Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trend problem...Posting logs..

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijack This Log: I cant get rid of two processes:

Unread postby molly » August 19th, 2009, 3:05 am

I have been trying to get rid of a CAV/Comodo system file, I downloaded it when trying to clean, then it took days to get rid of it, I disabled the running of it. Also, a2antimalware is also still in system files..also disabled but I dont know how to clean. I have 1 year left on Dell warranty with Trend microcillin and I have been trying to download the upgrade with their "help" since July with no luck...I thought maybe these system files might be blocking Trend from fully opening..cus it downloads but error message when trying to open. I had to remove spybot while trying to upgrade Trend. I appreciate all assistance greatly.
Two log files follow:
Spybot:
Protocol 0: Comodo AntiVirus LSP Provider over [MSAFD Tcpip [TCP/IP]]
GUID: {B37E18B0-81CE-4360-BDFA-1B412DABAB9A}
Filename: C:\WINDOWS\system32\CavEmLSP.dll

Protocol 1: Comodo AntiVirus LSP Provider over [MSAFD Tcpip [UDP/IP]]
GUID: {945536A4-44C1-4C56-92F7-C8E45C598786}
Filename: C:\WINDOWS\system32\CavEmLSP.dll

Protocol 2: Comodo AntiVirus LSP Provider over [MSAFD Tcpip [RAW/IP]]
GUID: {026E897E-CA25-482A-9477-FDC475322EEA}
Filename: C:\WINDOWS\system32\CavEmLSP.dll

Protocol 3: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 4: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 5: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 6: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C74F5E0D-64F4-4FD2-804C-B085B1726366}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C74F5E0D-64F4-4FD2-804C-B085B1726366}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D9FFCBCF-F457-4943-872A-81423B700D09}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D9FFCBCF-F457-4943-872A-81423B700D09}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D6660C00-3601-415B-8F4A-4BD61837E73A}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D6660C00-3601-415B-8F4A-4BD61837E73A}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{04F5FC3A-9CB5-4913-A47A-5718C3499C9C}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{04F5FC3A-9CB5-4913-A47A-5718C3499C9C}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{29B39846-0902-49E5-B96A-2F1FC54E9A72}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{29B39846-0902-49E5-B96A-2F1FC54E9A72}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F9FBC39-C724-4E7B-AEFD-EDFE1FAC9BF8}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F9FBC39-C724-4E7B-AEFD-EDFE1FAC9BF8}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: Comodo AntiVirus LSP Provider
GUID: {64583DB0-D19A-44E8-B7BA-9CD9A94F42E8}
Filename: C:\WINDOWS\system32\CavEmLSP.dll

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP

Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:00 PM, on 8/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Molly\Desktop\HijackThis.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=5061108
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Molly
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Molly\Desktop\HijackThis.exe /startupscan
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) -
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{04F5FC3A-9CB5-4913-A47A-5718C3499C9C}: NameServer = 205.171.3.65
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9FFCBCF-F457-4943-872A-81423B700D09}: NameServer = 205.171.3.65,205.171.2.65
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9c70025e35474) (gupdate1c9c70025e35474) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9815 bytes
You do not have the required permissions to view the files attached to this post.
molly
Active Member
 
Posts: 7
Joined: August 19th, 2009, 2:49 am
Advertisement
Register to Remove

Re: Hijack This Log: I cant get rid of two processes:

Unread postby MWR 3 day Mod » August 22nd, 2009, 12:16 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Hijack This Log: I cant get rid of two processes:

Unread postby askey127 » August 24th, 2009, 8:12 am

Hi molly,
There could be problems with either computer hardware or improperly removed files here.
You would need help from a Systems forum to fix those issues.

