1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Several Viruses... Better now?

Discussion in 'Malware and Virus Removal Archive' started by HerbyJr, 2008/10/19.

  1. 2008/10/19
    HerbyJr

    HerbyJr Inactive Thread Starter

    Joined:
    2008/10/19
    Messages:
    18
    Likes Received:
    0
    [Resolved] Several Viruses... Better now?

    Hello,
    My computer obtained what I believe to be several viruses that were bringing up ad-pop-ups and stopping me from enabling my Automatic Updates. I purchased Trend Micro's Internet Security due to my previous experience with PC-CILLIN. I scanned the system several times, but was still having multiple troubles. Each time I'd scan, there'd be more spy-cookies, but no viruses to speak of.

    I found your BBS here and started reading through the posts. After reading several, I decided to run Malwarebytes' Anti-Malware (MBAM) which had been suggested to so many others in different threads. I updated, then ran a full scan and came up with this log:

    Malwarebytes' Anti-Malware 1.29
    Database version: 1290
    Windows 5.1.2600 Service Pack 3

    10/19/2008 6:22:15 PM
    mbam-log-2008-10-19 (18-22-15).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 180208
    Time elapsed: 1 hour(s), 1 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 2
    Registry Keys Infected: 10
    Registry Values Infected: 1
    Registry Data Items Infected: 2
    Folders Infected: 12
    Files Infected: 47

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\fccaBsqO.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\byXnNFuT.dll (Trojan.Vundo.H) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24c1ea9c-6f9b-4bf3-8872-bb0f9e5c0105} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxnnfut (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{24c1ea9c-6f9b-4bf3-8872-bb0f9e5c0105} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97c1449c-08ee-4d8e-b430-4901773cdf27} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{97c1449c-08ee-4d8e-b430-4901773cdf27} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{24c1ea9c-6f9b-4bf3-8872-bb0f9e5c0105} (Trojan.Vundo.H) -> Delete on reboot.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Security Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccabsqo -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccabsqo -> Delete on reboot.

    Folders Infected:
    C:\Program Files\iWon (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\1.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Cache (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\History (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Settings (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\1.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\system32\byXnNFuT.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\fccaBsqO.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\OqsBaccf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\OqsBaccf.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\opnolLbA.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\1.bin\IWONPLUGIN0PROXY.CLASS (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Cache\009F8567 (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Cache\009F8D08 (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Cache\009F8F69.bmp (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Cache\009F9322.bmp (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Cache\009F9526.bmp (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Cache\009F96CC.bmp (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Cache\009F98B0.bmp (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Cache\009F9A66.bmp (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Cache\009F9C2B.bmp (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Cache\files.ini (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\History\search (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Settings\prevcfg.htm (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\PM3.ico (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\1.bin\PM3.ICO (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\1.bin\UNINSTALL.INF (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\009F6BC4 (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\009F6DD7.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\009F7058.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\009F72D9.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\009F754A.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\009F77BB.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\009F7A2C.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\009F7C9D.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\009F7F0E.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\009F817F.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\009F83FF.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\009F8799.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\009F8B04.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\009F8F4A.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\009F93AF.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\009F96DB.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\009F9A75.wav (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\009F9DFF.wav (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\009FA11C.wav (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\009FA591.wav (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\files.ini (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiSpyware 2007\pv.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.



    I received a message saying that some files could not be deleted, and I needed to reboot, which I did. Then, I ran a Quick-Scan to confirm that the system was clean, and here's the log:

    Malwarebytes' Anti-Malware 1.29
    Database version: 1290
    Windows 5.1.2600 Service Pack 3

    10/19/2008 6:33:10 PM
    mbam-log-2008-10-19 (18-33-10).txt

    Scan type: Quick Scan
    Objects scanned: 57606
    Time elapsed: 4 minute(s), 11 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Here's my question, based on the log above, am I clean now? Based on my previous readings, should I now do a Combofix.exe? Do you need to see a HighJack This logfile?

    Thanks in advance. Any info would be greatly appreciated.


    H.
     
    HerbyJr,
    #1
  2. 2008/10/19
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi HerbyJr
    Welcome to WindowsBBS

    Good job on running MBAM.

    Combofix is a very powerful tool and should only be used when asked to do so and then under supervision.
    Used incorrectly it could do harm to your system.

    Please do the following.

    • Download RSIT by random/random and save it to your desktop.
    • Double click RSIT.exe to start the tool.
    • At the disclaimer, please use the drop down box to select 3 months for the file/folder search, then click Continue.
    • If prompted by your firewall to allow RSIT to access the internet, please allow it. It will be updating yourr version of HijackThis.
    • When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
    • Please post the contents of log.txt here in your next reply.

    Thanks
    Geri
     
    Geri,
    #2


  3. to hide this advert.

  4. 2008/10/19
    HerbyJr

    HerbyJr Inactive Thread Starter

    Joined:
    2008/10/19
    Messages:
    18
    Likes Received:
    0
    Here you go and thank you very much for getting back with me.

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by HP_Administrator at 2008-10-19 23:45:06
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 137 GB (75%) free of 184 GB
    Total RAM: 1023 MB (77% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:45:23 PM, on 10/19/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\Documents and Settings\HP_Administrator\My Documents\PCC\RSIT.exe
    C:\Program Files\trend micro\HP_Administrator.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
    O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

    --
    End of file - 9113 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-09-07 2133056]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-18 737776]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304]

    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-09-07 2133056]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "ehTray "=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
    "hpsysdrv "=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
    "Recguard "=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
    "KBD "=C:\HP\KBD\KBD.EXE []
    "ISUSPM Startup "=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-09-11 218032]
    "AGRSMMSG "=C:\WINDOWS\AGRSMMSG.exe [2005-03-04 88209]
    "SoundMan "=C:\WINDOWS\SOUNDMAN.EXE [2005-04-06 90112]
    "AlcWzrd "=C:\WINDOWS\ALCWZRD.EXE [2005-04-06 2805248]
    "Alcmtr "=C:\WINDOWS\ALCMTR.EXE [2005-04-12 65536]
    "HP Software Update "=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
    "HPHmon06 "=C:\WINDOWS\system32\hphmon06.exe [2004-06-07 659456]
    "PS2 "=C:\WINDOWS\system32\ps2.exe []
    "BrMfcWnd "=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-06-28 622592]
    "SetDefPrt "=C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe [2005-01-26 49152]
    "ControlCenter3 "=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2006-06-29 77824]
    "QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2007-11-15 286720]
    "iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2007-11-15 267048]
    "Carbonite Backup "=C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [2008-06-13 600000]
    "UfSeAgnt.exe "=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-07-30 970808]
    "SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-16 68856]
    "ISUSPM "=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
    "OE "=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2008-07-30 497008]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    C:\WINDOWS\AGRSMMSG.exe [2005-03-04 88209]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    C:\WINDOWS\ALCMTR.EXE [2005-04-12 65536]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
    C:\WINDOWS\ALCWZRD.EXE [2005-04-06 2805248]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-26 339968]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
    C:\WINDOWS\system32\hphmon06.exe [2004-06-07 659456]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
    c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [2004-06-07 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2007-11-15 267048]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
    C:\Windows\Creator\Remind_XP.exe [2003-12-18 118784]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    C:\WINDOWS\SOUNDMAN.EXE [2005-04-06 90112]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2004-09-03 32881]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-09-20 185784]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-05-29 241664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2004-09-01 86016]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxsrvc.dll [2004-08-03 344064]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages "=msv1_0
    nwprovau

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1
    "InstallVisualStyle "=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme "=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun "=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe "= "C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion "
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe "= "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink "
    "C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE "= "C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE:*:Enabled:FRONTPG "
    "C:\Program Files\Starcraft\StarCraft.exe "= "C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "
    "C:\Westwood\RA2\patchget.dat "= "C:\Westwood\RA2\patchget.dat:*:Enabled:patchgrabber "
    "C:\Program Files\uTorrent\utorrent.exe "= "C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent "
    "C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe "= "C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader "
    "C:\WINDOWS\system32\dplaysvr.exe "= "C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper "
    "C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
    "C:\Program Files\Microsoft Games\Rise of Nations\rise.exe "= "C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%ProgramFiles%\iTunes\iTunes.exe "= "%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes "
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ebc1142-7ea1-11dc-ac48-00112f7c1727}]
    shell\AutoRun\command - G:\autorun.exe


    ======List of files/folders created in the last 3 months======

    2008-10-19 23:45:06 ----D---- C:\rsit
    2008-10-19 19:03:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2008-10-19 19:03:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
    2008-10-19 19:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
    2008-10-19 18:59:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
    2008-10-19 18:58:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
    2008-10-19 18:55:46 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
    2008-10-19 17:08:39 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
    2008-10-19 17:08:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-19 17:08:23 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-19 01:22:48 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-10-19 01:22:48 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-10-19 01:22:48 ----A---- C:\WINDOWS\system32\java.exe
    2008-10-19 00:08:41 ----A---- C:\WINDOWS\ntbtlog.txt
    2008-10-18 20:10:54 ----D---- C:\Documents and Settings\All Users\Application Data\Trend Micro
    2008-10-18 20:08:39 ----D---- C:\Program Files\Trend Micro(TM) Internet Security
    2008-10-18 19:39:56 ----A---- C:\WINDOWS\system32\jhubdvxh.dll
    2008-10-09 00:28:40 ----A---- C:\WINDOWS\system32\4b2d8be0-.txt
    2008-09-29 10:22:10 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Download Manager
    2008-09-29 08:19:01 ----D---- C:\Program Files\Garmin GPS Plugin
    2008-09-13 13:09:34 ----D---- C:\c44e1005abe4f590b3ac40e68c
    2008-09-13 13:07:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
    2008-09-04 22:38:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
    2008-09-04 07:26:55 ----D---- C:\WINDOWS\Prefetch
    2008-09-03 18:43:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2008-09-03 18:43:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2008-09-03 18:43:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
    2008-09-03 18:43:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2008-09-03 18:43:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2008-09-03 18:43:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
    2008-09-03 18:42:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2008-09-03 18:42:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2008-09-03 18:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2008-09-03 18:42:25 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2008-09-03 18:35:49 ----D---- C:\WINDOWS\system32\scripting
    2008-09-03 18:35:48 ----D---- C:\WINDOWS\l2schemas
    2008-09-03 18:35:47 ----D---- C:\WINDOWS\system32\bits
    2008-09-03 18:32:43 ----D---- C:\WINDOWS\ServicePackFiles
    2008-09-03 18:24:57 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
    2008-09-03 17:25:19 ----A---- C:\WINDOWS\system32\wmphoto.dll
    2008-09-03 17:25:17 ----A---- C:\WINDOWS\system32\wlanapi.dll
    2008-09-03 17:25:13 ----A---- C:\WINDOWS\system32\windowscodecsext.dll
    2008-09-03 17:25:13 ----A---- C:\WINDOWS\system32\windowscodecs.dll
    2008-09-03 17:25:00 ----A---- C:\WINDOWS\system32\tspkg.dll
    2008-09-03 17:24:59 ----A---- C:\WINDOWS\system32\tsgqec.dll
    2008-09-03 17:24:45 ----A---- C:\WINDOWS\system32\spupdwxp.exe
    2008-09-03 17:24:41 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
    2008-09-03 17:24:40 ----N---- C:\WINDOWS\slrundll.exe
    2008-09-03 17:24:40 ----A---- C:\WINDOWS\system32\slserv.exe
    2008-09-03 17:24:40 ----A---- C:\WINDOWS\system32\slrundll.exe
    2008-09-03 17:24:39 ----A---- C:\WINDOWS\system32\slgen.dll
    2008-09-03 17:24:39 ----A---- C:\WINDOWS\system32\slextspk.dll
    2008-09-03 17:24:39 ----A---- C:\WINDOWS\system32\slcoinst.dll
    2008-09-03 17:24:34 ----A---- C:\WINDOWS\system32\setupn.exe
    2008-09-03 17:24:28 ----A---- C:\WINDOWS\system32\s3gnb.dll
    2008-09-03 17:24:27 ----A---- C:\WINDOWS\system32\rhttpaa.dll
    2008-09-03 17:24:25 ----A---- C:\WINDOWS\system32\rasqec.dll
    2008-09-03 17:24:24 ----A---- C:\WINDOWS\system32\qutil.dll
    2008-09-03 17:24:21 ----A---- C:\WINDOWS\system32\qcliprov.dll
    2008-09-03 17:24:21 ----A---- C:\WINDOWS\system32\qagentrt.dll
    2008-09-03 17:24:21 ----A---- C:\WINDOWS\system32\qagent.dll
    2008-09-03 17:24:19 ----A---- C:\WINDOWS\system32\photometadatahandler.dll
    2008-09-03 17:24:14 ----A---- C:\WINDOWS\system32\onex.dll
    2008-09-03 17:23:58 ----A---- C:\WINDOWS\system32\napstat.exe
    2008-09-03 17:23:58 ----A---- C:\WINDOWS\system32\napmontr.dll
    2008-09-03 17:23:58 ----A---- C:\WINDOWS\system32\napipsec.dll
    2008-09-03 17:23:57 ----A---- C:\WINDOWS\system32\mtxparhd.dll
    2008-09-03 17:23:52 ----A---- C:\WINDOWS\system32\msshavmsg.dll
    2008-09-03 17:23:52 ----A---- C:\WINDOWS\system32\mssha.dll
    2008-09-03 17:23:26 ----A---- C:\WINDOWS\system32\mmcperf.exe
    2008-09-03 17:23:26 ----A---- C:\WINDOWS\system32\mmcfxcommon.dll
    2008-09-03 17:23:25 ----A---- C:\WINDOWS\system32\mmcex.dll
    2008-09-03 17:23:25 ----A---- C:\WINDOWS\system32\microsoft.managementconsole.dll
    2008-09-03 17:23:20 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
    2008-09-03 17:23:06 ----A---- C:\WINDOWS\system32\l2gpstore.dll
    2008-09-03 17:23:06 ----A---- C:\WINDOWS\system32\kmsvc.dll
    2008-09-03 17:23:05 ----A---- C:\WINDOWS\system32\kbdpash.dll
    2008-09-03 17:23:05 ----A---- C:\WINDOWS\system32\kbdnepr.dll
    2008-09-03 17:23:05 ----A---- C:\WINDOWS\system32\kbdiultn.dll
    2008-09-03 17:23:05 ----A---- C:\WINDOWS\system32\kbdbhc.dll
    2008-09-03 17:22:50 ----A---- C:\WINDOWS\system32\comsdupd.exe
    2008-09-03 17:22:45 ----A---- C:\WINDOWS\system32\hsfcisp2.dll
    2008-09-03 17:22:39 ----A---- C:\WINDOWS\system32\faxpatch.exe
    2008-09-03 17:22:39 ----A---- C:\WINDOWS\003273_.tmp
    2008-09-03 17:22:37 ----A---- C:\WINDOWS\system32\eapsvc.dll
    2008-09-03 17:22:37 ----A---- C:\WINDOWS\system32\eapqec.dll
    2008-09-03 17:22:37 ----A---- C:\WINDOWS\system32\eappprxy.dll
    2008-09-03 17:22:37 ----A---- C:\WINDOWS\system32\eapphost.dll
    2008-09-03 17:22:37 ----A---- C:\WINDOWS\system32\eappgnui.dll
    2008-09-03 17:22:37 ----A---- C:\WINDOWS\system32\eappcfg.dll
    2008-09-03 17:22:37 ----A---- C:\WINDOWS\system32\eapp3hst.dll
    2008-09-03 17:22:37 ----A---- C:\WINDOWS\system32\eapolqec.dll
    2008-09-03 17:22:34 ----A---- C:\WINDOWS\system32\dot3ui.dll
    2008-09-03 17:22:34 ----A---- C:\WINDOWS\system32\dot3svc.dll
    2008-09-03 17:22:34 ----A---- C:\WINDOWS\system32\dot3msm.dll
    2008-09-03 17:22:34 ----A---- C:\WINDOWS\system32\dot3gpclnt.dll
    2008-09-03 17:22:34 ----A---- C:\WINDOWS\system32\dot3dlg.dll
    2008-09-03 17:22:34 ----A---- C:\WINDOWS\system32\dot3cfg.dll
    2008-09-03 17:22:34 ----A---- C:\WINDOWS\system32\dot3api.dll
    2008-09-03 17:22:34 ----A---- C:\WINDOWS\system32\dimsroam.dll
    2008-09-03 17:22:34 ----A---- C:\WINDOWS\system32\dimsntfy.dll
    2008-09-03 17:22:33 ----A---- C:\WINDOWS\system32\dhcpqec.dll
    2008-09-03 17:22:30 ----A---- C:\WINDOWS\system32\credssp.dll
    2008-09-03 17:22:24 ----A---- C:\WINDOWS\system32\bitsprx4.dll
    2008-09-03 17:22:24 ----A---- C:\WINDOWS\system32\azroles.dll
    2008-09-03 17:22:23 ----A---- C:\WINDOWS\system32\ativtmxx.dll
    2008-09-03 17:22:23 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
    2008-09-03 17:22:21 ----A---- C:\WINDOWS\system32\ati2dvaa.dll
    2008-09-03 17:22:15 ----A---- C:\WINDOWS\system32\aaclient.dll
    2008-08-14 17:46:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
    2008-08-14 17:46:23 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
    2008-08-14 17:46:16 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
    2008-08-14 17:46:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
    2008-08-14 17:44:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
    2008-08-14 17:44:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
    2008-08-14 17:43:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
    2008-08-07 20:34:50 ----D---- C:\WINDOWS\system32\Adobe
    2008-07-25 08:43:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$

    ======List of files/folders modified in the last 3 months======

    2008-10-19 23:45:23 ----D---- C:\Program Files\Trend Micro
    2008-10-19 23:42:22 ----D---- C:\WINDOWS\Temp
    2008-10-19 19:10:34 ----D---- C:\WINDOWS\system32\inetsrv
    2008-10-19 19:07:28 ----D---- C:\WINDOWS\Registration
    2008-10-19 19:07:21 ----D---- C:\WINDOWS
    2008-10-19 19:06:50 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-10-19 19:06:07 ----D---- C:\WINDOWS\system32
    2008-10-19 19:06:07 ----D---- C:\Program Files\Internet Explorer
    2008-10-19 19:05:10 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-10-19 19:04:00 ----HD---- C:\WINDOWS\inf
    2008-10-19 19:03:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-10-19 19:03:57 ----D---- C:\WINDOWS\system32\drivers
    2008-10-19 19:03:51 ----HD---- C:\WINDOWS\$hf_mig$
    2008-10-19 19:03:47 ----A---- C:\WINDOWS\imsins.BAK
    2008-10-19 19:02:53 ----D---- C:\WINDOWS\ie7updates
    2008-10-19 19:02:35 ----SHD---- C:\WINDOWS\Installer
    2008-10-19 19:02:34 ----HD---- C:\Config.Msi
    2008-10-19 19:02:09 ----A---- C:\WINDOWS\win.ini
    2008-10-19 18:22:15 ----RD---- C:\Program Files
    2008-10-19 16:59:22 ----D---- C:\Python22
    2008-10-19 16:53:32 ----D---- C:\WINDOWS\system32\appmgmt
    2008-10-19 16:53:01 ----D---- C:\Program Files\Windows Media Player
    2008-10-19 16:48:32 ----D---- C:\Palm
    2008-10-19 16:48:31 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-10-19 16:47:34 ----RSD---- C:\WINDOWS\Fonts
    2008-10-19 16:45:42 ----D---- C:\Westwood
    2008-10-19 16:40:51 ----SHD---- C:\System Volume Information
    2008-10-19 01:22:37 ----D---- C:\Program Files\Java
    2008-10-19 00:48:10 ----D---- C:\WINDOWS\system32\Restore
    2008-10-19 00:44:50 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-10-19 00:38:38 ----A---- C:\WINDOWS\Spiderman.INI
    2008-10-19 00:30:22 ----D---- C:\Program Files\Viewpoint
    2008-10-19 00:30:22 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
    2008-10-18 19:35:14 ----D---- C:\WINDOWS\system32\config
    2008-10-18 19:34:56 ----D---- C:\WINDOWS\system32\wbem
    2008-10-08 19:06:55 ----D---- C:\WINDOWS\system32\NtmsData
    2008-10-07 14:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
    2008-09-29 16:20:07 ----D---- C:\Garmin
    2008-09-26 08:42:28 ----D---- C:\WINDOWS\system32\FxsTmp
    2008-09-13 13:07:34 ----D---- C:\WINDOWS\WinSxS
    2008-09-07 21:32:24 ----D---- C:\Program Files\Google
    2008-09-07 21:31:05 ----D---- C:\Documents and Settings\All Users\Application Data\Google
    2008-09-04 07:30:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-09-04 07:28:50 ----A---- C:\WINDOWS\OEWABLog.txt
    2008-09-04 07:28:02 ----A---- C:\WINDOWS\setuplog.txt
    2008-09-04 07:26:15 ----D---- C:\WINDOWS\system32\Setup
    2008-09-04 07:26:14 ----D---- C:\WINDOWS\ime
    2008-09-04 07:26:12 ----D---- C:\WINDOWS\AppPatch
    2008-09-03 18:43:44 ----D---- C:\WINDOWS\system32\CatRoot
    2008-09-03 18:42:27 ----D---- C:\Program Files\Messenger
    2008-09-03 18:42:09 ----D---- C:\WINDOWS\security
    2008-09-03 18:36:11 ----D---- C:\WINDOWS\network diagnostic
    2008-09-03 18:36:10 ----D---- C:\WINDOWS\Help
    2008-09-03 18:35:52 ----D---- C:\WINDOWS\system32\en-US
    2008-09-03 18:35:51 ----D---- C:\WINDOWS\system32\usmt
    2008-09-03 18:35:47 ----D---- C:\WINDOWS\PeerNet
    2008-09-03 18:35:47 ----AD---- C:\WINDOWS\system32\en
    2008-09-03 18:35:46 ----D---- C:\Program Files\Movie Maker
    2008-09-03 18:32:23 ----D---- C:\WINDOWS\system32\npp
    2008-09-03 18:32:23 ----D---- C:\WINDOWS\mui
    2008-09-03 18:32:22 ----D---- C:\WINDOWS\msagent
    2008-09-03 18:32:20 ----D---- C:\WINDOWS\srchasst
    2008-09-03 18:32:19 ----D---- C:\Program Files\NetMeeting
    2008-09-03 18:32:17 ----D---- C:\WINDOWS\system32\Com
    2008-09-03 18:32:15 ----D---- C:\Program Files\Windows NT
    2008-09-03 18:32:15 ----D---- C:\Program Files\Outlook Express
    2008-09-03 18:32:12 ----D---- C:\Program Files\Common Files\System
    2008-09-03 18:31:56 ----D---- C:\WINDOWS\system32\oobe
    2008-09-03 18:31:53 ----D---- C:\WINDOWS\system
    2008-09-03 18:28:23 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2008-09-03 18:24:54 ----D---- C:\WINDOWS\ehome
    2008-09-03 15:12:11 ----D---- C:\WINDOWS\Debug
    2008-08-28 02:46:02 ----A---- C:\WINDOWS\system32\win32spl.dll
    2008-08-28 02:46:02 ----A---- C:\WINDOWS\system32\msw3prt.dll
    2008-08-27 03:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll
    2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\wininet.dll
    2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll
    2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll
    2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\url.dll
    2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll
    2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\occache.dll
    2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\mstime.dll
    2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\msrating.dll
    2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
    2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
    2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
    2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\jsproxy.dll
    2008-08-26 02:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll
    2008-08-26 02:24:29 ----A---- C:\WINDOWS\system32\iernonce.dll
    2008-08-26 02:24:29 ----A---- C:\WINDOWS\system32\iedkcs32.dll
    2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll
    2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\ieaksie.dll
    2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\ieakeng.dll
    2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\icardie.dll
    2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\extmgr.dll
    2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll
    2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll
    2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\advpack.dll
    2008-08-25 03:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
    2008-08-25 03:37:59 ----A---- C:\WINDOWS\system32\ie4uinit.exe
    2008-08-23 00:54:51 ----A---- C:\WINDOWS\system32\ieakui.dll
    2008-08-14 05:09:26 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 04:33:16 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
    2008-08-13 08:32:32 ----D---- C:\WINDOWS\Minidump
    2008-08-07 20:36:03 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Adobe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-07-17 12160]
    R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
    R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-07-30 80400]
    R2 CDRPDACC;Arrowkey Device Access; \??\C:\Program Files\321Studios\Shared\CDRPDACC.SYS []
    R2 CX23880;Conexant 23880 Video Capture; C:\WINDOWS\system32\drivers\cx88vid.sys [2004-08-26 160128]
    R2 CX88ENC;Conexant 2388x MPEG Encoder; C:\WINDOWS\system32\drivers\cx88enc.sys [2004-08-26 297344]
    R2 CXTUNE;Conexant 2388x Tuner; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2004-08-26 30976]
    R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
    R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
    R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
    R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
    R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-07-30 36368]
    R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2008-07-30 205328]
    R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-07-30 1195448]
    R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-03-04 1066278]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-09-01 769536]
    R3 CXAVXBAR;Conexant 2388x Crossbar Dual Input ; C:\WINDOWS\system32\drivers\cxavxbar.sys [2004-08-26 9344]
    R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-04-15 2564032]
    R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
    R3 Pcatip;Pcatip; C:\WINDOWS\System32\DRIVERS\Pcatip.sys [2005-02-25 68608]
    R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2003-11-18 34528]
    R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
    R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112]
    R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
    R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2008-07-30 334352]
    R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    S2 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
    S2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
    S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
    S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2006-01-18 53248]
    S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2006-01-19 11904]
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-19 51088]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-19 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-03-19 21744]
    S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-03 730653]
    S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    S3 mr7910;Photo Viewer; C:\WINDOWS\system32\DRIVERS\mr7910.sys [2006-08-02 114560]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
    S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
    S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2006-12-06 16694]
    S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
    S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys []
    S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
    S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
    S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-07-19 218112]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-09-01 389120]
    R2 CarboniteService;CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [2008-06-13 1700288]
    R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-09-28 195584]
    R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
    R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
    R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
    R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-10 19456]
    R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
    R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
    R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
    R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
    S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
    S2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-30 707128]
    S2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008-09-18 337160]
    S2 TmPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2008-07-30 492888]
    S2 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-07-30 677128]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
    S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-15 138168]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-11-15 504104]
    S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-19 65536]
    S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
    S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-11 483328]
    S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-10 28160]

    -----------------EOF-----------------
     
    HerbyJr,
    #3
  5. 2008/10/20
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK look pretty good. Couple things to remove.

    Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these files (if present):

    C:\WINDOWS\system32\jhubdvxh.dll
    C:\WINDOWS\system32\4b2d8be0-.txt


    Now lets get a on line scan, please do the following.

    Download ATF Cleaner by Atribune and save it to your Desktop.
    This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:

    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache
    Recycle bin

    The rest are optional - if you want it to remove everything check "Select All ".
    Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

    Now the scan.

    Please do an online scan with Kaspersky WebScanner

    Click on "Accept" If your pop "“up blocker blocks any windows from opening.

    Click Run on the window that opens.
    Windows Vista users you must open the web browser using the Run as Administrator command.
    • The program will launch and then begin downloading the latest definition files:
    • Under Scan on the left side.Click on My Computer
    • This will start the program and scan your system.
    • Click the "Scan Report" On the left side.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
    • Save the text file to your desktop.
    • Copy and paste that information in your next post.

    Please post the Kaspersky results.

    Thanks
    Geri
     
    Geri,
    #4
  6. 2008/10/20
    HerbyJr

    HerbyJr Inactive Thread Starter

    Joined:
    2008/10/19
    Messages:
    18
    Likes Received:
    0
    Hi Geri,

    I've run into a problem here. I got to the Kaspersky WebScanner part and Kaspersky told me I need Java 1.5 or later to run Kaspersky 7. My Java version shows 1.6... but I tried to update it anyway to make sure I was good. My system says there are no Java updates available and the Java website tells me I have the latest version as well. I know that some of the issues I had were related to java, so maybe I have a corrupt file or something? Thoughts?

    H.
     
    HerbyJr,
    #5
  7. 2008/10/21
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK try this.

    Please download JavaRa and save the file to your desktop.
    • Right click and Extract All
    • Once extracted, open and run JavaRa.exe
    • Click Search For Updates
    • Select Update Using jucheck.exe
    • Click Search
    • If a newer version is found, allow it to be installed
    • Uncheck the Google Toolbar option. (if you don't want the Google tool bar)
    • When complete, click Remove Older Versions in the JavaRa interface and allow it to proceed
    • When that is complete, click Additional Tasks, then select Remove Useless JRE Files and click Go
    • Exit the tool when complete.
    Read and then You can delete the gpl-2.0.txt file.


    If that don't work then lets run Panda. Make sure you run ATF Cleaner before doing the scan.

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

    Thanks
    Geri
     
    Geri,
    #6
  8. 2008/10/21
    HerbyJr

    HerbyJr Inactive Thread Starter

    Joined:
    2008/10/19
    Messages:
    18
    Likes Received:
    0
    Active Scan results

    Panda's Active Scan results below.
    JavaRA just told me my Java was current.



    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2008-10-21 10:43:49
    PROTECTIONS: 1
    MALWARE: 5
    SUSPECTS: 1
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    Trend Micro Internet Security 2008 17.0.1179 No Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00098066 adware/secure32 Adware No 1 Yes No c:\windows\warnhp.html
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[1].txt
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[2].txt
    01048936 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location
    ;===================================================================================================================================================================================
    No C:\hp\bin\KillIt.exe
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================




    There was 1 suspicious file called: C:\hp\bin\KillIt.exe
    I sure don't like the name of it...(KillIt.exe)

    H.
     
    Last edited: 2008/10/21
    HerbyJr,
    #7
  9. 2008/10/21
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    The KillIt.exe file is a legitimate HP file used only by an HP application, and only when necessary, such as when applying updates to HP software or products.

    Do you play the games here?
    GameSpy Arcade

    If not, then I would remove it, if you do then it's OK.

    How are things running?

    Geri
     
    Geri,
    #8
  10. 2008/10/21
    HerbyJr

    HerbyJr Inactive Thread Starter

    Joined:
    2008/10/19
    Messages:
    18
    Likes Received:
    0
    It seems to be running smoothly. Am I right to assume I can use the ATF cleaner anytime? It just cleans out the old stuff right? I hope to use mbam and ATF cleaner pretty regularly to keep the system healthy. Thats OK right?

    I don't use gamespy. It came with the system I think. I'm uninstalling it now.

    Thanks again for all your help.

    H.
     
    HerbyJr,
    #9
  11. 2008/10/21
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi HerbyJr
    You're welcome.

    Yes, both those programs are good to keep and run. make sure you always check for updates with MBAM before doing the scan.

    Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Malware and Virus Removal Forums.
    http://www.windowsbbs.com/showthread.php?t=67958

    I'll mark this one resolved.

    Surf Safely
    Geri
     
    Geri,
    #10
  12. 2008/10/22
    HerbyJr

    HerbyJr Inactive Thread Starter

    Joined:
    2008/10/19
    Messages:
    18
    Likes Received:
    0
    Already Done :)

    Geri,
    When I first got here I started reading the article you linked to. Nice work! I've already loaded site advisor and I'm running a firewall and AV (Trend Internet Security) I'll definitely do a better job of staying clean this time. Thanks again.

    :D

    H.
     
    HerbyJr,
    #11

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...