 10:04 <DIR> d-------- c:\program files\AVG
2009-01-14 10:04 . 2009-01-14 10:35 <DIR> d-------- c:\documents and settings\ingres\Application Data\AVGTOOLBAR
2009-01-14 10:04 . 2009-01-14 10:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-14 10:04 . 2009-01-14 11:12 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-14 10:04 . 2009-01-14 11:12 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-14 07:56 . 2009-01-14 07:56 <DIR> d-------- c:\windows\Downloaded Installations
2009-01-14 07:56 . 2009-01-14 07:56 <DIR> d-------- c:\temp\ActiveSync_Remote_Display
2009-01-14 07:55 . 2009-01-14 07:55 <DIR> d-------- c:\temp\Activesync

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 02:04 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-01-13 23:57 --------- d-----w c:\program files\Microsoft ActiveSync
2008-12-01 04:23 709,764 --sha-r c:\windows\system32\prnjobt.vbe
2008-12-01 04:23 709,764 --sha-r C:\Mc~.vbe
2008-11-18 09:45 --------- d-----w c:\program files\MetaTrader - FXOpen
2008-10-16 06:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 06:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 06:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 06:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 06:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 06:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 06:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 06:08 34,328 ----a-w c:\windows\system32\wups.dll
1999-11-09 20:43 15,376 ----a-w c:\documents and settings\ingres\nspmcvt.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D615BD7D-5ED0-4F29-B8CB-5DC5C1F39AE3}]
2003-07-17 15:56 143431 -ra------ c:\windows\system32\EdenUtil.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "= "c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-10-14 1694208]
"H/PC Connection Agent "= "c:\progra~1\MICROS~3\wcescomm.exe" [2005-11-15 1200128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\System32\igfxtray.exe" [2003-04-06 155648]
"HotKeysCmds "= "c:\windows\System32\hkcmd.exe" [2003-04-06 114688]
"00THotkey "= "c:\windows\System32\00THotkey.exe" [2003-04-16 12:01 258048]
"TouchED "= "c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-22 126976]
"ezShieldProtector for Px "= "c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"PadTouch "= "c:\program files\TOSHIBA\PadTouch\PadExe.exe" [2003-11-01 1019904]
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD "= "c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch "= "c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt "= "c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0 "= "c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"PCSuiteTrayApplication "= "c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"Drag'n Drop CD+DVD "= "c:\program files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe" [2003-08-09 1175552]
"HPUsageTracking "= "c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"OrderReminder "= "c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-12-21 98304]
"vr64 "= "c:\windows\system32\prnjobt.vbe" [2008-12-01 709764]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-14 1261336]
"000StTHK "= "000StTHK.exe" [2001-06-24 12:28 24576 c:\windows\system32\000StTHK.exe]
"TFNF5 "= "TFNF5.exe" [2003-10-15 c:\windows\system32\TFNF5.exe]
"TPSMain "= "TPSMain.exe" [2003-11-20 c:\windows\system32\TPSMain.exe]
"TFncKy "= "TFncKy.exe" [BU]
"LTSMMSG "= "LTSMMSG.exe" [2003-04-19 c:\windows\ltsmmsg.exe]
"MsmqIntCert "= "mqrt.dll" [2007-07-06 c:\windows\system32\mqrt.dll]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-01-10 303104]
Ingres Visual Manager [ II ].lnk - c:\windows\system32\ingwrap.exe [2003-05-14 19:32:18 20480]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-07 51776]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2003-11-28 155648]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2006-11-11 802816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileMenu "= 1 (0x1)
"NoSaveSetting "= 1 (0x1)
"HideRunAsVerb "= 0 (0x0)
"InternetOpenWith "= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileMenu "= 1 (0x1)
"NoSaveSetting "= 1 (0x1)
"HideRunAsVerb "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM "= mobilev.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\mqsvc.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe "=
"c:\\AMPS\\ActiveSync_Remote_Display\\ASRDisp.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Nokia\\SimpleCenter\\Home Media Server.exe "=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\IngresII\\ingres\\bin\\iigcc.exe "=
"c:\\oracle\\ora92\\Apache\\Apache\\Apache.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\\temp\\ActiveSync_Remote_Display\\ASRDisp.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-14 97928]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-14 231704]
R4 Ingres_Database_II;Ingres Intelligent Database [II];c:\ingresii\ingres\bin\servproc.exe [2003-05-14 19:03:48 24576]
R4 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
R4 OracleServiceM04;OracleServiceM04;c:\oracle\ora92\bin\ORACLE.EXE M04 --> c:\oracle\ora92\bin\ORACLE.EXE M04 [?]
S3 ADEListener;ADEListener;c:\windows\system32\ADEListener.exe [2006-04-05 28672]
S3 amoidatacard;HSDPA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\amoiusbser.sys [2008-06-17 94336]
S3 AMPS Email Processor;AMPS Email Processor;c:\windows\system32\EmailProcessor.exe [2007-03-06 45056]
S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [2003-11-27 46108]
S3 FSDFileWatcher;FSDFileWatcher;c:\windows\system32\FSDFileWatcher.exe [2005-11-07 49152]
S3 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;c:\oracle\ora92\Apache\Apache\Apache.exe [2002-04-18 4096]
S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;c:\oracle\ora92\bin\encsvc.exe [2002-02-13 187392]
S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;c:\oracle\ora92\bin\agntsvc.exe [2002-02-13 254464]
S3 SCAMS_FileWatcher;SCAMS_FileWatcher;c:\windows\system32\SCAMS_FileWatcher.exe [2007-11-05 69632]
S4 OracleOraHome92Agent;OracleOraHome92Agent;c:\oracle\ora92\bin\agntsrvc.exe [2002-04-26 28944]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{041554bf-2ba1-11dd-a9a5-00080d7667f9}]
\Shell\AutoRun\command - tgtighg.cmd
\Shell\explore\Command - tgtighg.cmd
\Shell\open\Command - tgtighg.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f3ae6e0-3c33-11dd-a9c0-00080d7667f9}]
\Shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f3ae6e1-3c33-11dd-a9c0-00080d7667f9}]
\Shell\AutoRun\command - D:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20401cfc-8207-11dd-aa27-00080d7667f9}]
\Shell\AutoRun\command - F:\password_viewer.exe %1
\Shell\Explore\command - F:\password_viewer.exe %1
\Shell\Open\command - F:\password_viewer.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49e9b968-4257-11dd-a9d2-00080d7667f9}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - F:\system.exe
\Shell\Open\command - F:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52c3fc68-9a8d-11dd-aa44-00080d7667f9}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59bc1ed4-40f0-11dd-a9ce-00080d7667f9}]
\Shell\AutoRun\command - yp.bat
\Shell\explore\Command - yp.bat
\Shell\open\Command - yp.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6585f7bc-3079-11dd-a9b0-00080d7667f9}]
\Shell\Auto\command - project.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL project.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9151ed96-e1cd-11dd-aa9a-00080d7667f9}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - D:\system.exe
\Shell\Open\command - D:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3a94e06-b13f-11dd-aa67-00080d7667f9}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - D:\system.exe
\Shell\Open\command - D:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0261014-99bf-11dd-aa42-00080d7667f9}]
\Shell\AutoRun\command - E:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-15 c:\windows\Tasks\At1.job
- c:\docume~1\ingres\LOCALS~1\Temp\Pdg.vbe []

2008-12-15 c:\windows\Tasks\At10.job
- c:\docume~1\ingres\LOCALS~1\Temp\Pdg.vbe []

2008-12-15 c:\windows\Tasks\At11.job
- c:\docume~1\ingres\LOCALS~1\Temp\Pdg.vbe []

2008-12-15 c:\windows\Tasks\At2.job
- c:\docume~1\ingres\LOCALS~1\Temp\Pdg.vbe []

2008-12-15 c:\windows\Tasks\At3.job
- c:\docume~1\ingres\LOCALS~1\Temp\Pdg.vbe []

2008-12-15 c:\windows\Tasks\At4.job
- c:\docume~1\ingres\LOCALS~1\Temp\Pdg.vbe []

2008-12-15 c:\windows\Tasks\At5.job
- c:\docume~1\ingres\LOCALS~1\Temp\Pdg.vbe []

2008-12-15 c:\windows\Tasks\At6.job
- c:\docume~1\ingres\LOCALS~1\Temp\Pdg.vbe []

2008-12-15 c:\windows\Tasks\At7.job
- c:\docume~1\ingres\LOCALS~1\Temp\Pdg.vbe []

2008-12-15 c:\windows\Tasks\At8.job
- c:\docume~1\ingres\LOCALS~1\Temp\Pdg.vbe []

2008-12-15 c:\windows\Tasks\At9.job
- c:\docume~1\ingres\LOCALS~1\Temp\Pdg.vbe []

2009-01-16 c:\windows\Tasks\{42547333-B926-4811-92A1-23D29BA630FD}_MUIR04_lovie.job
- c:\windows\system32\mobsync.exe [2004-08-04 00:56]

2009-01-15 c:\windows\Tasks\{714B05C5-36DD-4252-B5AE-B3974D6A93C5}_MUIR04_lovie.job
- c:\windows\system32\mobsync.exe [2004-08-04 00:56]

2008-11-14 c:\windows\Tasks\{D456A364-F64B-4C42-B6D8-E0DCC27B4F47}_MUIR04_lovie.job
- c:\windows\system32\mobsync.exe [2004-08-04 00:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.utusan.com.my/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: www.grisoft.com
Trusted Zone: *.muir04
TCP: {3F250C7D-CC0E-477F-8312-40059DD3C8E3} = 203.82.64.67 203.82.64.68
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 14:56:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HPUsageTracking = c:\program files\HP\HP UT\bin\hppusg.exe "c:\program files\HP\HP UT\ "?????????????????????????????????????????????8??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92PagingServer]
"ImagePath "= "c:\oracle\ora92/bin/pagntsrv.exe "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92TNSListener]
"ImagePath "= "c:\oracle\ora92\BIN\TNSLSNR "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(496)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(560)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2009-01-16 14:58:18
ComboFix-quarantined-files.txt 2009-01-16 06:58:07

Pre-Run: 3,141,906,432 bytes free
Post-Run: 4,142,518,272 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /forceresetreg /fastdetect /NoExecute=OptIn

252 --- E O F --- 2009-01-13 08:25:22

 

