Welcome to GeekPolice!
HomePlease Help ..remove spyware 2009
Page 6 of 8 • 
1, 2, 3, 4, 5, 6, 7, 8 
- vpmdvpmd
Novice
-
OS : XP
Posts : 43
Rubies : 3086
Likes : 0 
vpmdvpmd on 10th February 2009, 12:20 am
RSIT generated only one file, log.txt. Part 1
Logfile of random's system information tool 1.05 (written by random/random)
Run by iTalent-1 at 2009-02-09 19:10:24
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 67 GB (87%) free of 76 GB
Total RAM: 446 MB (23% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:07 PM, on 2/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\TEMP\TMP3E.tmp
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\TEMP\rdl43.tmp
C:\WINDOWS\sysguard.exe
C:\Documents and Settings\iTalent-1\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\iTalent-1.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080208
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080208
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\windows\system32\i386kd.exe,c:\windows\system32\windres.exe,C:\WINDOWS\system32\vmware-ufad.exe,C:\WINDOWS\system32\gcc.exe,C:\WINDOWS\system32\gcc.exe,C:\WINDOWS\system32\regwiz.exe,
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Qtipe] rundll32.exe "C:\WINDOWS\Emucofajahigafek.dll",e
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\TEMP\TMP3E.tmp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [sysguard] C:\WINDOWS\sysguard.exe
O4 - HKUS\S-1-5-18\..\Run: [bnuywaoc.exe] C:\WINDOWS\bnuywaoc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [xlmqladk.exe] C:\WINDOWS\xlmqladk.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [hdihdnzd.exe] C:\WINDOWS\hdihdnzd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [bnuywaoc.exe] C:\WINDOWS\bnuywaoc.exe (User 'Default user')
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) - http://support.magicjack.com/jre-1_5_0_14-windows-i586-p.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vfsp - (no CLSID) - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7970 bytes
Logfile of random's system information tool 1.05 (written by random/random)
Run by iTalent-1 at 2009-02-09 19:10:24
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 67 GB (87%) free of 76 GB
Total RAM: 446 MB (23% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:07 PM, on 2/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\TEMP\TMP3E.tmp
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\TEMP\rdl43.tmp
C:\WINDOWS\sysguard.exe
C:\Documents and Settings\iTalent-1\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\iTalent-1.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080208
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080208
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\windows\system32\i386kd.exe,c:\windows\system32\windres.exe,C:\WINDOWS\system32\vmware-ufad.exe,C:\WINDOWS\system32\gcc.exe,C:\WINDOWS\system32\gcc.exe,C:\WINDOWS\system32\regwiz.exe,
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Qtipe] rundll32.exe "C:\WINDOWS\Emucofajahigafek.dll",e
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\TEMP\TMP3E.tmp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [sysguard] C:\WINDOWS\sysguard.exe
O4 - HKUS\S-1-5-18\..\Run: [bnuywaoc.exe] C:\WINDOWS\bnuywaoc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [xlmqladk.exe] C:\WINDOWS\xlmqladk.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [hdihdnzd.exe] C:\WINDOWS\hdihdnzd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [bnuywaoc.exe] C:\WINDOWS\bnuywaoc.exe (User 'Default user')
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) - http://support.magicjack.com/jre-1_5_0_14-windows-i586-p.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vfsp - (no CLSID) - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7970 bytes
- Belahzur
Site Admin
-
OS : 7 Home Premium x64
Posts : 34946
Rubies : 217931
Likes : 18 -
Belahzur on 10th February 2009, 12:28 am
I think it might, because we can try to kill the startup values, then delete the files I can see using the avenger.
Post a new Hijack This log.
Post a new Hijack This log.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.
- vpmdvpmdNovice
-
OS : XP
Posts : 43
Rubies : 3086
Likes : 0 -
vpmdvpmd on 10th February 2009, 12:32 am
log.txt - part 1
Logfile of random's system information tool 1.05 (written by random/random)
Run by iTalent-1 at 2009-02-09 19:24:44
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 67 GB (87%) free of 76 GB
Total RAM: 446 MB (23% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:58 PM, on 2/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\sysguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TEMP\rdl32.tmp
C:\WINDOWS\TEMP\TMP52.tmp
C:\Documents and Settings\iTalent-1\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\iTalent-1.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080208
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080208
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\windows\system32\i386kd.exe,c:\windows\system32\windres.exe,C:\WINDOWS\system32\vmware-ufad.exe,C:\WINDOWS\system32\gcc.exe,C:\WINDOWS\system32\gcc.exe,C:\WINDOWS\system32\regwiz.exe,C:\WINDOWS\system32\makehm.exe,C:\WINDOWS\system32\7z.exe,
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Qtipe] rundll32.exe "C:\WINDOWS\Emucofajahigafek.dll",e
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\TEMP\TMP52.tmp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [sysguard] C:\WINDOWS\sysguard.exe
O4 - HKUS\S-1-5-18\..\Run: [bnuywaoc.exe] C:\WINDOWS\bnuywaoc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [xlmqladk.exe] C:\WINDOWS\xlmqladk.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [hdihdnzd.exe] C:\WINDOWS\hdihdnzd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [bnuywaoc.exe] C:\WINDOWS\bnuywaoc.exe (User 'Default user')
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) - http://support.magicjack.com/jre-1_5_0_14-windows-i586-p.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vfsp - (no CLSID) - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 8026 bytes
======Registry dump======
Logfile of random's system information tool 1.05 (written by random/random)
Run by iTalent-1 at 2009-02-09 19:24:44
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 67 GB (87%) free of 76 GB
Total RAM: 446 MB (23% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:58 PM, on 2/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\sysguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TEMP\rdl32.tmp
C:\WINDOWS\TEMP\TMP52.tmp
C:\Documents and Settings\iTalent-1\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\iTalent-1.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080208
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080208
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\windows\system32\i386kd.exe,c:\windows\system32\windres.exe,C:\WINDOWS\system32\vmware-ufad.exe,C:\WINDOWS\system32\gcc.exe,C:\WINDOWS\system32\gcc.exe,C:\WINDOWS\system32\regwiz.exe,C:\WINDOWS\system32\makehm.exe,C:\WINDOWS\system32\7z.exe,
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Qtipe] rundll32.exe "C:\WINDOWS\Emucofajahigafek.dll",e
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\TEMP\TMP52.tmp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [sysguard] C:\WINDOWS\sysguard.exe
O4 - HKUS\S-1-5-18\..\Run: [bnuywaoc.exe] C:\WINDOWS\bnuywaoc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [xlmqladk.exe] C:\WINDOWS\xlmqladk.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [hdihdnzd.exe] C:\WINDOWS\hdihdnzd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [bnuywaoc.exe] C:\WINDOWS\bnuywaoc.exe (User 'Default user')
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) - http://support.magicjack.com/jre-1_5_0_14-windows-i586-p.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vfsp - (no CLSID) - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 8026 bytes
======Registry dump======
- vpmdvpmdNovice
-
OS : XP
Posts : 43
Rubies : 3086
Likes : 0 -
vpmdvpmd on 10th February 2009, 12:34 am
part 2
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-01-29 1088296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-03-25 308856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-07 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-02-07 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-02-07 2403392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe /P DellSupportCenter []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-03-25 185896]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-07 136600]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-07-29 1398024]
"Qtipe"=C:\WINDOWS\Emucofajahigafek.dll [2009-02-09 41984]
"PromoReg"=C:\WINDOWS\TEMP\TMP52.tmp [2009-02-09 387584]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 32256]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2009-02-07 171448]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe /H []