Here at MWR we can attempt to remove any infections that may be corrupting your system experience.
When we finish, you may still have work to do on the system/hardware front.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) -
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
Retrieve the List of Installed programs Using HJT
Open HijackThis, click Open The Misc Tools Section. Then scroll down the list if you need to, click Open Uninstall Manager and Save List...
The List of installed programs will automatically be saved as uninstall_list.txt in your HiJackThis folder.
In addition, the list opens in Notepad so you can also save as another name in another location if you wish.
Please paste the contents into your next reply.
-----------------------------------------------
Run the RSIT Scanner
Please download the scanner from here and save it to your desktop. The icon will be named RSIT.exe
Doubleclick the RSIT icon.
When the scan is complete, two text files will open
log.txt <- this one will be maximized
info.txt <- this one will be minimized
( Default location for both files is C:\rsit\ )
Copy/Paste the contents of both log.txt and info.txt into your next post please. Use two posts if you prefer.

So we are looking for the Installed Programs list from HiJackThis, and the two logs from the RSIT scanner. Use separate posts if you prefer.
Also please tell me if Qwest is your Internet provider.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Trend problem...Posting logs..

Unread postby molly » August 24th, 2009, 6:45 pm

Thank you for taking the time......I so appreciate the guidance.... Yes....I am using Qwest...it is actually my housemates acct..and I am wireless....attaching the the three requests. I am not sure if you wish it attached or inline..so hopefully I wont mess things up too bad if I do both. I will do this in two posts.

Thank you again...
Molly
Hijack This uninstall List:

Bit HP CIO Components Installer
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.2
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
Bejeweled 2 Deluxe (remove only)
Bonjour
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner (remove only)
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Defraggler (remove only)
Delicious 2 Deluxe
Dell Support 3.2
Dell Support Center (Support Software)
Dell Wireless WLAN Card
Desktop Notifier
Digital Content Portal
Digital Line Detect
Dirk Dashing: Secret Agent!
Documentation & Support Launcher
DriverAgent by TouchStone Software
EducateU
ESPNMotion
FATE from Yahoo! (remove only)
Games, Music, & Photos Launcher
Google Update Helper
GoToAssist 8.0.0.514
Hidden Expedition Titanic
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Product Assistant
HP Solution Center 9.0
HP Update
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 15
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Karen's Directory Printer
KeyScrambler
MediaDirect
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Modem Helper
Monopoly Here & Now Edition (remove only)
Mozilla Firefox (3.5.2)
Mozilla Thunderbird (2.0.0.23)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Mystery of Shark Island
Netflix Movie Viewer
NetWaiting
Otto
OutlookAddinSetup
Paint.NET v3.36
Photo Story 3 for Windows
Qualxserve Service Agreement
QuickSet
QuickTime
Real Alternative 1.7.5
SearchAssist
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SharpReader 0.9.7.0
Skype™ 3.6
Sonic Audio module
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 9
Stellarium 0.9.1
Synaptics Pointing Device Driver
Time Paradox 1.00
Trend Micro Internet Security
Trend Micro Internet Security
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
User Agent String Utility
Ventrilo Client
Winamp
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
Yahoo! Messenger
Yahtzee
You do not have the required permissions to view the files attached to this post.
molly
Active Member
 
Posts: 7
Joined: August 19th, 2009, 2:49 am

Trend Problems 2... posting reply

Unread postby molly » August 24th, 2009, 6:53 pm

Hello...attached is the two log txt file from RSIT. Inline is the log file. Hope I did it right.

Thank you !