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

http://www.windowsbbs.com/malware-virus-removal/80513-active-control-panel-task-manager-run-prompt-has-been-disabled.html#post438691
Collect::
c:\windows\system32\prnjobt.vbe
C:\Mc~.vbe
File::
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "vr64 "=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{041554bf-2ba1-11dd-a9a5-00080d7667f9}]
[--HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f3ae6e0-3c33-11dd-a9c0-00080d7667f9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f3ae6e1-3c33-11dd-a9c0-00080d7667f9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20401cfc-8207-11dd-aa27-00080d7667f9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49e9b968-4257-11dd-a9d2-00080d7667f9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52c3fc68-9a8d-11dd-aa44-00080d7667f9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59bc1ed4-40f0-11dd-a9ce-00080d7667f9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6585f7bc-3079-11dd-a9b0-00080d7667f9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9151ed96-e1cd-11dd-aa9a-00080d7667f9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3a94e06-b13f-11dd-aa67-00080d7667f9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0261014-99bf-11dd-aa42-00080d7667f9}]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log here.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


Please note that I have instructed CFScript to collect some files. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created. The zip contains the aforementioned files. If the upload fails you will be be presented with instructions for uploading it manually. Please do so. This will assist the author in adding the files for removal in future updates. Thanks!

 

ComboFix 09-01-13.04 - ingres 2009-01-19 16:25:49.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1007.453 [GMT 8:00]
Running from: c:\documents and settings\ingres\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ingres\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\autorun.inf
C:\Mc~.vbe
c:\windows\system32\prnjobt.vbe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
E:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.

2009-01-19 15:30 . 2009-01-19 15:30 1,294 --a------ C:\CF-Submit.htm
2009-01-19 08:08 . 2009-01-19 08:08 <DIR> d-------- c:\windows\LastGood
2009-01-14 16:47 . 2009-01-14 16:48 <DIR> d-------- C:\PDAMobile
2009-01-14 15:07 . 2009-01-14 15:07 <DIR> d-------- C:\rsit
2009-01-14 15:07 . 2009-01-14 15:07 <DIR> d-------- c:\program files\trend micro
2009-01-14 10:33 . 2009-01-14 10:33 <DIR> d--h----- c:\temp\RE PA MOBILE INSTALL_files
2009-01-14 10:33 . 2009-01-14 09:58 783,186 --a------ c:\temp\pda cab files.zip
2009-01-14 10:04 . 2009-01-14 10:50 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-14 10:04 . 2009-01-14 10:04 <DIR> d-------- c:\program files\AVG
2009-01-14 10:04 . 2009-01-14 10:35 <DIR> d-------- c:\documents and settings\ingres\Application Data\AVGTOOLBAR
2009-01-14 10:04 . 2009-01-14 10:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-14 10:04 . 2009-01-14 11:12 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-14 10:04 . 2009-01-14 11:12 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-14 07:56 . 2009-01-14 07:56 <DIR> d-------- c:\windows\Downloaded Installations
2009-01-14 07:56 . 2009-01-14 07:56 <DIR> d-------- c:\temp\ActiveSync_Remote_Display
2009-01-14 07:55 . 2009-01-14 07:55 <DIR> d-------- c:\temp\Activesync

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 02:04 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-01-13 23:57 --------- d-----w c:\program files\Microsoft ActiveSync
1999-11-09 20:43 15,376 ----a-w c:\documents and settings\ingres\nspmcvt.exe
.

((((((((((((((((((((((((((((( snapshot@2009-01-16_14.57.12.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-03 16:56:50 388,608 -c--a-w c:\windows\system32\dllcache\cmd.exe
- 2009-01-16 04:02:27 235,565 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-01-19 00:05:42 235,564 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D615BD7D-5ED0-4F29-B8CB-5DC5C1F39AE3}]
2003-07-17 15:56 143431 -ra------ c:\windows\system32\EdenUtil.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "= "c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-10-14 1694208]
"H/PC Connection Agent "= "c:\progra~1\MICROS~3\wcescomm.exe" [2005-11-15 1200128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\System32\igfxtray.exe" [2003-04-06 155648]
"HotKeysCmds "= "c:\windows\System32\hkcmd.exe" [2003-04-06 114688]
"00THotkey "= "c:\windows\System32\00THotkey.exe" [2003-04-16 12:01 258048]
"TouchED "= "c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-22 126976]
"ezShieldProtector for Px "= "c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"PadTouch "= "c:\program files\TOSHIBA\PadTouch\PadExe.exe" [2003-11-01 1019904]
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD "= "c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch "= "c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt "= "c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0 "= "c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"PCSuiteTrayApplication "= "c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"Drag'n Drop CD+DVD "= "c:\program files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe" [2003-08-09 1175552]
"HPUsageTracking "= "c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"OrderReminder "= "c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-12-21 98304]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-14 1261336]
"000StTHK "= "000StTHK.exe" [2001-06-24 12:28 24576 c:\windows\system32\000StTHK.exe]
"TFNF5 "= "TFNF5.exe" [2003-10-15 c:\windows\system32\TFNF5.exe]
"TPSMain "= "TPSMain.exe" [2003-11-20 c:\windows\system32\TPSMain.exe]
"TFncKy "= "TFncKy.exe" [BU]
"LTSMMSG "= "LTSMMSG.exe" [2003-04-19 c:\windows\ltsmmsg.exe]
"MsmqIntCert "= "mqrt.dll" [2007-07-06 c:\windows\system32\mqrt.dll]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-01-10 303104]
Ingres Visual Manager [ II ].lnk - c:\windows\system32\ingwrap.exe [2003-05-14 19:32:18 20480]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-07 51776]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2003-11-28 155648]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2006-11-11 802816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileMenu "= 1 (0x1)
"NoSaveSetting "= 1 (0x1)
"HideRunAsVerb "= 0 (0x0)
"InternetOpenWith "= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileMenu "= 1 (0x1)
"NoSaveSetting "= 1 (0x1)
"HideRunAsVerb "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM "= mobilev.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\mqsvc.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe "=
"c:\\AMPS\\ActiveSync_Remote_Display\\ASRDisp.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Nokia\\SimpleCenter\\Home Media Server.exe "=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\IngresII\\ingres\\bin\\iigcc.exe "=
"c:\\oracle\\ora92\\Apache\\Apache\\Apache.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\\temp\\ActiveSync_Remote_Display\\ASRDisp.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-14 97928]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-14 231704]
R4 Ingres_Database_II;Ingres Intelligent Database [II];c:\ingresii\ingres\bin\servproc.exe [2003-05-14 19:03:48 24576]
R4 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
R4 OracleServiceM04;OracleServiceM04;c:\oracle\ora92\bin\ORACLE.EXE M04 --> c:\oracle\ora92\bin\ORACLE.EXE M04 [?]
S3 ADEListener;ADEListener;c:\windows\system32\ADEListener.exe [2006-04-05 28672]
S3 amoidatacard;HSDPA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\amoiusbser.sys [2008-06-17 94336]
S3 AMPS Email Processor;AMPS Email Processor;c:\windows\system32\EmailProcessor.exe [2007-03-06 45056]
S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [2003-11-27 46108]
S3 FSDFileWatcher;FSDFileWatcher;c:\windows\system32\FSDFileWatcher.exe [2005-11-07 49152]
S3 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;c:\oracle\ora92\Apache\Apache\Apache.exe [2002-04-18 4096]
S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;c:\oracle\ora92\bin\encsvc.exe [2002-02-13 187392]
S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;c:\oracle\ora92\bin\agntsvc.exe [2002-02-13 254464]
S3 SCAMS_FileWatcher;SCAMS_FileWatcher;c:\windows\system32\SCAMS_FileWatcher.exe [2007-11-05 69632]
S4 OracleOraHome92Agent;OracleOraHome92Agent;c:\oracle\ora92\bin\agntsrvc.exe [2002-04-26 28944]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f3ae6e0-3c33-11dd-a9c0-00080d7667f9}]
\Shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52c3fc69-9a8d-11dd-aa44-00080d7667f9}]
\Shell\AutoRun\command - D:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-19 c:\windows\Tasks\{42547333-B926-4811-92A1-23D29BA630FD}_MUIR04_lovie.job
- c:\windows\system32\mobsync.exe [2004-08-04 00:56]

2009-01-19 c:\windows\Tasks\{714B05C5-36DD-4252-B5AE-B3974D6A93C5}_MUIR04_lovie.job
- c:\windows\system32\mobsync.exe [2004-08-04 00:56]

2009-01-16 c:\windows\Tasks\{D456A364-F64B-4C42-B6D8-E0DCC27B4F47}_MUIR04_lovie.job
- c:\windows\system32\mobsync.exe [2004-08-04 00:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.utusan.com.my/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: www.grisoft.com
Trusted Zone: *.muir04
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 16:26:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

c:\windows\explorer.exe [244] 0x85A3ECD0

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HPUsageTracking = c:\program files\HP\HP UT\bin\hppusg.exe "c:\program files\HP\HP UT\ "?????????????????????????????????????????????8??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92PagingServer]
"ImagePath "= "c:\oracle\ora92/bin/pagntsrv.exe "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92TNSListener]
"ImagePath "= "c:\oracle\ora92\BIN\TNSLSNR "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(496)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(560)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2009-01-19 16:28:15
ComboFix-quarantined-files.txt 2009-01-19 08:28:07
ComboFix2.txt 2009-01-19 07:34:15

Pre-Run: 4,516,438,016 bytes free
Post-Run: 4,506,955,776 bytes free

213 --- E O F --- 2009-01-13 08:25:22

 

Now, my machine back to normal.

FYI, my other machine have a similar problem as well but only the Task Manager has been disabled. Can I do the same steps taken?

 

It appears that the previous file upload might have failed. Were you instructed by ComboFix to double click C:\CF-Submit.htm to complete the upload process, and if so, did you do that? If not, please do so now.

Please download Flash_Disinfector by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

• Plug in your USB flash drive.
• Double-click Flash_Disinfector.exe to run it.
• Follow any prompts that may appear.
• Your desktop will vanish for a while, and then reappear. This is normal.
• Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

Next, disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f3ae6e0-3c33-11dd-a9c0-00080d7667f9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52c3fc69-9a8d-11dd-aa44-00080d7667f9}]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.


We'll tackle the other machine as soon as this one is done.

 

I've submitted the log file to respective website.

The following is the log file after ran the script:

ComboFix 09-01-13.04 - ingres 2009-01-21 12:44:02.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1007.419 [GMT 8:00]
Running from: c:\documents and settings\ingres\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ingres\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 )))))))))))))))))))))))))))))))
.

2009-01-20 16:14 . 2009-01-20 16:31 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-01-19 15:30 . 2009-01-19 15:30 1,294 --a------ C:\CF-Submit.htm
2009-01-19 08:08 . 2008-05-01 22:30 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2009-01-19 08:07 . 2008-06-13 21:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-01-14 16:47 . 2009-01-14 16:48 <DIR> d-------- C:\PDAMobile
2009-01-14 15:07 . 2009-01-14 15:07 <DIR> d-------- C:\rsit
2009-01-14 15:07 . 2009-01-14 15:07 <DIR> d-------- c:\program files\trend micro
2009-01-14 10:33 . 2009-01-14 10:33 <DIR> d--h----- c:\temp\RE PA MOBILE INSTALL_files
2009-01-14 10:33 . 2009-01-14 09:58 783,186 --a------ c:\temp\pda cab files.zip
2009-01-14 10:04 . 2009-01-19 17:30 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-14 10:04 . 2009-01-14 10:04 <DIR> d-------- c:\program files\AVG
2009-01-14 10:04 . 2009-01-14 10:35 <DIR> d-------- c:\documents and settings\ingres\Application Data\AVGTOOLBAR
2009-01-14 10:04 . 2009-01-14 10:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-14 10:04 . 2009-01-14 11:12 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-14 10:04 . 2009-01-14 11:12 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-14 07:56 . 2009-01-14 07:56 <DIR> d-------- c:\windows\Downloaded Installations
2009-01-14 07:56 . 2009-01-14 07:56 <DIR> d-------- c:\temp\ActiveSync_Remote_Display
2009-01-14 07:55 . 2009-01-14 07:55 <DIR> d-------- c:\temp\Activesync

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 02:04 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-01-13 23:57 --------- d-----w c:\program files\Microsoft ActiveSync
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
1999-11-09 20:43 15,376 ----a-w c:\documents and settings\ingres\nspmcvt.exe
.

((((((((((((((((((((((((((((( snapshot@2009-01-16_14.57.12.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-12 23:28:55 765,952 ----a-w c:\windows\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB938127-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB938127-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB938127-IE7\update\updspapi.dll
+ 2008-07-07 20:06:43 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951698\update\updspapi.dll
+ 2006-08-16 12:08:32 100,352 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:36:11 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:36:11 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:46:57 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:46:57 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-06-24 16:28:00 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-08-28 07:52:53 74,752 ----a-w c:\windows\$hf_mig$\KB953155\SP2QFE\msw3prt.dll
+ 2008-08-28 07:52:53 104,960 ----a-w c:\windows\$hf_mig$\KB953155\SP2QFE\win32spl.dll
+ 2008-08-28 07:46:02 74,752 ----a-w c:\windows\$hf_mig$\KB953155\SP3GDR\msw3prt.dll
+ 2008-08-28 07:46:02 104,960 ----a-w c:\windows\$hf_mig$\KB953155\SP3GDR\win32spl.dll
+ 2008-08-28 07:30:20 74,752 ----a-w c:\windows\$hf_mig$\KB953155\SP3QFE\msw3prt.dll
+ 2008-08-28 07:30:20 104,960 ----a-w c:\windows\$hf_mig$\KB953155\SP3QFE\win32spl.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB953155\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB953155\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB953155\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB953155\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB953155\update\updspapi.dll
+ 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:51:04 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll
+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-06-13 13:10:50 272,128 ------w c:\windows\Driver Cache\i386\bthport.sys
- 2006-05-05 09:41:45 453,120 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2007-02-28 09:08:48 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 10:54:10 765,952 -c----w c:\windows\ie7updates\KB938127-IE7\vgx.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2007-07-12 23:31:54 765,952 -c----w c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll
+ 2007-12-07 02:21:45 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2007-12-19 23:01:06 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2007-12-07 02:21:45 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2007-12-07 02:21:45 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2007-12-07 02:21:45 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2007-12-06 11:00:57 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2007-12-07 02:21:45 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2007-12-07 02:21:45 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2007-12-07 02:21:45 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2007-12-07 02:21:45 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2007-12-07 02:21:46 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2007-12-07 02:21:46 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2007-12-07 02:21:46 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2007-12-06 11:01:25 625,664 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2007-12-07 02:21:47 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2007-12-07 02:21:47 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2007-12-07 02:21:47 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2007-12-07 02:21:47 478,208 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2007-12-07 02:21:48 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2007-12-07 02:21:48 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2007-12-07 02:21:48 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-01-11 05:53:32 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:21:48 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2007-12-07 02:21:48 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2007-12-07 02:21:48 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2007-12-07 02:21:48 824,832 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2007-12-08 02:51:48 3,592,192 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
+ 2009-01-20 00:22:01 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2007-12-07 02:21:45 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
- 2007-12-07 02:21:45 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-08-14 09:51:43 138,368 -c----w c:\windows\system32\dllcache\afd.sys
+ 2004-08-03 16:56:50 388,608 -c--a-w c:\windows\system32\dllcache\cmd.exe
- 2006-06-26 17:37:10 148,480 -c----w c:\windows\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 -c--a-w c:\windows\system32\dllcache\dnsapi.dll
- 2007-12-19 23:01:06 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-07-07 20:32:22 253,952 -c----w c:\windows\system32\dllcache\es.dll
- 2007-12-07 02:21:45 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
- 2007-06-19 13:31:19 282,112 -c----w c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-23 13:01:36 283,648 -c----w c:\windows\system32\dllcache\gdi32.dll
- 2007-12-07 02:21:45 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2007-12-06 11:00:57 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
- 2007-12-07 02:21:45 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2007-12-06 04:59:51 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
- 2007-12-07 02:21:45 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2007-12-07 02:21:46 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
- 2007-12-07 02:21:46 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2007-12-06 11:00:58 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2007-12-06 11:01:25 625,664 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2007-08-21 06:15:44 683,520 -c----w c:\windows\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 -c----w c:\windows\system32\dllcache\inetcomm.dll
- 2007-12-07 02:21:47 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-06-09 17:31:06 103,936 -c----w c:\windows\system32\dllcache\logagent.exe
- 2006-05-05 09:41:45 453,120 -c----w c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-06-24 16:23:05 74,240 -c----w c:\windows\system32\dllcache\mscms.dll
- 2007-12-07 02:21:47 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2007-12-07 02:21:47 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-12-08 02:51:48 3,592,192 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2007-12-07 02:21:47 478,208 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2007-12-07 02:21:48 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
- 2007-12-07 02:21:48 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2008-08-28 08:00:38 74,752 -c----w c:\windows\system32\dllcache\msw3prt.dll
+ 2008-06-20 17:41:10 245,248 -c----w c:\windows\system32\dllcache\mswsock.dll
- 2007-06-26 06:08:16 1,104,896 -c----w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 -c----w c:\windows\system32\dllcache\msxml3.dll
- 2006-08-17 12:28:27 332,288 -c----w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 16:57:55 332,800 -c----w c:\windows\system32\dllcache\netapi32.dll
- 2007-02-28 09:08:48 2,136,064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
- 2007-12-07 02:21:48 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2008-01-11 05:53:32 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 -c----w c:\windows\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c----w c:\windows\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c----w c:\windows\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c----w c:\windows\system32\dllcache\rmcast.sys
- 2006-08-14 10:34:41 332,928 -c----w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 11:57:21 333,184 -c----w c:\windows\system32\dllcache\srv.sys
- 2006-08-21 01:52:08 246,814 -c----w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:15:47 247,326 -c----w c:\windows\system32\dllcache\strmdll.dll
- 2007-10-30 17:20:55 360,064 -c----w c:\windows\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w c:\windows\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c----w c:\windows\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w c:\windows\system32\dllcache\tcpip6.sys
- 2007-12-07 02:21:48 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2007-12-07 02:21:48 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2007-08-13 10:54:10 765,952 -c--a-w c:\windows\system32\dllcache\VGX.dll
+ 2008-05-27 17:23:58 765,952 -c--a-w c:\windows\system32\dllcache\vgx.dll
- 2007-12-07 02:21:48 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2007-03-08 13:47:48 1,843,584 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2008-08-28 08:00:38 104,448 -c----w c:\windows\system32\dllcache\win32spl.dll
- 2007-12-07 02:21:48 824,832 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-06-10 10:18:18 1,053,696 -c----w c:\windows\system32\dllcache\WMNetmgr.dll
- 2007-10-27 09:37:38 2,109,440 -c----w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-11-07 10:32:20 2,109,440 -c----w c:\windows\system32\dllcache\WMVCore.dll
- 2006-06-26 17:37:10 148,480 ----a-w c:\windows\system32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w c:\windows\system32\dnsapi.dll
- 2004-08-03 15:14:16 138,496 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys
- 2004-08-03 15:10:38 274,304 ------w c:\windows\system32\drivers\bthport.sys
+ 2008-06-13 13:10:50 272,128 ------w c:\windows\system32\drivers\bthport.sys
- 2006-05-05 09:41:45 453,120 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
- 2006-07-13 08:48:58 202,240 ----a-w c:\windows\system32\drivers\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w c:\windows\system32\drivers\rmcast.sys
- 2007-10-30 17:20:55 360,064 ----a-w c:\windows\system32\drivers\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w c:\windows\system32\drivers\tcpip.sys
- 2006-08-16 09:37:30 225,664 ----a-w c:\windows\system32\drivers\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ----a-w c:\windows\system32\drivers\tcpip6.sys
- 2007-12-19 23:01:06 347,136 ------w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ------w c:\windows\system32\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 ------w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ------w c:\windows\system32\dxtrans.dll
- 2005-07-26 04:39:45 243,200 ----a-w c:\windows\system32\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w c:\windows\system32\es.dll
- 2007-12-07 02:21:45 133,120 ------w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ------w c:\windows\system32\extmgr.dll
- 2008-07-30 00:08:57 200,936 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-20 01:36:58 200,936 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2007-12-07 02:21:45 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
- 2007-12-06 11:00:57 70,656 ------w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ------w c:\windows\system32\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 ------w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ------w c:\windows\system32\ieakeng.dll
- 2007-12-07 02:21:45 230,400 ------w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ------w c:\windows\system32\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ------w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ------w c:\windows\system32\ieakui.dll
- 2007-12-07 02:21:45 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 ------w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ------w c:\windows\system32\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2007-12-07 02:21:46 44,544 ------w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ------w c:\windows\system32\iernonce.dll
- 2007-12-07 02:21:46 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2007-12-06 11:00:58 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2007-08-21 06:15:44 683,520 ----a-w c:\windows\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w c:\windows\system32\inetcomm.dll
- 2009-01-16 04:02:27 235,565 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-01-21 03:11:52 235,570 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
- 2007-12-07 02:21:47 27,648 ------w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ------w c:\windows\system32\jsproxy.dll
- 2004-08-03 16:56:52 103,936 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-09 17:31:06 103,936 ----a-w c:\windows\system32\logagent.exe
- 2005-06-29 01:46:00 74,240 ----a-w c:\windows\system32\mscms.dll
+ 2008-06-24 16:23:05 74,240 ----a-w c:\windows\system32\mscms.dll
- 2007-12-07 02:21:47 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2007-12-07 02:21:47 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2007-12-08 02:51:48 3,592,192 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2007-12-07 02:21:47 478,208 ------w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ------w c:\windows\system32\mshtmled.dll
- 2007-12-07 02:21:48 193,024 ------w c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ------w c:\windows\system32\msrating.dll
- 2007-12-07 02:21:48 671,232 ------w c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ------w c:\windows\system32\mstime.dll
- 2004-08-03 16:56:44 72,704 ----a-w c:\windows\system32\msw3prt.dll
+ 2008-08-28 08:00:38 74,752 ----a-w c:\windows\system32\msw3prt.dll
- 2004-08-03 16:56:46 245,248 ----a-w c:\windows\system32\mswsock.dll
+ 2008-06-20 17:41:10 245,248 ----a-w c:\windows\system32\mswsock.dll
- 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2007-05-08 07:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll
+ 2008-09-30 08:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
- 2006-08-17 12:28:27 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll
- 2007-02-28 08:38:55 2,057,600 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2007-02-28 09:10:57 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe
- 2007-12-07 02:21:48 102,912 ------w c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ------w c:\windows\system32\occache.dll
- 2008-01-11 05:53:32 44,544 ------w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ------w c:\windows\system32\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 ----a-w c:\windows\system32\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w c:\windows\system32\quartz.dll
- 2006-12-10 06:10:02 14,640 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
- 2006-08-21 01:52:08 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:15:47 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2007-11-13 11:31:11 60,416 ------w c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47:07 62,976 ------w c:\windows\system32\tzchange.exe
- 2007-12-07 02:21:48 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
- 2007-12-07 02:21:48 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2007-12-07 02:21:48 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2007-03-08 13:47:48 1,843,584 ----a-w c:\windows\system32\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 ----a-w c:\windows\system32\win32k.sys
- 2004-08-03 16:56:48 101,888 ----a-w c:\windows\system32\win32spl.dll
+ 2008-08-28 08:00:38 104,448 ----a-w c:\windows\system32\win32spl.dll
- 2007-12-07 02:21:48 824,832 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll
- 2004-08-03 16:56:48 1,050,624 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-10 10:18:18 1,053,696 ----a-w c:\windows\system32\WMNetmgr.dll
- 2007-10-27 09:37:38 2,109,440 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-11-07 10:32:20 2,109,440 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-09-30 08:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 08:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D615BD7D-5ED0-4F29-B8CB-5DC5C1F39AE3}]
2003-07-17 15:56 143431 -ra------ c:\windows\system32\EdenUtil.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "= "c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-10-14 1694208]
"H/PC Connection Agent "= "c:\progra~1\MICROS~3\wcescomm.exe" [2005-11-15 1200128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\System32\igfxtray.exe" [2003-04-06 155648]
"HotKeysCmds "= "c:\windows\System32\hkcmd.exe" [2003-04-06 114688]
"00THotkey "= "c:\windows\System32\00THotkey.exe" [2003-04-16 12:01 258048]
"TouchED "= "c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-22 126976]
"ezShieldProtector for Px "= "c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"PadTouch "= "c:\program files\TOSHIBA\PadTouch\PadExe.exe" [2003-11-01 1019904]
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD "= "c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch "= "c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt "= "c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0 "= "c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"PCSuiteTrayApplication "= "c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"Drag'n Drop CD+DVD "= "c:\program files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe" [2003-08-09 1175552]
"HPUsageTracking "= "c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"OrderReminder "= "c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-12-21 98304]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-14 1261336]
"000StTHK "= "000StTHK.exe" [2001-06-24 12:28 24576 c:\windows\system32\000StTHK.exe]
"TFNF5 "= "TFNF5.exe" [2003-10-15 c:\windows\system32\TFNF5.exe]
"TPSMain "= "TPSMain.exe" [2003-11-20 c:\windows\system32\TPSMain.exe]
"TFncKy "= "TFncKy.exe" [BU]
"LTSMMSG "= "LTSMMSG.exe" [2003-04-19 c:\windows\ltsmmsg.exe]
"MsmqIntCert "= "mqrt.dll" [2007-07-06 c:\windows\system32\mqrt.dll]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-01-10 303104]
Ingres Visual Manager [ II ].lnk - c:\windows\system32\ingwrap.exe [2003-05-14 19:32:18 20480]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-07 51776]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2003-11-28 155648]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2006-11-11 802816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileMenu "= 1 (0x1)
"NoSaveSetting "= 1 (0x1)
"HideRunAsVerb "= 0 (0x0)
"InternetOpenWith "= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileMenu "= 1 (0x1)
"NoSaveSetting "= 1 (0x1)
"HideRunAsVerb "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM "= mobilev.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\mqsvc.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe "=
"c:\\AMPS\\ActiveSync_Remote_Display\\ASRDisp.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Nokia\\SimpleCenter\\Home Media Server.exe "=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\IngresII\\ingres\\bin\\iigcc.exe "=
"c:\\oracle\\ora92\\Apache\\Apache\\Apache.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\\temp\\ActiveSync_Remote_Display\\ASRDisp.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-14 97928]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-14 231704]
R4 Ingres_Database_II;Ingres Intelligent Database [II];c:\ingresii\ingres\bin\servproc.exe [2003-05-14 19:03:48 24576]
R4 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
R4 OracleServiceM04;OracleServiceM04;c:\oracle\ora92\bin\ORACLE.EXE M04 --> c:\oracle\ora92\bin\ORACLE.EXE M04 [?]
S3 ADEListener;ADEListener;c:\windows\system32\ADEListener.exe [2006-04-05 28672]
S3 amoidatacard;HSDPA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\amoiusbser.sys [2008-06-17 94336]
S3 AMPS Email Processor;AMPS Email Processor;c:\windows\system32\EmailProcessor.exe [2007-03-06 45056]
S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [2003-11-27 46108]
S3 FSDFileWatcher;FSDFileWatcher;c:\windows\system32\FSDFileWatcher.exe [2005-11-07 49152]
S3 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;c:\oracle\ora92\Apache\Apache\Apache.exe [2002-04-18 4096]
S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;c:\oracle\ora92\bin\encsvc.exe [2002-02-13 187392]
S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;c:\oracle\ora92\bin\agntsvc.exe [2002-02-13 254464]
S3 SCAMS_FileWatcher;SCAMS_FileWatcher;c:\windows\system32\SCAMS_FileWatcher.exe [2007-11-05 69632]
S4 OracleOraHome92Agent;OracleOraHome92Agent;c:\oracle\ora92\bin\agntsrvc.exe [2002-04-26 28944]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f3ae6e0-3c33-11dd-a9c0-00080d7667f9}]
\Shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52c3fc69-9a8d-11dd-aa44-00080d7667f9}]
\Shell\AutoRun\command - D:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-21 c:\windows\Tasks\{42547333-B926-4811-92A1-23D29BA630FD}_MUIR04_lovie.job
- c:\windows\system32\mobsync.exe [2004-08-04 00:56]

2009-01-19 c:\windows\Tasks\{714B05C5-36DD-4252-B5AE-B3974D6A93C5}_MUIR04_lovie.job
- c:\windows\system32\mobsync.exe [2004-08-04 00:56]

2009-01-16 c:\windows\Tasks\{D456A364-F64B-4C42-B6D8-E0DCC27B4F47}_MUIR04_lovie.job
- c:\windows\system32\mobsync.exe [2004-08-04 00:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.utusan.com.my/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: www.grisoft.com
Trusted Zone: *.muir04
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-21 12:46:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HPUsageTracking = c:\program files\HP\HP UT\bin\hppusg.exe "c:\program files\HP\HP UT\ "?????????????????????????????????????????????8??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92PagingServer]
"ImagePath "= "c:\oracle\ora92/bin/pagntsrv.exe "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92TNSListener]
"ImagePath "= "c:\oracle\ora92\BIN\TNSLSNR "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(576)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2009-01-21 12:48:42
ComboFix-quarantined-files.txt 2009-01-21 04:48:30
ComboFix2.txt 2009-01-19 08:28:17
ComboFix3.txt 2009-01-19 07:34:15

Pre-Run: 3,601,145,856 bytes free
Post-Run: 3,601,653,760 bytes free

532 --- E O F --- 2009-01-20 08:48:31

 

Did you run Flash_Disinfector prior to running ComboFix this last round? What are drives D: and E: on your computer?

 

Owh sorry my mistake i missed that step prior to run the ComboFix. This machine is actually belong to my friend and I'm the one who did followed your guidance in order to get his machine fixed.

Do I need to run the Flash_Disinfector and run ComboFix again? Because my friend want to quit the treatment once seeing everything are back to normal.

 

Yes, please repeat everything in that post, starting with Flash_Disinfector. Let your friend know that it would be silly to stop the disinfection process without confirming the machine is clean first. The lack of symptoms which brought you here does not mean the computer is free of infections.

 

Understood and told my friend already but he insisted to repeat the process by himself later on since he's working on his machine busily. Anyway thank you for your time and assistance, I appreciate it so much.

So can we just continue with my machine then?

 

OK. Let your friend know also that failing to complete the cleanup procedure also leaves his machine more susceptible to re-infection.

Please start a new topic for your laptop with logs from DDS