"sysguard"=C:\WINDOWS\sysguard.exe [2009-02-09 398340]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-10-16 90112]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cpqsrwex.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\cpqsrwex.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Globe7\Globe7Phone.exe"="C:\Program Files\Globe7\Globe7Phone.exe:*:Enabled:Globe7"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Rediff Bol\RediffMessenger.exe"="C:\Program Files\Rediff Bol\RediffMessenger.exe:*:Enabled:Rediff Bol 8.0 "
"C:\Program Files\Rediff Bol\AppWorkingDir\Client\Video\Talk&See.exe"="C:\Program Files\Rediff Bol\AppWorkingDir\Client\Video\Talk&See.exe:*:Enabled:Rediff Bol Talk & See"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Mercury Interactive\LoadRunner\launch_service\bin\magentproc.exe"="C:\Program Files\Mercury Interactive\LoadRunner\launch_service\bin\magentproc.exe:*:Enabled:Mercury Launcher Process"
"C:\Program Files\Mercury Interactive\LoadRunner\bin\vugen.exe"="C:\Program Files\Mercury Interactive\LoadRunner\bin\vugen.exe:*:Enabled:vugen"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe"="C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe:*:Enabled:VoipRaider"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Documents and Settings\italent\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\italent\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-01-29 1088296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-03-25 308856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-07 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-02-07 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-02-07 2403392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe /P DellSupportCenter []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-03-25 185896]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-07 136600]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-07-29 1398024]
"Qtipe"=C:\WINDOWS\Emucofajahigafek.dll [2009-02-09 41984]
"PromoReg"=C:\WINDOWS\TEMP\TMP52.tmp [2009-02-09 387584]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 32256]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2009-02-07 171448]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe /H []
"sysguard"=C:\WINDOWS\sysguard.exe [2009-02-09 398340]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-10-16 90112]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cpqsrwex.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\cpqsrwex.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Globe7\Globe7Phone.exe"="C:\Program Files\Globe7\Globe7Phone.exe:*:Enabled:Globe7"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Rediff Bol\RediffMessenger.exe"="C:\Program Files\Rediff Bol\RediffMessenger.exe:*:Enabled:Rediff Bol 8.0 "
"C:\Program Files\Rediff Bol\AppWorkingDir\Client\Video\Talk&See.exe"="C:\Program Files\Rediff Bol\AppWorkingDir\Client\Video\Talk&See.exe:*:Enabled:Rediff Bol Talk & See"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Mercury Interactive\LoadRunner\launch_service\bin\magentproc.exe"="C:\Program Files\Mercury Interactive\LoadRunner\launch_service\bin\magentproc.exe:*:Enabled:Mercury Launcher Process"
"C:\Program Files\Mercury Interactive\LoadRunner\bin\vugen.exe"="C:\Program Files\Mercury Interactive\LoadRunner\bin\vugen.exe:*:Enabled:vugen"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe"="C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe:*:Enabled:VoipRaider"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Documents and Settings\italent\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\italent\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
- vpmdvpmdNovice
-
OS : XP
Posts : 43
Rubies : 3086
Likes : 0 -
vpmdvpmd on 10th February 2009, 12:34 am
part 3
======List of files/folders created in the last 1 months======
2009-02-09 19:24:44 ----D---- C:\rsit
2009-02-09 19:17:54 ----A---- C:\WINDOWS\system32\47.tmp
2009-02-09 19:17:53 ----A---- C:\WINDOWS\system32\46.tmp
2009-02-09 19:17:44 ----A---- C:\WINDOWS\system32\37.tmp
2009-02-09 19:17:43 ----A---- C:\WINDOWS\system32\36.tmp
2009-02-09 19:17:35 ----A---- C:\WINDOWS\system32\31.tmp
2009-02-09 19:15:40 ----A---- C:\WINDOWS\system32\55.tmp
2009-02-09 19:15:39 ----A---- C:\WINDOWS\system32\54.tmp
2009-02-09 19:12:41 ----A---- C:\WINDOWS\system32\4A.tmp
2009-02-09 19:12:40 ----A---- C:\WINDOWS\system32\49.tmp
2009-02-09 19:12:39 ----A---- C:\WINDOWS\system32\48.tmp
2009-02-09 18:49:16 ----A---- C:\WINDOWS\sysguard.exe
2009-02-09 18:48:51 ----A---- C:\WINDOWS\system32\42.tmp
2009-02-09 18:48:50 ----A---- C:\WINDOWS\system32\41.tmp
2009-02-09 18:48:49 ----A---- C:\WINDOWS\system32\35.tmp
2009-02-09 18:48:48 ----A---- C:\WINDOWS\system32\32.tmp
2009-02-09 18:48:47 ----A---- C:\WINDOWS\Emucofajahigafek.dll
2009-02-09 18:48:46 ----A---- C:\WINDOWS\system32\30.tmp
2009-02-09 18:45:48 ----A---- C:\WINDOWS\system32\5B.tmp
2009-02-09 18:45:48 ----A---- C:\WINDOWS\system32\5A.tmp
2009-02-09 18:43:07 ----A---- C:\WINDOWS\system32\53.tmp
2009-02-09 18:43:06 ----A---- C:\WINDOWS\system32\52.tmp
2009-02-09 18:43:03 ----A---- C:\WINDOWS\system32\51.tmp
2009-02-09 17:44:09 ----N---- C:\WINDOWS\system32\4D.tmp
2009-02-09 17:44:08 ----A---- C:\WINDOWS\system32\4C.tmp
2009-02-09 17:41:27 ----A---- C:\WINDOWS\system32\45.tmp
2009-02-09 17:41:26 ----A---- C:\WINDOWS\system32\44.tmp
2009-02-09 17:41:25 ----A---- C:\WINDOWS\system32\43.tmp
2009-02-09 17:05:38 ----N---- C:\WINDOWS\system32\40.tmp
2009-02-09 17:05:37 ----A---- C:\WINDOWS\system32\3F.tmp
2009-02-09 17:00:27 ----A---- C:\WINDOWS\system32\2F.tmp
2009-02-09 17:00:26 ----A---- C:\WINDOWS\system32\27.tmp
2009-02-09 16:31:05 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-09 16:22:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-09 15:52:38 ----N---- C:\WINDOWS\system32\2E.tmp
2009-02-09 15:52:38 ----A---- C:\WINDOWS\system32\2D.tmp
2009-02-09 15:52:24 ----A---- C:\WINDOWS\system32\26.tmp
2009-02-09 15:52:23 ----A---- C:\WINDOWS\system32\22.tmp
2009-02-09 15:52:19 ----A---- C:\WINDOWS\system32\1F.tmp
2009-02-09 15:47:14 ----D---- C:\32788R22FWJFW
2009-02-09 15:47:13 ----N---- C:\WINDOWS\system32\2C.tmp
2009-02-09 15:47:13 ----A---- C:\WINDOWS\system32\28.tmp
2009-02-09 15:47:00 ----A---- C:\WINDOWS\system32\25.tmp
2009-02-09 15:46:59 ----A---- C:\WINDOWS\system32\24.tmp
2009-02-09 15:46:58 ----A---- C:\WINDOWS\system32\23.tmp
2009-02-09 15:43:00 ----N---- C:\WINDOWS\system32\1B.tmp
2009-02-09 15:43:00 ----A---- C:\WINDOWS\system32\1A.tmp
2009-02-09 15:42:18 ----A---- C:\WINDOWS\system32\15.tmp
2009-02-09 15:42:17 ----A---- C:\WINDOWS\system32\14.tmp
2009-02-09 15:42:16 ----A---- C:\WINDOWS\system32\13.tmp
2009-02-09 15:39:21 ----N---- C:\WINDOWS\system32\34.tmp
2009-02-09 15:39:21 ----A---- C:\WINDOWS\system32\33.tmp
2009-02-09 15:34:22 ----A---- C:\WINDOWS\system32\2B.tmp
2009-02-09 15:34:21 ----A---- C:\WINDOWS\system32\2A.tmp
2009-02-09 15:34:20 ----A---- C:\WINDOWS\system32\29.tmp
2009-02-09 14:47:35 ----N---- C:\WINDOWS\system32\21.tmp
2009-02-09 14:47:35 ----A---- C:\WINDOWS\system32\20.tmp
2009-02-09 14:47:22 ----A---- C:\WINDOWS\system32\1E.tmp
2009-02-09 14:47:21 ----A---- C:\WINDOWS\system32\1D.tmp
2009-02-09 14:47:21 ----A---- C:\WINDOWS\system32\1C.tmp
2009-02-09 14:09:56 ----N---- C:\WINDOWS\system32\19.tmp
2009-02-09 14:09:55 ----A---- C:\WINDOWS\system32\18.tmp
2009-02-09 14:05:20 ----A---- C:\WINDOWS\system32\12.tmp
2009-02-09 14:05:17 ----A---- C:\WINDOWS\system32\11.tmp
2009-02-09 14:04:12 ----A---- C:\WINDOWS\system32\10.tmp
2009-02-09 14:01:57 ----N---- C:\WINDOWS\system32\17.tmp
2009-02-09 14:01:56 ----A---- C:\WINDOWS\system32\16.tmp
2009-02-09 13:57:38 ----A---- C:\WINDOWS\system32\F.tmp
2009-02-09 13:57:37 ----A---- C:\WINDOWS\system32\E.tmp
2009-02-09 13:57:35 ----A---- C:\WINDOWS\system32\D.tmp
2009-02-09 13:55:27 ----A---- C:\WINDOWS\system32\C.tmp
2009-02-09 13:55:26 ----A---- C:\WINDOWS\system32\B.tmp
2009-02-09 13:55:25 ----A---- C:\WINDOWS\system32\A.tmp
2009-02-09 13:26:56 ----D---- C:\_OTMoveIt
2009-02-09 12:09:44 ----D---- C:\Avenger
2009-02-09 10:44:23 ----HD---- C:\WINDOWS\PIF
2009-02-08 23:48:07 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2009-02-08 20:06:08 ----D---- C:\WINDOWS\system32\Quarantine
2009-02-08 20:05:09 ----A---- C:\WINDOWS\adobe.bat
2009-02-08 18:59:02 ----D---- C:\Documents and Settings\All Users\Application Data\Trend Micro
2009-02-08 18:57:30 ----D---- C:\Program Files\Trend Micro
2009-02-08 18:07:54 ----D---- C:\Program Files\Microsoft Common
2009-02-08 18:06:49 ----A---- C:\WINDOWS\system32\7c5a3NJ4.exe.a_a
2009-02-07 12:19:34 ----D---- C:\Documents and Settings\iTalent-1\Application Data\Mozilla
2009-02-07 12:17:35 ----D---- C:\Documents and Settings\iTalent-1\Application Data\LimeWire
2009-02-07 12:16:15 ----A---- C:\WINDOWS\system32\javaws.exe
2009-02-07 12:16:15 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-02-07 12:16:14 ----A---- C:\WINDOWS\system32\javaw.exe
2009-02-07 12:16:14 ----A---- C:\WINDOWS\system32\java.exe
2009-02-07 12:13:54 ----D---- C:\Program Files\LimeWire
2009-02-07 12:04:56 ----D---- C:\Documents and Settings\iTalent-1\Application Data\Google
2009-02-07 11:58:51 ----D---- C:\Documents and Settings\iTalent-1\Application Data\skypePM
2009-02-07 11:57:34 ----D---- C:\Documents and Settings\iTalent-1\Application Data\Skype
2009-02-07 11:56:23 ----D---- C:\Program Files\Common Files\Skype
2009-02-07 11:56:19 ----RD---- C:\Program Files\Skype
2009-02-04 00:14:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
======List of files/folders created in the last 1 months======
2009-02-09 19:24:44 ----D---- C:\rsit
2009-02-09 19:17:54 ----A---- C:\WINDOWS\system32\47.tmp
2009-02-09 19:17:53 ----A---- C:\WINDOWS\system32\46.tmp
2009-02-09 19:17:44 ----A---- C:\WINDOWS\system32\37.tmp
2009-02-09 19:17:43 ----A---- C:\WINDOWS\system32\36.tmp
2009-02-09 19:17:35 ----A---- C:\WINDOWS\system32\31.tmp
2009-02-09 19:15:40 ----A---- C:\WINDOWS\system32\55.tmp
2009-02-09 19:15:39 ----A---- C:\WINDOWS\system32\54.tmp
2009-02-09 19:12:41 ----A---- C:\WINDOWS\system32\4A.tmp
2009-02-09 19:12:40 ----A---- C:\WINDOWS\system32\49.tmp
2009-02-09 19:12:39 ----A---- C:\WINDOWS\system32\48.tmp
2009-02-09 18:49:16 ----A---- C:\WINDOWS\sysguard.exe
2009-02-09 18:48:51 ----A---- C:\WINDOWS\system32\42.tmp
2009-02-09 18:48:50 ----A---- C:\WINDOWS\system32\41.tmp
2009-02-09 18:48:49 ----A---- C:\WINDOWS\system32\35.tmp
2009-02-09 18:48:48 ----A---- C:\WINDOWS\system32\32.tmp
2009-02-09 18:48:47 ----A---- C:\WINDOWS\Emucofajahigafek.dll
2009-02-09 18:48:46 ----A---- C:\WINDOWS\system32\30.tmp
2009-02-09 18:45:48 ----A---- C:\WINDOWS\system32\5B.tmp
2009-02-09 18:45:48 ----A---- C:\WINDOWS\system32\5A.tmp
2009-02-09 18:43:07 ----A---- C:\WINDOWS\system32\53.tmp
2009-02-09 18:43:06 ----A---- C:\WINDOWS\system32\52.tmp
2009-02-09 18:43:03 ----A---- C:\WINDOWS\system32\51.tmp
2009-02-09 17:44:09 ----N---- C:\WINDOWS\system32\4D.tmp
2009-02-09 17:44:08 ----A---- C:\WINDOWS\system32\4C.tmp
2009-02-09 17:41:27 ----A---- C:\WINDOWS\system32\45.tmp
2009-02-09 17:41:26 ----A---- C:\WINDOWS\system32\44.tmp
2009-02-09 17:41:25 ----A---- C:\WINDOWS\system32\43.tmp
2009-02-09 17:05:38 ----N---- C:\WINDOWS\system32\40.tmp
2009-02-09 17:05:37 ----A---- C:\WINDOWS\system32\3F.tmp
2009-02-09 17:00:27 ----A---- C:\WINDOWS\system32\2F.tmp
2009-02-09 17:00:26 ----A---- C:\WINDOWS\system32\27.tmp
2009-02-09 16:31:05 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-09 16:22:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-09 15:52:38 ----N---- C:\WINDOWS\system32\2E.tmp
2009-02-09 15:52:38 ----A---- C:\WINDOWS\system32\2D.tmp
2009-02-09 15:52:24 ----A---- C:\WINDOWS\system32\26.tmp
2009-02-09 15:52:23 ----A---- C:\WINDOWS\system32\22.tmp
2009-02-09 15:52:19 ----A---- C:\WINDOWS\system32\1F.tmp
2009-02-09 15:47:14 ----D---- C:\32788R22FWJFW
2009-02-09 15:47:13 ----N---- C:\WINDOWS\system32\2C.tmp
2009-02-09 15:47:13 ----A---- C:\WINDOWS\system32\28.tmp
2009-02-09 15:47:00 ----A---- C:\WINDOWS\system32\25.tmp
2009-02-09 15:46:59 ----A---- C:\WINDOWS\system32\24.tmp
2009-02-09 15:46:58 ----A---- C:\WINDOWS\system32\23.tmp
2009-02-09 15:43:00 ----N---- C:\WINDOWS\system32\1B.tmp
2009-02-09 15:43:00 ----A---- C:\WINDOWS\system32\1A.tmp
2009-02-09 15:42:18 ----A---- C:\WINDOWS\system32\15.tmp
2009-02-09 15:42:17 ----A---- C:\WINDOWS\system32\14.tmp
2009-02-09 15:42:16 ----A---- C:\WINDOWS\system32\13.tmp
2009-02-09 15:39:21 ----N---- C:\WINDOWS\system32\34.tmp
2009-02-09 15:39:21 ----A---- C:\WINDOWS\system32\33.tmp
2009-02-09 15:34:22 ----A---- C:\WINDOWS\system32\2B.tmp
2009-02-09 15:34:21 ----A---- C:\WINDOWS\system32\2A.tmp
2009-02-09 15:34:20 ----A---- C:\WINDOWS\system32\29.tmp
2009-02-09 14:47:35 ----N---- C:\WINDOWS\system32\21.tmp
2009-02-09 14:47:35 ----A---- C:\WINDOWS\system32\20.tmp
2009-02-09 14:47:22 ----A---- C:\WINDOWS\system32\1E.tmp
2009-02-09 14:47:21 ----A---- C:\WINDOWS\system32\1D.tmp
2009-02-09 14:47:21 ----A---- C:\WINDOWS\system32\1C.tmp
2009-02-09 14:09:56 ----N---- C:\WINDOWS\system32\19.tmp
2009-02-09 14:09:55 ----A---- C:\WINDOWS\system32\18.tmp
2009-02-09 14:05:20 ----A---- C:\WINDOWS\system32\12.tmp
2009-02-09 14:05:17 ----A---- C:\WINDOWS\system32\11.tmp
2009-02-09 14:04:12 ----A---- C:\WINDOWS\system32\10.tmp
2009-02-09 14:01:57 ----N---- C:\WINDOWS\system32\17.tmp
2009-02-09 14:01:56 ----A---- C:\WINDOWS\system32\16.tmp
2009-02-09 13:57:38 ----A---- C:\WINDOWS\system32\F.tmp
2009-02-09 13:57:37 ----A---- C:\WINDOWS\system32\E.tmp
2009-02-09 13:57:35 ----A---- C:\WINDOWS\system32\D.tmp
2009-02-09 13:55:27 ----A---- C:\WINDOWS\system32\C.tmp
2009-02-09 13:55:26 ----A---- C:\WINDOWS\system32\B.tmp
2009-02-09 13:55:25 ----A---- C:\WINDOWS\system32\A.tmp
2009-02-09 13:26:56 ----D---- C:\_OTMoveIt
2009-02-09 12:09:44 ----D---- C:\Avenger
2009-02-09 10:44:23 ----HD---- C:\WINDOWS\PIF
2009-02-08 23:48:07 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2009-02-08 20:06:08 ----D---- C:\WINDOWS\system32\Quarantine
2009-02-08 20:05:09 ----A---- C:\WINDOWS\adobe.bat
2009-02-08 18:59:02 ----D---- C:\Documents and Settings\All Users\Application Data\Trend Micro
2009-02-08 18:57:30 ----D---- C:\Program Files\Trend Micro
2009-02-08 18:07:54 ----D---- C:\Program Files\Microsoft Common
2009-02-08 18:06:49 ----A---- C:\WINDOWS\system32\7c5a3NJ4.exe.a_a
2009-02-07 12:19:34 ----D---- C:\Documents and Settings\iTalent-1\Application Data\Mozilla
2009-02-07 12:17:35 ----D---- C:\Documents and Settings\iTalent-1\Application Data\LimeWire
2009-02-07 12:16:15 ----A---- C:\WINDOWS\system32\javaws.exe
2009-02-07 12:16:15 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-02-07 12:16:14 ----A---- C:\WINDOWS\system32\javaw.exe
2009-02-07 12:16:14 ----A---- C:\WINDOWS\system32\java.exe
2009-02-07 12:13:54 ----D---- C:\Program Files\LimeWire
2009-02-07 12:04:56 ----D---- C:\Documents and Settings\iTalent-1\Application Data\Google
2009-02-07 11:58:51 ----D---- C:\Documents and Settings\iTalent-1\Application Data\skypePM
2009-02-07 11:57:34 ----D---- C:\Documents and Settings\iTalent-1\Application Data\Skype
2009-02-07 11:56:23 ----D---- C:\Program Files\Common Files\Skype
2009-02-07 11:56:19 ----RD---- C:\Program Files\Skype
2009-02-04 00:14:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
- vpmdvpmdNovice
-
OS : XP
Posts : 43
Rubies : 3086
Likes : 0 -
vpmdvpmd on 10th February 2009, 12:35 am
part 4
======List of files/folders modified in the last 1 months======
2009-02-09 19:23:23 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-09 19:23:07 ----AD---- C:\WINDOWS\Temp
2009-02-09 19:21:19 ----D---- C:\WINDOWS\system32
2009-02-09 19:21:19 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-09 19:17:25 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-09 19:17:17 ----D---- C:\WINDOWS
2009-02-09 19:17:16 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2009-02-09 19:15:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-09 18:39:41 ----D---- C:\Program Files\Microsoft Works
2009-02-09 17:56:27 ----D---- C:\i386
2009-02-09 17:03:07 ----RD---- C:\Program Files
2009-02-09 16:57:18 ----D---- C:\WINDOWS\system32\drivers
2009-02-09 16:57:15 ----A---- C:\WINDOWS\DUMP5ec9.tmp
2009-02-09 13:56:48 ----A---- C:\WINDOWS\DUMP7128.tmp
2009-02-09 13:40:53 ----A---- C:\WINDOWS\DUMP7a02.tmp
2009-02-09 13:26:57 ----SD---- C:\WINDOWS\Tasks
2009-02-09 11:28:20 ----SHD---- C:\System Volume Information
2009-02-09 11:28:20 ----D---- C:\WINDOWS\system32\Restore
2009-02-09 11:24:39 ----D---- C:\WINDOWS\system32\FxsTmp
2009-02-09 09:21:14 ----D---- C:\WINDOWS\Prefetch
2009-02-09 00:05:54 ----D---- C:\WINDOWS\Minidump
2009-02-08 23:11:50 ----D---- C:\WINDOWS\SoftwareDistribution
2009-02-08 20:10:07 ----HD---- C:\WINDOWS\inf
2009-02-08 19:01:39 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-08 18:59:11 ----SHD---- C:\WINDOWS\Installer
2009-02-08 18:55:41 ----D---- C:\Program Files\Common Files
2009-02-08 18:55:40 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-02-08 18:55:36 ----D---- C:\Program Files\McAfee
2009-02-08 18:33:04 ----D---- C:\dell
2009-02-08 18:17:59 ----SD---- C:\Documents and Settings\iTalent-1\Application Data\Microsoft
2009-02-07 21:00:34 ----D---- C:\Documents and Settings\iTalent-1\Application Data\Real
2009-02-07 20:56:39 ----AC---- C:\WINDOWS\cdplayer.ini
2009-02-07 12:14:53 ----D---- C:\Program Files\Java
2009-02-07 11:57:26 ----D---- C:\Program Files\Google
2009-02-07 11:56:24 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-02-04 11:44:47 ----D---- C:\Program Files\Creative
2009-02-04 00:14:23 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-02-04 00:13:50 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-04 00:04:04 ----D---- C:\Documents and Settings
2009-02-03 23:56:03 ----A---- C:\WINDOWS\imsins.BAK
2009-02-03 23:52:11 ----D---- C:\WINDOWS\twain_32
2009-02-03 23:50:26 ----D---- C:\Documents and Settings\All Users\Application Data\SupportSoft
2009-02-03 23:50:21 ----D---- C:\Program Files\Dell Support Center
2009-02-03 19:26:34 ----D---- C:\Program Files\DivX
2009-02-03 19:24:28 ----AC---- C:\WINDOWS\ODBC.INI
2009-02-03 19:12:24 ----RSD---- C:\WINDOWS\assembly
2009-02-03 19:12:19 ----D---- C:\Program Files\Common Files\Intuit
2009-02-03 19:10:49 ----RSD---- C:\WINDOWS\Fonts
2009-02-03 19:03:14 ----SHD---- C:\RECYCLER
2009-02-03 18:36:37 ----D---- C:\Program Files\Common Files\InstallShield
2009-02-03 18:36:34 ----AC---- C:\WINDOWS\mercury.ini
2009-02-03 18:36:07 ----HD---- C:\Program Files\InstallShield Installation Information
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-02-15 65936]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-12-02 12672]
R2 Packet;Auto Internet Protocol; C:\WINDOWS\system32\DRIVERS\packet.sys [2006-12-18 12672]
R2 paldrv;paldrv; \??\C:\WINDOWS\system32\pal_drv.sys []
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-04-23 32256]
R2 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-08-16 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2008-08-16 205328]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-08-16 1195448]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-10-09 1123328]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2007-04-23 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-12-02 989952]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-12-02 211200]
R3 Passthru;Service; C:\WINDOWS\system32\DRIVERS\ndisio.sys [2009-02-08 53248]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-04-23 1228296]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-04-27 202912]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-12-02 731136]
S1 ethccjcq;ethccjcq; C:\WINDOWS\system32\drivers\ethccjcq.sys [2009-02-09 138336]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-10-16 1777152]
S3 CA561;ICatch (VI) PC Camera; C:\WINDOWS\System32\Drivers\SPCA561.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 hnmsvc;Advanced Networking Service; C:\Program Files\Dell Network Assistant\hnm_svc.exe [2007-05-25 112176]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-07 152984]
R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2007-03-09 3068352]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 698888]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008-02-15 333064]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 55808]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-10-09 40960]
R3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-02-26 648456]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-10-16 450560]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 284672]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-07 138168]
-----------------EOF-----------------
======List of files/folders modified in the last 1 months======
2009-02-09 19:23:23 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-09 19:23:07 ----AD---- C:\WINDOWS\Temp
2009-02-09 19:21:19 ----D---- C:\WINDOWS\system32
2009-02-09 19:21:19 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-09 19:17:25 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-09 19:17:17 ----D---- C:\WINDOWS
2009-02-09 19:17:16 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2009-02-09 19:15:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-09 18:39:41 ----D---- C:\Program Files\Microsoft Works
2009-02-09 17:56:27 ----D---- C:\i386
2009-02-09 17:03:07 ----RD---- C:\Program Files
2009-02-09 16:57:18 ----D---- C:\WINDOWS\system32\drivers
2009-02-09 16:57:15 ----A---- C:\WINDOWS\DUMP5ec9.tmp
2009-02-09 13:56:48 ----A---- C:\WINDOWS\DUMP7128.tmp
2009-02-09 13:40:53 ----A---- C:\WINDOWS\DUMP7a02.tmp
2009-02-09 13:26:57 ----SD---- C:\WINDOWS\Tasks
2009-02-09 11:28:20 ----SHD---- C:\System Volume Information
2009-02-09 11:28:20 ----D---- C:\WINDOWS\system32\Restore
2009-02-09 11:24:39 ----D---- C:\WINDOWS\system32\FxsTmp
2009-02-09 09:21:14 ----D---- C:\WINDOWS\Prefetch
2009-02-09 00:05:54 ----D---- C:\WINDOWS\Minidump
2009-02-08 23:11:50 ----D---- C:\WINDOWS\SoftwareDistribution
2009-02-08 20:10:07 ----HD---- C:\WINDOWS\inf
2009-02-08 19:01:39 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-08 18:59:11 ----SHD---- C:\WINDOWS\Installer
2009-02-08 18:55:41 ----D---- C:\Program Files\Common Files
2009-02-08 18:55:40 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-02-08 18:55:36 ----D---- C:\Program Files\McAfee
2009-02-08 18:33:04 ----D---- C:\dell
2009-02-08 18:17:59 ----SD---- C:\Documents and Settings\iTalent-1\Application Data\Microsoft
2009-02-07 21:00:34 ----D---- C:\Documents and Settings\iTalent-1\Application Data\Real
2009-02-07 20:56:39 ----AC---- C:\WINDOWS\cdplayer.ini
2009-02-07 12:14:53 ----D---- C:\Program Files\Java
2009-02-07 11:57:26 ----D---- C:\Program Files\Google
2009-02-07 11:56:24 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-02-04 11:44:47 ----D---- C:\Program Files\Creative
2009-02-04 00:14:23 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-02-04 00:13:50 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-04 00:04:04 ----D---- C:\Documents and Settings
2009-02-03 23:56:03 ----A---- C:\WINDOWS\imsins.BAK
2009-02-03 23:52:11 ----D---- C:\WINDOWS\twain_32
2009-02-03 23:50:26 ----D---- C:\Documents and Settings\All Users\Application Data\SupportSoft
2009-02-03 23:50:21 ----D---- C:\Program Files\Dell Support Center
2009-02-03 19:26:34 ----D---- C:\Program Files\DivX
2009-02-03 19:24:28 ----AC---- C:\WINDOWS\ODBC.INI
2009-02-03 19:12:24 ----RSD---- C:\WINDOWS\assembly
2009-02-03 19:12:19 ----D---- C:\Program Files\Common Files\Intuit
2009-02-03 19:10:49 ----RSD---- C:\WINDOWS\Fonts
2009-02-03 19:03:14 ----SHD---- C:\RECYCLER
2009-02-03 18:36:37 ----D---- C:\Program Files\Common Files\InstallShield
2009-02-03 18:36:34 ----AC---- C:\WINDOWS\mercury.ini
2009-02-03 18:36:07 ----HD---- C:\Program Files\InstallShield Installation Information
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-02-15 65936]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-12-02 12672]
R2 Packet;Auto Internet Protocol; C:\WINDOWS\system32\DRIVERS\packet.sys [2006-12-18 12672]
R2 paldrv;paldrv; \??\C:\WINDOWS\system32\pal_drv.sys []
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-04-23 32256]
R2 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-08-16 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2008-08-16 205328]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-08-16 1195448]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-10-09 1123328]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2007-04-23 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-12-02 989952]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-12-02 211200]
R3 Passthru;Service; C:\WINDOWS\system32\DRIVERS\ndisio.sys [2009-02-08 53248]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-04-23 1228296]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-04-27 202912]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-12-02 731136]
S1 ethccjcq;ethccjcq; C:\WINDOWS\system32\drivers\ethccjcq.sys [2009-02-09 138336]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-10-16 1777152]
S3 CA561;ICatch (VI) PC Camera; C:\WINDOWS\System32\Drivers\SPCA561.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 hnmsvc;Advanced Networking Service; C:\Program Files\Dell Network Assistant\hnm_svc.exe [2007-05-25 112176]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-07 152984]
R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2007-03-09 3068352]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 698888]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008-02-15 333064]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 55808]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-10-09 40960]
R3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-02-26 648456]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-10-16 450560]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 284672]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-07 138168]
-----------------EOF-----------------
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34946
Rubies : 217931
Likes : 18 -
Belahzur on 10th February 2009, 12:42 am
Hello.
Please download the OTMoveIt3 by OldTimer again if you don't have the exe still.
Please post the OTMoveIt log.
- Open HijackThis
- Choose "Do a system scan only"
- Check the boxes in front of these lines:
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\windows\system32\i386kd.exe,c:\windows\system32\windres.exe,C:\WINDOWS\system32\vmware-ufad.exe,C:\WINDOWS\system32\gcc.exe,C:\WINDOWS\system32\gcc.exe,C:\WINDOWS\system32\regwiz.exe,C:\WINDOWS\system32\makehm.exe,C:\WINDOWS\system32\7z.exe,
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O4 - HKLM\..\Run: [Qtipe] rundll32.exe "C:\WINDOWS\Emucofajahigafek.dll",e
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\TEMP\TMP52.tmp
O4 - HKCU\..\Run: [sysguard] C:\WINDOWS\sysguard.exe
O4 - HKUS\S-1-5-18\..\Run: [bnuywaoc.exe] C:\WINDOWS\bnuywaoc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [xlmqladk.exe] C:\WINDOWS\xlmqladk.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [hdihdnzd.exe] C:\WINDOWS\hdihdnzd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [bnuywaoc.exe] C:\WINDOWS\bnuywaoc.exe (User 'Default user') - Press "Fix Checked"
- Close Hijack This.
Please download the OTMoveIt3 by OldTimer again if you don't have the exe still.
- Save it to your desktop.
- Please double-click OTMoveIt3.exe to run it.
- Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:services
Passthru
ethccjcq
lmimirr
dwshd
:files
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\system32\DRIVERS\ndisio.sys
C:\Windows\System32\regwiz.exe
C:\WINDOWS\Emucofajahigafek.dll
C:\WINDOWS\sysguard.exe
C:\WINDOWS\adobe.bat
C:\WINDOWS\system32\7c5a3NJ4.exe.a_a
C:\Documents and Settings\iTalent-1\Application Data\LimeWire
C:\Program Files\LimeWire
c:\windows\system32\i386kd.exe
c:\windows\system32\windres.exe
C:\WINDOWS\system32\vmware-ufad.exe
C:\WINDOWS\system32\gcc.exe
C:\WINDOWS\system32\makehm.exe
C:\WINDOWS\system32\7z.exe
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Qtipe"=-
"PromoReg"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"sysguard"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cpqsrwex.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\cpqsrwex.sys]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"\??\C:\WINDOWS\system32\winlogon.exe"=-
:commands
[emptytemp]
[reboot] - Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt3
Please post the OTMoveIt log.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.
Page 6 of 8 • 1, 2, 3, 4, 5, 6, 7, 8
Similar topics
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 6 of 8
Permissions in this forum:
You can reply to topics in this forum