Molly

Logfile of random's system information tool 1.06 (written by random/random)
Run by Molly at 2009-08-24 15:31:36
Microsoft Windows XP Professional Service Pack 3
System drive C: has 74 GB (69%) free of 108 GB
Total RAM: 2046 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:31:44 PM, on 8/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Molly\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Molly.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=5061108
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Molly
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{04F5FC3A-9CB5-4913-A47A-5718C3499C9C}: NameServer = 205.171.3.65
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9FFCBCF-F457-4943-872A-81423B700D09}: NameServer = 205.171.3.65,205.171.2.65
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9c70025e35474) (gupdate1c9c70025e35474) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9540 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Defraggler Volume C Task.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{49776214-E53E-47A8-BF04-4483843ED4DF}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}]
KeyScramblerBHO Class - C:\Program Files\KeyScrambler\KeyScramblerIE.dll [2009-08-18 793328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 118844]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-08-30 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-10-09 2183168]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-05-02 184320]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-05-31 122941]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-01-30 206064]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-09-22 1398024]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-08-24 318272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2008-03-25 214360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-08-01 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Dell\MediaDirect\PCMService.exe"="C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Disabled:CyberLink PowerCinema Resident Program"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Disabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Disabled:Orb Stream Client"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Disabled:OrbTray"
"C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Disabled:Pando Application"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Yahoo! Games\Magic Ball\MagicBall.exe"="C:\Program Files\Yahoo! Games\Magic Ball\MagicBall.exe:*:Disabled:MagicBall"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\Documents and Settings\Molly\Local Settings\Application Data\Xenocode\ApplianceCaches\KumaClient.exe_v4B8EBC79\Native\STUBEXE\@PROGRAMFILES@\Kuma Games\Kuma.exe"="C:\Documents and Settings\Molly\Local Settings\Application Data\Xenocode\ApplianceCaches\KumaClient.exe_v4B8EBC79\Native\STUBEXE\@PROGRAMFILES@\Kuma Games\Kuma.exe:*:Disabled:Kuma"
"C:\Program Files\xchat\xchat.exe"="C:\Program Files\xchat\xchat.exe:*:Disabled:XChat IRC Client"
"C:\Program Files\Call of Duty\CoDUOMP.exe"="C:\Program Files\Call of Duty\CoDUOMP.exe:*:Disabled:CoDUOMP"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Disabled:Ventrilo.exe"
"C:\Documents and Settings\Molly\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Molly\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Disabled:Google Talk Plugin"
"C:\Documents and Settings\Molly\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Molly\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Disabled:Google Talk Plugin"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft Fax Console"
"C:\Program Files\Storm Eagle Studios\Distant Guns RJW Enhanced\DG_RJWp.exe"="C:\Program Files\Storm Eagle Studios\Distant Guns RJW Enhanced\DG_RJWp.exe:*:Disabled:Distant Guns, RJW"
"C:\Program Files\WildTangent\Blasterball 2\BB2.exe"="C:\Program Files\WildTangent\Blasterball 2\BB2.exe:*:Disabled:BB2"
"C:\Documents and Settings\All Users\Desktop\Downloads\iWin Games\iWinGames.exe"="C:\Documents and Settings\All Users\Desktop\Downloads\iWin Games\iWinGames.exe:*:Disabled:iWin Games application."
"C:\Documents and Settings\All Users\Desktop\Downloads\iWin Games\WebUpdater.exe"="C:\Documents and Settings\All Users\Desktop\Downloads\iWin Games\WebUpdater.exe:*:Disabled:iWin Games updater."
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\MoRUN.net\StickerLite\sticker.exe"="C:\Program Files\MoRUN.net\StickerLite\sticker.exe:*:Disabled:MoRUN.net Sticker Lite"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe


======List of files/folders created in the last 3 months======

2009-08-24 15:31:36 ----D---- C:\rsit
2009-08-24 15:02:34 ----D---- C:\Program Files\BitTorrent
2009-08-24 15:01:14 ----D---- C:\Documents and Settings\Molly\Application Data\BitTorrent
2009-08-24 15:01:02 ----D---- C:\Program Files\DNA
2009-08-24 15:01:02 ----D---- C:\Documents and Settings\Molly\Application Data\DNA
2009-08-24 14:49:36 ----D---- C:\Program Files\Karen's Power Tools
2009-08-24 14:48:55 ----D---- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
2009-08-20 20:09:55 ----D---- C:\Documents and Settings\Molly\Application Data\HpUpdate
2009-08-20 20:09:53 ----D---- C:\WINDOWS\Hewlett-Packard
2009-08-20 19:35:55 ----D---- C:\Documents and Settings\All Users\Application Data\Trend Micro
2009-08-20 10:23:45 ----D---- C:\Documents and Settings\All Users\Application Data\SupportSoft
2009-08-20 10:23:38 ----D---- C:\Documents and Settings\All Users\Application Data\PCDr
2009-08-20 10:23:38 ----D---- C:\Documents and Settings\All Users\Application Data\PC-Doctor
2009-08-20 10:22:40 ----D---- C:\Program Files\Dell Support Center
2009-08-20 10:22:39 ----D---- C:\Program Files\Common Files\supportsoft
2009-08-20 10:19:59 ----D---- C:\Program Files\DIFX
2009-08-20 10:14:20 ----A---- C:\WINDOWS\system32\vcredist_x86.exe
2009-08-20 10:14:20 ----A---- C:\WINDOWS\system32\vcredist_x86.bat
2009-08-19 02:13:41 ----D---- C:\Documents and Settings\Molly\Application Data\Uniblue
2009-08-19 02:13:41 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2009-08-18 23:37:11 ----D---- C:\WINDOWS\system32\NtmsData
2009-08-18 23:37:04 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-08-18 22:24:24 ----A---- C:\WINDOWS\SIGVERIF.TXT
2009-08-18 17:51:21 ----D---- C:\Program Files\Trend Micro
2009-08-18 01:00:11 ----D---- C:\Program Files\MoRUN.net
2009-08-18 00:42:48 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-18 00:42:47 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-18 00:42:47 ----A---- C:\WINDOWS\system32\java.exe
2009-08-14 01:28:25 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-14 01:27:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-14 01:27:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-14 01:27:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-14 01:27:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-14 01:27:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-14 01:27:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-14 01:27:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-14 01:24:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-14 01:24:37 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-11 20:16:41 ----D---- C:\Program Files\iPod
2009-08-11 20:16:35 ----D---- C:\Program Files\iTunes
2009-08-03 23:44:27 ----D---- C:\Documents and Settings\All Users\Application Data\GameHouse
2009-08-03 12:38:40 ----D---- C:\WINDOWS\system32\log
2009-07-31 07:19:06 ----D---- C:\Documents and Settings\All Users\Application Data\3rd Eye Solutions
2009-07-21 02:57:58 ----D---- C:\game
2009-07-20 11:32:35 ----D---- C:\81919f872cdd0d068433
2009-07-19 00:41:23 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-07-14 23:10:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-14 23:10:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-14 23:07:58 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-14 21:27:06 ----D---- C:\Documents and Settings\Molly\Application Data\Conceptworld
2009-07-14 21:26:59 ----D---- C:\Program Files\Conceptworld
2009-07-12 12:04:57 ----D---- C:\Documents and Settings\Molly\Application Data\Games
2009-07-11 19:24:04 ----D---- C:\WINDOWS\system32\Molly
2009-07-11 00:07:12 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
2009-07-06 23:26:22 ----HD---- C:\Program Files\Uninstall Information
2009-07-06 02:39:22 ----D---- C:\Program Files\KeyScrambler
2009-07-01 15:51:02 ----D---- C:\WINDOWS\wt
2009-06-23 13:15:30 ----D---- C:\Program Files\Defraggler
2009-06-15 13:36:13 ----A---- C:\WINDOWS\Curses.INI
2009-06-15 13:01:14 ----HD---- C:\WINDOWS\PIF
2009-06-11 17:07:52 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 17:06:21 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 17:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 17:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

======List of files/folders modified in the last 3 months======

2009-08-24 15:30:21 ----D---- C:\WINDOWS\Temp
2009-08-24 15:30:21 ----D---- C:\WINDOWS
2009-08-24 15:27:04 ----D---- C:\WINDOWS\system32\dllcache
2009-08-24 15:26:59 ----D---- C:\WINDOWS\system32
2009-08-24 15:18:57 ----D---- C:\Program Files\Mozilla Firefox
2009-08-24 15:02:34 ----D---- C:\Program Files
2009-08-24 14:49:41 ----D---- C:\WINDOWS\Prefetch
2009-08-24 14:45:10 ----SHD---- C:\WINDOWS\Installer
2009-08-24 14:45:10 ----HD---- C:\Config.Msi
2009-08-24 14:45:10 ----D---- C:\Program Files\Common Files
2009-08-24 14:28:43 ----D---- C:\Program Files\Mozilla Thunderbird
2009-08-24 14:17:51 ----D---- C:\WINDOWS\Debug
2009-08-24 13:48:27 ----D---- C:\Documents and Settings
2009-08-24 00:24:53 ----D---- C:\Documents and Settings\Molly\Application Data\Apple Computer
2009-08-23 22:26:13 ----D---- C:\MDT
2009-08-23 20:26:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-23 20:25:02 ----D---- C:\WINDOWS\Registration
2009-08-23 20:24:24 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-08-22 11:25:13 ----D---- C:\Program Files\Hidden Expedition Titanic
2009-08-22 10:46:24 ----D---- C:\WINDOWS\system32\FxsTmp
2009-08-22 02:20:42 ----D---- C:\WINDOWS\security
2009-08-22 02:14:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-22 02:14:20 ----D---- C:\WINDOWS\system32\wbem
2009-08-22 02:09:41 ----SHD---- C:\WINDOWS\CSC
2009-08-22 02:09:34 ----D---- C:\WINDOWS\system32\drivers
2009-08-21 22:43:48 ----N---- C:\WINDOWS\system.ini
2009-08-21 22:43:48 ----ASH---- C:\boot.ini
2009-08-21 22:43:48 ----A---- C:\WINDOWS\win.ini
2009-08-21 22:43:45 ----D---- C:\WINDOWS\pss
2009-08-21 15:35:00 ----D---- C:\WINDOWS\Help
2009-08-20 19:36:34 ----HD---- C:\WINDOWS\inf
2009-08-20 10:23:04 ----D---- C:\dell
2009-08-20 10:22:17 ----D---- C:\Documents and Settings\All Users\Application Data\Dell
2009-08-20 10:21:40 ----D---- C:\Program Files\Broadcom
2009-08-20 10:19:57 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-08-20 10:19:45 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-20 10:17:18 ----D---- C:\Program Files\CyberLink
2009-08-19 13:12:24 ----D---- C:\WINDOWS\system32\config
2009-08-18 00:43:49 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-18 00:42:44 ----D---- C:\Program Files\Java
2009-08-14 01:27:28 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-14 01:27:12 ----D---- C:\Program Files\Outlook Express
2009-08-11 20:16:40 ----D---- C:\Program Files\Common Files\Apple
2009-08-07 11:16:31 ----D---- C:\Documents and Settings\Molly\Application Data\ZoomBrowser EX
2009-08-07 11:16:25 ----D---- C:\Documents and Settings\Molly\Application Data\CameraWindowDC
2009-08-06 00:43:23 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-05 02:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-03 09:58:58 ----D---- C:\WINDOWS\network diagnostic
2009-08-02 19:45:11 ----SD---- C:\WINDOWS\Tasks
2009-07-31 11:33:04 ----D---- C:\Documents and Settings\Molly\Application Data\Restorer
2009-07-29 17:49:16 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-29 10:24:32 ----D---- C:\WINDOWS\system32\en-US
2009-07-29 10:24:31 ----D---- C:\Program Files\Internet Explorer
2009-07-29 10:24:13 ----D---- C:\WINDOWS\ie7updates
2009-07-29 10:23:31 ----D---- C:\WINDOWS\WinSxS
2009-07-28 19:04:01 ----D---- C:\Documents and Settings\Molly\Application Data\SharpReader
2009-07-26 19:00:28 ----D---- C:\Documents and Settings\All Users\Application Data\Zylom
2009-07-26 17:57:03 ----D---- C:\Documents and Settings\Molly\Application Data\Identities
2009-07-25 05:23:00 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-21 11:47:33 ----D---- C:\Program Files\RealArcade
2009-07-21 11:47:33 ----D---- C:\Program Files\CCleaner
2009-07-20 12:49:50 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-20 11:34:39 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-20 11:34:17 ----D---- C:\WINDOWS\system32\XPSViewer
2009-07-20 11:34:16 ----RSD---- C:\WINDOWS\Fonts
2009-07-20 11:32:03 ----RSD---- C:\WINDOWS\assembly
2009-07-19 11:01:17 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-07-19 11:01:15 ----D---- C:\Program Files\NOS
2009-07-19 06:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 06:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-17 12:01:06 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-15 13:05:57 ----D---- C:\WINDOWS\system32\LogFiles
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmp.dll
2009-07-13 05:23:20 ----D---- C:\Program Files\Yahoo! Games
2009-07-12 12:42:46 ----SHD---- C:\RECYCLER
2009-07-11 16:32:00 ----SD---- C:\Documents and Settings\Molly\Application Data\Microsoft
2009-07-06 10:26:42 ----D---- C:\Program Files\DIGStream
2009-07-02 12:46:49 ----D---- C:\Program Files\GameHouse
2009-07-01 00:04:00 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-29 09:12:20 ----A---- C:\WINDOWS\system32\wininet.dll
2009-06-29 09:12:19 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-06-29 09:12:19 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-06-29 09:12:18 ----N---- C:\WINDOWS\system32\mstime.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\url.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\occache.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\msrating.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-06-29 09:12:16 ----N---- C:\WINDOWS\system32\iernonce.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-06-29 09:12:14 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-06-29 09:12:14 ----N---- C:\WINDOWS\system32\ieaksie.dll
2009-06-29 09:12:14 ----N---- C:\WINDOWS\system32\ieakeng.dll
2009-06-29 09:12:14 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-06-29 09:12:14 ----N---- C:\WINDOWS\system32\corpol.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\icardie.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\advpack.dll
2009-06-29 04:07:12 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-06-29 04:07:11 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-29 01:33:39 ----N---- C:\WINDOWS\system32\ieakui.dll
2009-06-27 21:16:11 ----D---- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2009-06-27 13:31:41 ----D---- C:\WINDOWS\system32\DirectX
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\secur32.dll
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\schannel.dll
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-06-24 15:17:17 ----D---- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2009-06-24 00:28:38 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-06-24 00:28:31 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-06-16 07:36:30 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 07:36:30 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-15 14:49:58 ----D---- C:\Program Files\Ventrilo
2009-06-12 05:31:40 ----A---- C:\WINDOWS\system32\tlntsess.exe
2009-06-12 05:31:39 ----A---- C:\WINDOWS\system32\telnet.exe
2009-06-11 17:07:33 ----D---- C:\Program Files\Microsoft Works
2009-06-10 09:19:38 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-06-10 07:13:29 ----A---- C:\WINDOWS\system32\avifil32.dll
2009-06-09 23:14:49 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-06-09 15:16:22 ----D---- C:\Program Files\QuickTime
2009-06-03 12:09:37 ----A---- C:\WINDOWS\system32\quartz.dll
2009-05-26 06:47:03 ----A---- C:\WINDOWS\system32\ieframe.dll.mui

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2005-05-13 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2005-05-13 23545]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2009-08-20 65936]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2005-04-21 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-05-31 25725]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-05-31 34845]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-05-31 4125]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-05-31 2241]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-05-31 86876]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-05-31 15069]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-05-31 6365]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-05-31 98716]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-05-31 100605]
R2 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2009-05-22 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2009-05-22 225296]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2009-05-22 1220120]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-10-09 1123328]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 KeyScrambler;KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [2009-07-30 114672]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2009-08-20 333328]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
R2 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-08-03 380928]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2009-04-10 703008]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2009-01-30 201968]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2009-08-20 337160]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-10-09 24064]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
R3 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2009-04-10 488768]
R3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-08-20 648456]
S2 gupdate1c9c70025e35474;Google Update Service (gupdate1c9c70025e35474); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-26 133104]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-08-01 16680]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 a2AntiMalware;a-squared Anti-Malware Service; C:\Program Files\a-squared Anti-Malware\a2service.exe []
S4 Comodo Anti-Virus and Anti-Spyware Service;Comodo Anti-Virus and Anti-Spyware Service; C:\Program Files\Comodo\common\CAVASpy\cavasm.exe []
S4 GameConsoleService;GameConsoleService; C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe []

-----------------EOF-----------------
info txt RSIT.txt
You do not have the required permissions to view the files attached to this post.
molly
Active Member
 
Posts: 7
Joined: August 19th, 2009, 2:49 am

Re: Trend problem...Posting logs..

Unread postby askey127 » August 25th, 2009, 7:28 am

molly,
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
Java(TM) 6 Update 5
Java(TM) 6 Update 7
J2SE Runtime Environment 5.0 Update 6
SearchAssist

DO NOT REMOVE Java(TM) 6 Update 15
Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program.
-----------------------------------------------------------
Open Notepad, paste the following code box contents into the text.
Code: Select all
sc delete "a2AntiMalware"
sc delete "Comodo Anti-Virus and Anti-Spyware Service"
sc delete "GameConsoleService"

Use Notepad's File, Save As to save it to your desktop as File type All Files (not as text file or it won't work), and file name FixSvc.bat
Exit Notepad and double click on FixSvc.bat
A Command window will flash on and off.
-----------------------------------------------------------
REBOOT your machine. Sign in to your usual account.
-----------------------------------------------------------
Folder Deletions
In Windows Explorer (My Computer), navigate to each folder shown below, highlight each one in turn shown in red, if found, and press Delete.

C:\Program Files\a-squared Anti-Malware\ <== this folder only
C:\Program Files\Comodo\ <== this folder only
C:\Program Files\DNA\ <== this folder only
C:\Program Files\WildGames\ <== this folder only

You may have to first open the folder, choose View, Details, and delete all the underlying files and folders before an entire folder can be deleted.
If you need to delete underlying files in a folder and are unable to do so:
Right click the file set for deletion, and check Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete.
If a message pops up saying "File in use", or something like that,, note the name of the file, hit Ctrl-Alt-Delete and look under the Processes tab. If the exact filename is in there, highlight it and click End Process, then retry Delete.
Please Note the name and location of any item you cannot delete, or any file not found.
-----------------------------------------------------------
Tell me anything you know about the HOSTS file on your machine, and let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Trend problem...Posting Reply.

Unread postby molly » August 25th, 2009, 4:57 pm

Hello,
I have completed your last instructions. I never saw an internet explorer file for Comodo or A2AntiMalware or Wild Games in program files...I looked in running /active processes- nothing there now.

update: Trend interface is still not opening, no change there.
I dont know anything useful, I'm sure about the Hosts File, cept..what I saw in Spybot when it was installed.

In case its important..when I turn my laptop on and it loads to the Windows log on page....with my user profile...I get an error message of sorts..its been happening for the last two months... This is what it says:
The instruction at "0x7c91b21a" referenced
memory at :0x00000010". The memory
could not be "written".
Click OK to terminate or click on Cancel to debug. It doesnt interfere with computer loading once I click one option or the other. I have clicked on both options many times now and it continues to appear.

Is it possible my user profile, security policies...are confused..?

Thank you !!!
Please let me know any/what info might be helpful..and if capable .... will do..
molly
Active Member
 
Posts: 7
Joined: August 19th, 2009, 2:49 am

Re: Trend problem...Posting logs..

Unread postby askey127 » August 25th, 2009, 5:08 pm

molly,
The notice on bootup does sound like a hardware RAM memory problem, not malware.

The following is not too simple, but is really the only way to get a test of your memory.
There are instructions on the site-may be better than mine.
-------------------------------------------------------
If you are able to do so, Make a Memtest boot floppy or boot CD and run it.
The download page is here: http://www.memtest86.com/download.html
If your PC can boot from a floppy, download this one, unzip it and make the floppy:
Download - Pre-Compiled Memtest86 v3.4a installable from Windows and DOS

If your PC can boot from a CD, you will need to download this one, unzip it, and use a CD burning/writing application to generate the CD:
Download - Memtest86 v3.4a ISO image (zip)

For windows installation begin by downloading either the Pre-Compiled Windows package to build a boot-able floppy disk or an ISO (zip version) to create a boot-able CD-ROM.
After the file is downloaded, an extract must be done to uncompress the file(s). To extract right click on the downloaded file and select the "Extract All" option.
The extract option will let you choose where the files will be extracted to.
To build a bootable floppy go the the folder where the files were extracted and click on the Install icon.
The floppy disk will appear to be unformatted by Windows after the install is complete.

To build a boot-able CD-ROM use your CD burning software to burn a CD from the un-zipped ISO image file.
In either case, set your machine to boot from Floppy or CD before the Hard Drive, and let the test run.
If it shows any errors, you should replace one RAM card at a time and rerun the test until it runs for an hour or more without errors..
------------------------------------------------------
If you would prefer, you can take your machine to a repair shop where they can check it and get the RAM card(s) replaced.
Memory cards are not usually an expensive repair.
With a bad memory card you will get beseiged by mysterious problems until you fix it.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Trend problem...Posting logs..

Unread postby molly » August 26th, 2009, 1:19 am

Thank you. I will do this. I am still under hardware warranty with Dell. If it turns out, there's a problem, I can then justify a home repair from Dell, hardware issues are covered.
I will let you know how it turns out, if its not the issue, maybe you'll have a thought for me on whats next.

Be well.

Maire
molly
Active Member
 
Posts: 7
Joined: August 19th, 2009, 2:49 am

Re: Trend problem...Posting logs..

Unread postby molly » August 26th, 2009, 5:47 am

The mem test site link only boots for floppys..I went right to the link in your post, then when I downloaded it only says floppy....so I went to the 3.5 version..but that downloads as a data file..and I am clueless as to how to use it... can you assist?
Thank you.
Molly
molly
Active Member
 
Posts: 7
Joined: August 19th, 2009, 2:49 am

Re: Trend problem...Posting logs..

Unread postby askey127 » August 26th, 2009, 6:48 am

Molly,
Go here : http://www.memtest86.com/download.html
Download the first file on the page (it's a zip).
When you unzip it you get a small file named Memtest86_3.5.iso
It's called an image file.
CD burning tools like Nero, Roxio or Ashampoo can burn a CD from that image file and a blank CD-R.
You can also use the free ImgBurn to make the CD. http://www.imgburn.com/index.php?act=download
If you have the CD set as the first boot device, the resulting CD will boot your machine and immediately run a memory test.

If it reports any error within an hour or so, you need a RAM card replaced.
Memtest has no graceful shutoff. You just pull the plug on the machine or hold the reset button in after you remove the CD.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Trend problem...Posting logs..

Unread postby molly » August 27th, 2009, 11:36 pm

Its really all too much for me... I tried some simpler solutions first. I called Dell and they helped me with the reference memory pop up at the start of my windows log on...it was a simple driver framework service that needed to be disabled. All gone. No big hardware issue. Then I made the decision to get rid of Trend. After all our work..its not worth it..and I know it was their issue. They werent going to resolve it so.. I now have AVG.
Thank you for your guidance,patience and persistence..it is greatly appreciated.

Molly
molly
Active Member
 
Posts: 7
Joined: August 19th, 2009, 2:49 am

Re: Trend problem...Posting logs..

Unread postby askey127 » August 28th, 2009, 6:39 am

Molly, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware