Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need Help With Comp Suspected Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need Help With Comp Suspected Malware

Unread postby aussie123 » November 27th, 2008, 3:23 am

I need help my comps playing up badly, all i can see is my background no icons or task bar plus random internet windows are poppin up.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:21:57 PM, on 11/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{91-12-2D-D9-DW}] c:\windows\system32\rlwnw64l.exe DWmmm01FF
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lcntqtdl.exe DWmmm01FF
O4 - HKLM\..\Run: [lafafrcllry] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\rpxmugjlbwtnpa.dll"
O4 - HKLM\..\Run: [2f591276] rundll32.exe "C:\WINDOWS\system32\jrqmtoow.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingA563] command /c del "C:\Program Files\webHancer\Programs\sporder.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8535] cmd /c del "C:\Program Files\webHancer\Programs\sporder.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7841] command /c del "C:\Program Files\webHancer\Programs\whagent.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9404] cmd /c del "C:\Program Files\webHancer\Programs\whagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKCU\..\RunOnce: [SpybotDeletingB272] command /c del "C:\Program Files\webHancer\Programs\sporder.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4269] cmd /c del "C:\Program Files\webHancer\Programs\sporder.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8176] command /c del "C:\Program Files\webHancer\Programs\readme.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6492] cmd /c del "C:\Program Files\webHancer\Programs\readme.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8606] command /c del "C:\Program Files\webHancer\Programs\whagent.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6146] cmd /c del "C:\Program Files\webHancer\Programs\whagent.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5284] command /c del "C:\Program Files\webHancer\Programs\sporder.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8494] cmd /c del "C:\Program Files\webHancer\Programs\sporder.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2404] command /c del "C:\Program Files\webHancer\Programs\whagent.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7324] cmd /c del "C:\Program Files\webHancer\Programs\whagent.exe"
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00D1000.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 7388 bytes
aussie123
Active Member
 
Posts: 10
Joined: November 27th, 2008, 3:18 am
Advertisement
Register to Remove

Re: Need Help With Comp Suspected Malware

Unread postby MikeSwim07 » November 27th, 2008, 11:03 am

Hello, and Image to the Malware Removal forums.
My name is Michael I'll be glad to help you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happen.

Please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please note: All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

Thanks, Michael
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Need Help With Comp Suspected Malware

Unread postby aussie123 » November 27th, 2008, 5:03 pm

It wont actually let me make a uninstall list i hit save list then a lil timer comes up with me mouse for half a second then hijack this closes.

Edit: And when i click on ''Open Add/Remove Software List'' a window pops up called rundll32.exe - Application Error as the the title then under that it says application failed to initialize (0xc0000005)

Edit Again: Now when i log in this window pops up after the other one.
Image

And also a window keeps poppin up every second click saying this

''ATTENTION! If your computer is struck by the spyware, you could suffer data loss, erratic PC behaviour, PC freezes and creahes.

Detect and remove viruses before they damage your computer!
Antivirus 2009 will perform a 100% FREE and quick scan of your computer for Viruses, Spyware and Adware.

Do you want to install Antivirus 2009 to scan your computer for malware now? (Recommended)''


:pale:
aussie123
Active Member
 
Posts: 10
Joined: November 27th, 2008, 3:18 am

Re: Need Help With Comp Suspected Malware

Unread postby aussie123 » November 28th, 2008, 10:41 pm

Alright i ran Malware Removal and it has seemed to do something since im no longer getting that error i was getting an now its starting up normaly heres the log from Malware Removal and it now let me do an unistal list with hijack this
Malwarebytes' Anti-Malware 1.30
Database version: 1433
Windows 5.1.2600 Service Pack 2

11/29/2008 1:32:24 PM
mbam-log-2008-11-29 (13-32-24).txt

Scan type: Full Scan (C:\|)
Objects scanned: 108316
Time elapsed: 16 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 17
Registry Values Infected: 4
Registry Data Items Infected: 5
Folders Infected: 2
Files Infected: 50

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\mlJDutQJ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\__c00D1000.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\__c0047100.dat (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ec3f64c-74c8-4b65-9630-564a08089510} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4ec3f64c-74c8-4b65-9630-564a08089510} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d4e5a6cc-7ed7-461c-9833-cf31239eac47} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d4e5a6cc-7ed7-461c-9833-cf31239eac47} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\agadoo (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85ea6fc8-08ce-d8bb-b313-062099c1489e} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{85ea6fc8-08ce-d8bb-b313-062099c1489e} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2f591276 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lafafrcllry (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{91-12-2d-d9-dw} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ExploreUpdSched (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\mljdutqj -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljdutqj -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\windows\system32\__c0047100.dat -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: system32\__c0047100.dat -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\webHancer (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs (Adware.Webhancer) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\mlJDutQJ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\JQtuDJlm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\JQtuDJlm.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljlabv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jrqmtoow.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wootmqrj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ouvyppjk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBuSKAP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqpnmjK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jfeklfwu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nxwgri.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NX\ceb3CMU4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vp2\EXNL47i.exe (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\I2\FES9U13.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\WINDOWS\U3R1YXJ0\asappsrv.dll (Adware.CommAd) -> Quarantined and deleted successfully.
C:\WINDOWS\U3R1YXJ0\command.exe (Adware.CommAd) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\webhdll.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP227\A0157855.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP235\A0163753.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP235\A0164737.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP235\A0164743.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP235\A0164744.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP235\A0164745.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP236\A0166772.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP236\A0166773.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP236\A0166776.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP236\A0166780.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP236\A0166781.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP236\A0166783.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP236\A0166785.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP236\A0166787.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP237\A0168893.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP237\A0169076.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP237\A0169084.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP237\A0169085.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP237\A0169086.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rpxmugjlbwtnpa.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dwwnw64r.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rlwnw64l.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lcntqtdl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0012D15.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00FACDF.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00D1000.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\__c0047100.dat (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\Temp\TDSS48d2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\TDSS4c1e.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\TDSS8c9a.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.


Adobe Acrobat 5.0


Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
Askey HSFi V.90(V.92) 56K PCI Modem
Aspire Screen Saver
Bonjour
CCleaner (remove only)
Collab
ConvertXtoDVD 3.2.0.52
DivX Codec
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
iTunes
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Last.fm 1.5.2.38918
Lexmark 2500 Series
Logitech iTouch Software
Logitech User's Guide
Malwarebytes' Anti-Malware
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Publisher 2002
MobileMe Control Panel
MouseWare 9.43
Mozilla Firefox (3.0.4)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NVIDIA Windows 2000/XP Display Drivers
PoiZone
QuickTime
RON Tool Agadoo
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SiS315 V2.04WHQL
Sound Blaster Audigy
Tansee iPod Transfer v3.8
Total Video Converter 3.12 080330
Trend Micro Internet Security Pro
Trend Micro Internet Security Pro
Trend Micro Remote File Lock
Trend Micro TrendProtect for Internet Explorer
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB951072-v2)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
aussie123
Active Member
 
Posts: 10
Joined: November 27th, 2008, 3:18 am

Re: Need Help With Comp Suspected Malware

Unread postby MikeSwim07 » November 29th, 2008, 8:45 am

Hello aussie123,

Are you able to get into normal mode?

The reason I ask is because Safe mode with networking is very dangerous to your computer and information. Trojans can freely send information back and forth between your computer and their servers.

Can you get into normal mode and post a Hijackthis log from there?
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Need Help With Comp Suspected Malware

Unread postby aussie123 » November 29th, 2008, 9:09 am

Sure.On that note im no longer havin the problems i stated in my earlier posts once i ran malwarebytes. Ive ran a few scans and i keep getting this same infection Trojan Downloader, it gets quarantined and deleted but comes back when i re scan.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP242\A0175585.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:57 AM, on 11/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\CD Art Display\CAD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acer.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {4EC3F64C-74C8-4B65-9630-564A08089510} - C:\WINDOWS\system32\mlJDutQJ.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - AppInit_DLLs: C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 5920 bytes
aussie123
Active Member
 
Posts: 10
Joined: November 27th, 2008, 3:18 am

Re: Need Help With Comp Suspected Malware

Unread postby MikeSwim07 » November 29th, 2008, 12:43 pm

Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please post both RSIT logs on your next reply.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Need Help With Comp Suspected Malware

Unread postby aussie123 » November 29th, 2008, 8:37 pm

info.txt logfile of random's system information tool 1.04 2008-11-30 11:33:31

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy\Program\Ctzapxx.EXE" /U /S /R
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\ADOBE\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\ADOBE\SHOCKW~1\INSTALL.LOG
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Askey HSFi V.90(V.92) 56K PCI Modem-->C:\Program Files\Askey\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D89144F\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F00&SUBSYS_8D89144F
Aspire Screen Saver-->C:\WINDOWS\Aspire.scr /u
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CD Art Display 2.0-->"C:\Program Files\CD Art Display\unins000.exe"
ConvertXtoDVD 3.2.0.52-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
HijackThis 2.0.2-->"C:\Documents and Settings\Administrator\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Last.fm 1.5.2.38918-->"C:\Program Files\Last.fm\unins000.exe"
Lexmark 2500 Series-->C:\Program Files\Lexmark 2500 Series\Install\x86\Uninst.exe
Logitech iTouch Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\SETUP.EXE" -l0x9 UNINSTALL
Logitech User's Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBE0FCA1-4E95-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Publisher 2002-->MsiExec.exe /I{91190409-6000-11D3-8CFE-0050048383C9}
MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
MouseWare 9.43 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SiS315 V2.04WHQL-->RUNDLL32 setuplib.dll,UnInstall ,315&ISUNINST -f"C:\PROGRA~1\SIS315~1.04W\DeIsL1.isu"&P.U 4 sisgr.inf&-1
Sound Blaster Audigy-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\SETUP.EXE" -l0x9
Tansee iPod Transfer v3.8-->"C:\Program Files\Tansee iPod Transfer\unins000.exe"
Total Video Converter 3.12 080330-->"C:\Program Files\Total Video Converter\unins000.exe"
Trend Micro Internet Security Pro-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security Pro-->MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
Trend Micro Remote File Lock-->C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FileLockSetup.exe /uninst
Trend Micro TrendProtect for Internet Explorer-->MsiExec.exe /X{D5462C8A-D08C-4163-8293-82F2E11A2760}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: Trend Micro Internet Security Pro (enabled)
FW: Trend Micro Personal Firewall (enabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.04 (written by random/random)
Run by Dullar at 2008-11-30 11:32:46
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 26 GB (67%) free of 38 GB
Total RAM: 1015 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:08 AM, on 11/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dullar\Desktop\RSIT.exe
C:\Documents and Settings\Administrator\Desktop\Dullar.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acer.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {4EC3F64C-74C8-4B65-9630-564A08089510} - C:\WINDOWS\system32\mlJDutQJ.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - AppInit_DLLs: C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 6133 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4EC3F64C-74C8-4B65-9630-564A08089510}]
C:\WINDOWS\system32\mlJDutQJ.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - Transaction Protector - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll [2007-09-16 103760]
{F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - TrendProtect - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll [2007-09-07 566536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"=C:\WINDOWS\htpatch.exe [2002-10-30 28672]
"EM_EXEC"=C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE [2002-01-28 35328]
"nwiz"=nwiz.exe /install []
"WINDVDPatch"=C:\WINDOWS\system32\CTHELPER.EXE [2002-02-08 40960]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"Jet Detection"=C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe [2001-10-04 28672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
C:\Program Files\Lexmark 2500 Series\lxddamon.exe [2007-04-30 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
C:\Program Files\Lexmark 2500 Series\lxddmon.exe [2007-06-11 291760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\System32\NvCpl.dll [2002-09-27 4214784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UfSeAgnt.exe]
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-07-29 1398024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Program Files\Logitech\iTouch\iTouch.exe [2002-02-25 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Malwarebytes' Anti-Malware.lnk]
C:\PROGRA~1\MALWAR~1\mbam.exe [2008-07-23 1195640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Stuart^Start Menu^Programs^Startup^Last.fm Helper.lnk]
C:\Program Files\Last.fm\LastFMHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\mlJDutQJ

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\System32\LXDDCOMS.EXE"="C:\WINDOWS\System32\LXDDCOMS.EXE:*:Enabled:Lexmark Communications System"
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Program Files\Lexmark 2500 Series\App4R.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\lxddPSWX.EXE"="C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\lxddPSWX.EXE:*:Enabled: "
"C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\lxddjswx.exe"="C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\lxddjswx.exe:*:Enabled: "
"C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\LXDDtime.exe"="C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\LXDDtime.exe:*:Enabled: "
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Lexmark 2500 Series\app4r.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-11-30 11:32:46 ----D---- C:\rsit
2008-11-29 23:51:48 ----D---- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-11-29 23:50:25 ----D---- C:\Program Files\Last.fm
2008-11-29 23:30:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-29 21:21:20 ----A---- C:\WINDOWS\system32\wmpuice.dll
2008-11-29 21:21:19 ----D---- C:\Program Files\CD Art Display
2008-11-29 20:34:09 ----D---- C:\Program Files\Winamp
2008-11-29 20:34:09 ----D---- C:\Documents and Settings\Dullar\Application Data\Winamp
2008-11-29 20:03:41 ----D---- C:\Documents and Settings\Dullar\Application Data\Songbird2
2008-11-29 20:03:34 ----D---- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-11-29 19:47:55 ----SHD---- C:\Config.Msi
2008-11-29 18:26:10 ----D---- C:\Program Files\Windows Defender
2008-11-29 16:38:20 ----D---- C:\Program Files\xerox
2008-11-29 16:38:11 ----D---- C:\WINDOWS\Prefetch
2008-11-29 16:36:19 ----HD---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-29 16:36:06 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-29 16:35:55 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-29 16:35:42 ----HD---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-29 16:35:28 ----HD---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-29 16:35:16 ----HD---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-29 16:35:03 ----HD---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-29 16:34:53 ----HD---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-29 16:34:42 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-29 16:34:28 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-29 16:34:12 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-29 16:33:52 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-29 16:33:33 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-29 16:33:08 ----HD---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-29 16:32:48 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-29 16:32:29 ----HD---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-29 16:32:08 ----HD---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-29 16:31:48 ----HD---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-29 16:25:45 ----A---- C:\WINDOWS\setuplog.txt
2008-11-29 16:22:50 ----D---- C:\Program Files\Messenger
2008-11-29 16:22:14 ----D---- C:\WINDOWS\system32\scripting
2008-11-29 16:22:13 ----D---- C:\WINDOWS\l2schemas
2008-11-29 16:22:12 ----D---- C:\WINDOWS\system32\en
2008-11-29 16:22:12 ----D---- C:\Program Files\msn
2008-11-29 14:57:00 ----D---- C:\Documents and Settings\Dullar\Application Data\Apple Computer
2008-11-29 14:51:40 ----D---- C:\Documents and Settings\Dullar\Application Data\WinRAR
2008-11-29 14:25:49 ----D---- C:\Documents and Settings\Dullar\Application Data\Macromedia
2008-11-29 14:23:20 ----D---- C:\Documents and Settings\Dullar\Application Data\Mozilla
2008-11-29 13:54:09 ----D---- C:\Documents and Settings\Dullar\Application Data\Malwarebytes
2008-11-29 13:52:30 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-29 13:51:15 ----ASH---- C:\Documents and Settings\Dullar\Application Data\desktop.ini
2008-11-29 13:51:04 ----SD---- C:\Documents and Settings\Dullar\Application Data\Microsoft
2008-11-29 13:51:04 ----D---- C:\Documents and Settings\Dullar\Application Data\InterTrust
2008-11-29 13:51:04 ----D---- C:\Documents and Settings\Dullar\Application Data\Identities
2008-11-29 13:51:04 ----D---- C:\Documents and Settings\Dullar\Application Data\Adobe
2008-11-29 13:33:57 ----D---- C:\Avenger
2008-11-29 13:33:57 ----A---- C:\avenger.txt
2008-11-29 13:05:49 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-29 12:59:03 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-29 12:58:40 ----D---- C:\WINDOWS\ERDNT
2008-11-29 12:58:40 ----D---- C:\Qoobox
2008-11-29 12:19:40 ----A---- C:\WINDOWS\system32\xlumdb.dll
2008-11-29 12:19:37 ----A---- C:\WINDOWS\system32\wydsbojl.dll
2008-11-29 12:19:08 ----A---- C:\WINDOWS\system32\tynrerhr.dll
2008-11-27 17:41:30 ----A---- C:\WINDOWS\system32\vxcyhnlb.dll
2008-11-27 17:35:46 ----A---- C:\WINDOWS\system32\yhuiiomp.dll
2008-11-27 17:35:22 ----D---- C:\WINDOWS\temp
2008-11-27 17:33:47 ----A---- C:\smitfiles.txt
2008-11-27 17:30:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-27 17:28:50 ----A---- C:\WINDOWS\system32\niprxjcg.dll
2008-11-27 13:12:36 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-27 07:51:06 ----A---- C:\WINDOWS\system32\lokyvdfs.dll
2008-11-26 16:58:16 ----A---- C:\WINDOWS\wininit.ini
2008-11-25 21:42:11 ----A---- C:\WINDOWS\system32\g79.exe
2008-11-25 19:11:06 ----A---- C:\WINDOWS\system32\247ad608-.txt
2008-11-25 19:05:51 ----SHD---- C:\WINDOWS\U3R1YXJ0
2008-11-25 19:05:24 ----D---- C:\WINDOWS\system32\vp2
2008-11-25 19:05:24 ----D---- C:\WINDOWS\system32\L2
2008-11-25 19:05:24 ----D---- C:\WINDOWS\system32\I2
2008-11-25 19:05:23 ----D---- C:\WINDOWS\system32\NX
2008-11-25 19:05:10 ----D---- C:\Temp

======List of files/folders modified in the last 1 months======

2008-11-30 11:31:36 ----A---- C:\WINDOWS\ModemLog_Askey HSFi V.90(V.92) 56K PCI Modem.txt
2008-11-29 17:44:20 ----RASH---- C:\boot.ini
2008-11-29 17:44:20 ----A---- C:\WINDOWS\win.ini
2008-11-29 17:44:20 ----A---- C:\WINDOWS\system.ini
2008-11-29 16:41:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-25 21:42:44 ----A---- C:\WINDOWS\system32\kdfvmgr.exe
2008-11-25 21:42:44 ----A---- C:\WINDOWS\system32\Kdfhok.dll
2008-11-25 21:42:44 ----A---- C:\WINDOWS\system32\kdfapi.dll
2008-11-25 21:42:42 ----A---- C:\WINDOWS\system32\kdfmgr.exe
2008-11-04 11:10:26 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-02-15 65936]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 Cnxtdiag;Cnxtdiag; C:\WINDOWS\System32\DRIVERS\cnxtdiag.sys [2001-07-04 17776]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\fallback.sys [2001-07-13 310739]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\fsksnt.sys [2001-06-15 127405]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\k56nt.sys [2001-07-23 427167]
R2 MBAMDrvService;MBAMDrvService; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\faxnt.sys [2001-06-15 216987]
R2 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-08-16 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2008-08-16 205328]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\tonesnt.sys [2001-06-15 56639]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\v124nt.sys [2001-07-23 534605]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-08-16 1195448]
R3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys [2001-08-10 78498]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2002-09-30 417999]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\DRIVERS\itchfltr.sys [2002-09-28 10496]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.sys [2002-09-28 22210]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\system32\drivers\LHidUsb.Sys [2002-09-28 39936]
R3 LKbdFlt2;Logitech Keyboard Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys [2002-09-28 5842]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.sys [2002-09-28 67698]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-12 47360]
R3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\rksample.sys [2001-08-10 68006]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-04-01 45312]
R3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-01-23 257408]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2008-02-15 333328]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2001-08-10 585152]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-03-22 114944]
S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-03-22 835636]
S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-03-22 11068]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-03-22 211724]
S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-03-22 156604]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-03-22 991656]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 l8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042Pr2.sys [2002-09-28 50994]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 neokdss;neokdss; C:\WINDOWS\system32\Drivers\neokdss.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-09-27 1104282]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-03-22 195432]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 lxdd_device;lxdd_device; C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 537520]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-07-23 110200]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 698888]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2007-12-24 333064]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-09-27 65536]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2008-02-16 488768]
S3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-02-16 648456]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------
aussie123
Active Member
 
Posts: 10
Joined: November 27th, 2008, 3:18 am

Re: Need Help With Comp Suspected Malware

Unread postby MikeSwim07 » November 30th, 2008, 9:29 am

Backup the Registry

  • Download ERUNT
  • Save it to your desktop. Right click on the downloaded file(erunt.zip) and click Extract.Follow the prompts to extract the file.
  • Now click on the folder "erunt" and find and double click on the file called Erunt.exe
  • Click OK. Then Click OK again.
  • Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.

Download and Run OTMoveIt3
Download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double-click on OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: Select all
    :files
    C:\Program Files\LimeWire\
    C:\Program Files\DNA\
    C:\Program Files\BitTorrent\
    C:\WINDOWS\system32\xlumdb.dll
    C:\WINDOWS\system32\wydsbojl.dll
    C:\WINDOWS\system32\tynrerhr.dll
    C:\WINDOWS\system32\vxcyhnlb.dll
    C:\WINDOWS\system32\yhuiiomp.dll
    C:\WINDOWS\system32\niprxjcg.dll
    C:\WINDOWS\system32\lokyvdfs.dll
    C:\WINDOWS\system32\g79.exe
    C:\WINDOWS\system32\247ad608-.txt
    C:\WINDOWS\U3R1YXJ0
    C:\WINDOWS\system32\vp2
    C:\WINDOWS\system32\L2
    C:\WINDOWS\system32\I2
    C:\WINDOWS\system32\NX
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4EC3F64C-74C8-4B65-9630-564A08089510}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):"msv1_0"
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\LimeWire\LimeWire.exe"=-
    "C:\Program Files\DNA\btdna.exe"=-
    "C:\Program Files\BitTorrent\bittorrent.exe"=-
    
    
    
  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • If you are not asked to reboot close OTMoveIt3.
  • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

Download and Run DAFT

Please download DAFT and save it to your desktop.

Run DAFT
  • Double-click the daft.exe icon. Read the disclaimer and click OK.
  • Click on the Scan button.
  • Place a checkmark next to the following entries:
    • .reg
    • .scr
  • Click the Fix button.
  • Click on the Scan button again.
  • Save the logfile to your desktop, by default it will save as daft.txt.

Please post the OTMoveIt3 log and the daft log.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Need Help With Comp Suspected Malware

Unread postby aussie123 » November 30th, 2008, 9:49 am

========== FILES ==========
Folder C:\Program Files\LimeWire not found.
Folder C:\Program Files\DNA not found.
Folder C:\Program Files\BitTorrent not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xlumdb.dll
C:\WINDOWS\system32\xlumdb.dll NOT unregistered.
C:\WINDOWS\system32\xlumdb.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wydsbojl.dll
C:\WINDOWS\system32\wydsbojl.dll NOT unregistered.
C:\WINDOWS\system32\wydsbojl.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tynrerhr.dll
C:\WINDOWS\system32\tynrerhr.dll NOT unregistered.
C:\WINDOWS\system32\tynrerhr.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vxcyhnlb.dll
C:\WINDOWS\system32\vxcyhnlb.dll NOT unregistered.
C:\WINDOWS\system32\vxcyhnlb.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yhuiiomp.dll
C:\WINDOWS\system32\yhuiiomp.dll NOT unregistered.
C:\WINDOWS\system32\yhuiiomp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\niprxjcg.dll
C:\WINDOWS\system32\niprxjcg.dll NOT unregistered.
C:\WINDOWS\system32\niprxjcg.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\lokyvdfs.dll
C:\WINDOWS\system32\lokyvdfs.dll NOT unregistered.
C:\WINDOWS\system32\lokyvdfs.dll moved successfully.
C:\WINDOWS\system32\g79.exe moved successfully.
C:\WINDOWS\system32\247ad608-.txt moved successfully.
C:\WINDOWS\U3R1YXJ0 moved successfully.
C:\WINDOWS\system32\vp2 moved successfully.
C:\WINDOWS\system32\L2 moved successfully.
C:\WINDOWS\system32\I2 moved successfully.
C:\WINDOWS\system32\NX moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4EC3F64C-74C8-4B65-9630-564A08089510}\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):"msv1_0" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\DNA\btdna.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\BitTorrent\bittorrent.exe deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12012008_004603

and DAFT LOG

DAFT Log saved on 2008-12-01 00:48:49
-----------------------------------------------------------------------
All associations okay!
aussie123
Active Member
 
Posts: 10
Joined: November 27th, 2008, 3:18 am

Re: Need Help With Comp Suspected Malware

Unread postby MikeSwim07 » November 30th, 2008, 9:58 am

Can I please see a new Hijackthis log?
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Need Help With Comp Suspected Malware

Unread postby aussie123 » November 30th, 2008, 10:03 am

Sure,cheers again for yo help man.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:40 AM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acer.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 5876 bytes
aussie123
Active Member
 
Posts: 10
Joined: November 27th, 2008, 3:18 am

Re: Need Help With Comp Suspected Malware

Unread postby MikeSwim07 » November 30th, 2008, 10:14 am

Can you please re-run RSIT and post both logs.

How is everything running now?
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Need Help With Comp Suspected Malware

Unread postby aussie123 » November 30th, 2008, 10:21 am

When i run rsit it only creates one log? :?
aussie123
Active Member
 
Posts: 10
Joined: November 27th, 2008, 3:18 am

Re: Need Help With Comp Suspected Malware

Unread postby aussie123 » November 30th, 2008, 10:23 am

Logfile of random's system information tool 1.04 (written by random/random)
Run by Dullar at 2008-12-01 01:21:41
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 26 GB (67%) free of 38 GB
Total RAM: 1015 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:45 AM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\Documents and Settings\Dullar\Desktop\RSIT.exe
C:\Documents and Settings\Administrator\Desktop\Dullar.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acer.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 5923 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - Transaction Protector - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll [2007-09-16 103760]
{F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - TrendProtect - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll [2007-09-07 566536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"=C:\WINDOWS\htpatch.exe [2002-10-30 28672]
"EM_EXEC"=C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE [2002-01-28 35328]
"nwiz"=nwiz.exe /install []
"WINDVDPatch"=C:\WINDOWS\system32\CTHELPER.EXE [2002-02-08 40960]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"Jet Detection"=C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe [2001-10-04 28672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
C:\Program Files\Lexmark 2500 Series\lxddamon.exe [2007-04-30 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
C:\Program Files\Lexmark 2500 Series\lxddmon.exe [2007-06-11 291760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\System32\NvCpl.dll [2002-09-27 4214784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UfSeAgnt.exe]
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-07-29 1398024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Program Files\Logitech\iTouch\iTouch.exe [2002-02-25 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Malwarebytes' Anti-Malware.lnk]
C:\PROGRA~1\MALWAR~1\mbam.exe [2008-07-23 1195640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Stuart^Start Menu^Programs^Startup^Last.fm Helper.lnk]
C:\Program Files\Last.fm\LastFMHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\System32\LXDDCOMS.EXE"="C:\WINDOWS\System32\LXDDCOMS.EXE:*:Enabled:Lexmark Communications System"
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Program Files\Lexmark 2500 Series\App4R.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\lxddPSWX.EXE"="C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\lxddPSWX.EXE:*:Enabled: "
"C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\lxddjswx.exe"="C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\lxddjswx.exe:*:Enabled: "
"C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\LXDDtime.exe"="C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\LXDDtime.exe:*:Enabled: "
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Lexmark 2500 Series\app4r.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-12-01 00:46:03 ----D---- C:\_OTMoveIt
2008-11-30 20:46:46 ----HD---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-30 11:32:46 ----D---- C:\rsit
2008-11-29 23:51:48 ----D---- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-11-29 23:50:25 ----D---- C:\Program Files\Last.fm
2008-11-29 23:30:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-29 21:21:20 ----A---- C:\WINDOWS\system32\wmpuice.dll
2008-11-29 21:21:19 ----D---- C:\Program Files\CD Art Display
2008-11-29 20:34:09 ----D---- C:\Program Files\Winamp
2008-11-29 20:34:09 ----D---- C:\Documents and Settings\Dullar\Application Data\Winamp
2008-11-29 20:03:41 ----D---- C:\Documents and Settings\Dullar\Application Data\Songbird2
2008-11-29 20:03:34 ----D---- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-11-29 19:47:55 ----SHD---- C:\Config.Msi
2008-11-29 18:26:10 ----D---- C:\Program Files\Windows Defender
2008-11-29 16:38:20 ----D---- C:\Program Files\xerox
2008-11-29 16:38:11 ----D---- C:\WINDOWS\Prefetch
2008-11-29 16:36:19 ----HD---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-29 16:36:06 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-29 16:35:55 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-29 16:35:42 ----HD---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-29 16:35:28 ----HD---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-29 16:35:16 ----HD---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-29 16:35:03 ----HD---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-29 16:34:53 ----HD---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-29 16:34:42 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-29 16:34:28 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-29 16:34:12 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-29 16:33:52 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-29 16:33:33 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-29 16:33:08 ----HD---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-29 16:32:48 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-29 16:32:29 ----HD---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-29 16:32:08 ----HD---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-29 16:31:48 ----HD---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-29 16:25:45 ----A---- C:\WINDOWS\setuplog.txt
2008-11-29 16:22:50 ----D---- C:\Program Files\Messenger
2008-11-29 16:22:14 ----D---- C:\WINDOWS\system32\scripting
2008-11-29 16:22:13 ----D---- C:\WINDOWS\l2schemas
2008-11-29 16:22:12 ----D---- C:\WINDOWS\system32\en
2008-11-29 16:22:12 ----D---- C:\Program Files\msn
2008-11-29 16:15:59 ----A---- C:\WINDOWS\imsins.BAK
2008-11-29 14:57:00 ----D---- C:\Documents and Settings\Dullar\Application Data\Apple Computer
2008-11-29 14:51:40 ----D---- C:\Documents and Settings\Dullar\Application Data\WinRAR
2008-11-29 14:25:49 ----D---- C:\Documents and Settings\Dullar\Application Data\Macromedia
2008-11-29 14:23:20 ----D---- C:\Documents and Settings\Dullar\Application Data\Mozilla
2008-11-29 13:54:09 ----D---- C:\Documents and Settings\Dullar\Application Data\Malwarebytes
2008-11-29 13:52:30 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-29 13:51:15 ----ASH---- C:\Documents and Settings\Dullar\Application Data\desktop.ini
2008-11-29 13:51:04 ----SD---- C:\Documents and Settings\Dullar\Application Data\Microsoft
2008-11-29 13:51:04 ----D---- C:\Documents and Settings\Dullar\Application Data\InterTrust
2008-11-29 13:51:04 ----D---- C:\Documents and Settings\Dullar\Application Data\Identities
2008-11-29 13:51:04 ----D---- C:\Documents and Settings\Dullar\Application Data\Adobe
2008-11-29 13:33:57 ----D---- C:\Avenger
2008-11-29 13:33:57 ----A---- C:\avenger.txt
2008-11-29 13:05:49 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-29 12:59:03 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-29 12:58:40 ----D---- C:\WINDOWS\ERDNT
2008-11-29 12:58:40 ----D---- C:\Qoobox
2008-11-27 17:35:22 ----D---- C:\WINDOWS\temp
2008-11-27 17:33:47 ----A---- C:\smitfiles.txt
2008-11-27 17:30:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-27 13:12:36 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-26 16:58:16 ----A---- C:\WINDOWS\wininit.ini
2008-11-25 19:05:10 ----D---- C:\Temp

======List of files/folders modified in the last 1 months======

2008-12-01 00:53:40 ----A---- C:\WINDOWS\ModemLog_Askey HSFi V.90(V.92) 56K PCI Modem.txt
2008-11-29 17:44:20 ----RASH---- C:\boot.ini
2008-11-29 17:44:20 ----A---- C:\WINDOWS\win.ini
2008-11-29 17:44:20 ----A---- C:\WINDOWS\system.ini
2008-11-29 16:41:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-25 21:42:44 ----A---- C:\WINDOWS\system32\kdfvmgr.exe
2008-11-25 21:42:44 ----A---- C:\WINDOWS\system32\Kdfhok.dll
2008-11-25 21:42:44 ----A---- C:\WINDOWS\system32\kdfapi.dll
2008-11-25 21:42:42 ----A---- C:\WINDOWS\system32\kdfmgr.exe
2008-11-04 11:10:26 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-02-15 65936]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 Cnxtdiag;Cnxtdiag; C:\WINDOWS\System32\DRIVERS\cnxtdiag.sys [2001-07-04 17776]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\fallback.sys [2001-07-13 310739]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\fsksnt.sys [2001-06-15 127405]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\k56nt.sys [2001-07-23 427167]
R2 MBAMDrvService;MBAMDrvService; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\faxnt.sys [2001-06-15 216987]
R2 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-08-16 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2008-08-16 205328]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\tonesnt.sys [2001-06-15 56639]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\v124nt.sys [2001-07-23 534605]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-08-16 1195448]
R3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys [2001-08-10 78498]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2002-09-30 417999]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\DRIVERS\itchfltr.sys [2002-09-28 10496]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.sys [2002-09-28 22210]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\system32\drivers\LHidUsb.Sys [2002-09-28 39936]
R3 LKbdFlt2;Logitech Keyboard Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys [2002-09-28 5842]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.sys [2002-09-28 67698]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-12 47360]
R3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\rksample.sys [2001-08-10 68006]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-04-01 45312]
R3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-01-23 257408]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2008-02-15 333328]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2001-08-10 585152]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-03-22 114944]
S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-03-22 835636]
S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-03-22 11068]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-03-22 211724]
S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-03-22 156604]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-03-22 991656]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 l8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042Pr2.sys [2002-09-28 50994]
S3 neokdss;neokdss; C:\WINDOWS\system32\Drivers\neokdss.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-09-27 1104282]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-03-22 195432]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 lxdd_device;lxdd_device; C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 537520]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-07-23 110200]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 698888]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2007-12-24 333064]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-09-27 65536]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2008-02-16 488768]
S3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-02-16 648456]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------
aussie123
Active Member
 
Posts: 10
Joined: November 27th, 2008, 3:18 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 46 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware