Here are the MBAM and RSIT logs.
Thanks:
Malwarebytes' Anti-Malware 1.35
Database version: 1943
Windows 5.1.2600 Service Pack 3
4/6/2009 6:24:49 AM
mbam-log-2009-04-06 (06-24-49).txt
Scan type: Full Scan (C:\|D:\|L:\|)
Objects scanned: 216438
Time elapsed: 1 hour(s), 22 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 7
Registry Values Infected: 5
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 34
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\nayulowo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\dufegoma.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\lapolude.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nujeripa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\suzirowa.dll (Trojan.Vundo.H) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{431d89e7-8089-4cfc-b97d-6d47dbafa423} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{431d89e7-8089-4cfc-b97d-6d47dbafa423} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d8a013d3 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\telenogune (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmdb93204f (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\dufegoma.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\dufegoma.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\lapolude.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\lapolude.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\nujeripa.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nujeripa.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\nujeripa.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\bihawonu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\unowahib.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fofugapi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ipagufof.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nayulowo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\owoluyan.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tigayadi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\idayagit.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\womaduzo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ozudamow.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yonevufu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ufuvenoy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\suzirowa.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\dufegoma.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\lapolude.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nujeripa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1014\A0102619.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1020\A0105080.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tunatope.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hebokipi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hibonuli.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hitivora.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hizenozo.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lonaneze.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\retegefu.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\giwohide.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lekozeko.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lewiyidi.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\felezope.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jejowada.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vozaposo.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yilinetu.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zarowoma.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\miperuwo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Logfile of random's system information tool 1.06 (written by random/random)
Run by kellly at 2009-04-06 06:34:14
Microsoft Windows XP Professional Service Pack 3
System drive C: has 67 GB (61%) free of 110 GB
Total RAM: 1022 MB (39% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:34:27 AM, on 4/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\dlcdcoms.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe
C:\WINDOWS\system32\kdfmgr.exe
C:\Documents and Settings\kellly\Desktop\RSIT.exe
C:\Documents and Settings\kellly\Desktop\kellly.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://home.bellsouth.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Spb Wallet - {2913D3DD-9363-4C21-B205-C19A584A0674} - C:\Program Files\Spb Wallet\SpbWalletToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 944\memcard.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: LaunchU3.exe.lnk = ?
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) -
https://www.mhsremote.com/Citrix/,DanaI ... icaweb.cabO16 - DPF: {23BFC42A-A74D-4698-9E20-65E23A090982} (CmActive.CmActiveXDoc) -
https://cm.mhs.net/clinx/clinx/cmactivedoc.CABO16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) -
https://clinician.mhs.net/mcsimenu.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www2.snapfish.com/SnapfishActivia.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resour ... se5483.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 8512698125O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) -
http://www.kodakgallery.com/downloads/B ... ofupld.cabO16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) -
https://accounting.quickbooks.com/c1/v1 ... boax10.cabO16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) -
https://www.mhsremote.com/dana-cached/s ... tupSP1.cabO16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) -
https://wc.wachovia.com/common/cab/ikcntrls.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL staufw.dll ,
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\kellly\My Documents\Astronomy Widget.html
--
End of file - 13302 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-28 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-15 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-15 657904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}]
TSToolbarBHO - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll [2008-02-15 103760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-02-15 522224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\Program Files\BAE\BAE.dll [2006-02-22 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-28 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-28 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - Transaction Protector - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll [2008-02-15 103760]
{2913D3DD-9363-4C21-B205-C19A584A0674} - Spb Wallet - C:\Program Files\Spb Wallet\SpbWalletToolbar.dll [2008-08-11 89088]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-15 251504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-28 136600]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2005-06-17 139264]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2006-04-17 26112]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"DLCDCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16 []
"dlcdmon.exe"=C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe [2005-07-22 430080]
"MemoryCardManager"=C:\Program Files\Dell Photo AIO Printer 944\memcard.exe [2005-06-27 282624]
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2005-11-08 16384]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-03-02 18944]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-07-29 1398024]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-03-17 337216]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-02 68856]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"TrendSecure Remote File Lock"=C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe [2008-02-15 423248]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2008-02-16 492808]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
LaunchU3.exe.lnk - C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL staufw.dll , "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe"="C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe"="C:\Program Files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\Program Files\Trend Micro\Internet Security\TmProxy.exe"="C:\Program Files\Trend Micro\Internet Security\TmProxy.exe:*:Enabled:TmProxy"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe"="C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe:*:Enabled:SfCtlCom"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\ehome\ehrecvr.exe"="C:\WINDOWS\ehome\ehrecvr.exe:*:Enabled:ehRecvr"
"C:\Program Files\Norton Ghost\Agent\VProSvc.exe"="C:\Program Files\Norton Ghost\Agent\VProSvc.exe:*:Enabled:VProSvc"
"C:\Program Files\Viewpoint\Common\ViewpointService.exe"="C:\Program Files\Viewpoint\Common\ViewpointService.exe:*:Enabled:ViewpointService"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12b1fbc0-e6bb-11dc-9448-001372c72725}]
shell\AutoRun\command - M:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d65c89a-d20c-11dd-9480-001372c72725}]
shell\AutoRun\command - M:\Setup_FlipShare.exe
shell\Setup FlipShare\command - M:\Setup_FlipShare.exe
======List of files/folders created in the last 3 months======
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zugeyale.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zimebopu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zigulutu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zefugabe.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yumafiba.exe
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yowibejo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yivezopo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yijoyave.exe
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\wuwozoza.exe
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\wuwopusi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\wokirowu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\wivovego.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\wideloza.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\wakojahe.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vipuliji.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vidinesa.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tevijohe.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\sohotuwa.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\sinidopa.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\sevayija.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\sanipomu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\rusaheke.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pamagefi.exe
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pakebewe.exe
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\napuduti.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\mefibena.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lokobufa.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lizoneho.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lejiyuvo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\leboboga.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lamugili.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kimupuye.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jezalefa.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\hopalafo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\higalepo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\hehoroku.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\gojuhuji.exe
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\gifuzasa.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fidavine.dll
2009-04-06 06:34:14 ----D---- C:\rsit
2009-04-05 23:28:58 ----D---- C:\Documents and Settings\kellly\Application Data\Malwarebytes
2009-04-05 23:28:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-05 23:28:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-04 19:13:45 ----SH---- C:\WINDOWS\system32\afuharag.ini
2009-04-04 07:58:37 ----D---- C:\VundoFix Backups
2009-04-04 07:58:37 ----A---- C:\VundoFix.txt
2009-04-04 07:40:17 ----D---- C:\Documents and Settings\kellly\Application Data\WinPatrol
2009-04-04 07:39:47 ----D---- C:\Program Files\BillP Studios
2009-04-04 07:25:12 ----SHD---- C:\Config.Msi
2009-04-02 18:20:53 ----SH---- C:\WINDOWS\system32\epohador.ini
2009-04-01 08:33:19 ----SH---- C:\WINDOWS\system32\okabizek.ini
2009-03-31 21:45:06 ----SH---- C:\WINDOWS\system32\ozavokal.ini
2009-03-31 08:32:56 ----SH---- C:\WINDOWS\system32\atusanot.ini
2009-03-31 07:10:48 ----SHD---- C:\WINDOWS\CSC
2009-03-31 07:10:39 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-30 20:23:35 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-30 20:23:31 ----D---- C:\Program Files\Common Files\PC Tools
2009-03-30 20:23:25 ----D---- C:\Program Files\Spyware Doctor
2009-03-30 20:23:25 ----D---- C:\Documents and Settings\kellly\Application Data\PC Tools
2009-03-30 20:23:25 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-03-30 08:32:39 ----SH---- C:\WINDOWS\system32\irofuwov.ini
2009-03-30 07:43:27 ----D---- C:\Program Files\Windows Live Safety Center
2009-03-28 11:04:10 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-28 11:04:10 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-28 11:04:10 ----A---- C:\WINDOWS\system32\java.exe
2009-03-28 11:04:10 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-28 09:40:03 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-03-24 06:58:46 ----A---- C:\AdobeDebug.txt
2009-03-24 06:58:45 ----D---- C:\Documents and Settings\All Users\Application Data\espionServerData
2009-03-24 06:49:32 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-03-24 06:41:43 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-03-24 06:40:45 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-03-24 06:35:58 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-03-24 06:35:58 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-03-11 06:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 06:45:09 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 06:44:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-03 20:45:03 ----D---- C:\WINDOWS\system32\log
2009-02-25 20:25:04 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-12 04:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-01-24 11:18:13 ----D---- C:\Program Files\iPod
2009-01-24 11:18:03 ----D---- C:\Program Files\iTunes
2009-01-24 11:18:03 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-24 11:16:06 ----D---- C:\Program Files\Bonjour
2009-01-24 11:07:49 ----D---- C:\Program Files\Safari
2009-01-17 14:35:55 ----A---- C:\WINDOWS\WORDPAD.INI
2009-01-14 04:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
======List of files/folders modified in the last 3 months======
2009-04-06 06:33:48 ----D---- C:\WINDOWS\Prefetch
2009-04-06 06:31:55 ----A---- C:\WINDOWS\system32\kdfvmgr.exe
2009-04-06 06:31:54 ----D---- C:\WINDOWS\system32\drivers
2009-04-06 06:31:54 ----D---- C:\WINDOWS\system32
2009-04-06 06:31:54 ----A---- C:\WINDOWS\system32\kdfmgr.exe
2009-04-06 06:31:54 ----A---- C:\WINDOWS\system32\Kdfhok.dll
2009-04-06 06:31:54 ----A---- C:\WINDOWS\system32\kdfapi.dll
2009-04-06 06:31:29 ----D---- C:\WINDOWS\Temp
2009-04-06 06:31:03 ----D---- C:\Program Files\Dl_cats
2009-04-06 06:30:32 ----D---- C:\WINDOWS
2009-04-06 06:30:13 ----D---- C:\WINDOWS\Registration
2009-04-06 06:30:03 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-06 06:29:46 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-04-06 06:26:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-05 23:28:39 ----D---- C:\Program Files
2009-04-05 22:00:15 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-04-04 07:48:29 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-04-04 07:29:34 ----D---- C:\Program Files\Napster
2009-04-04 07:29:27 ----D---- C:\Documents and Settings\All Users\Application Data\Napster
2009-04-04 07:29:20 ----SHD---- C:\WINDOWS\Installer
2009-04-04 07:29:13 ----D---- C:\Program Files\Common Files
2009-04-04 07:29:12 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-04-04 07:25:31 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-04-04 07:20:47 ----D---- C:\Program Files\Common Files\AOL
2009-04-04 07:20:40 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-04-04 07:20:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-03 21:18:30 ----HD---- C:\WINDOWS\inf
2009-04-02 07:44:28 ----D---- C:\Program Files\Outlook Express
2009-03-31 20:33:02 ----ASH---- C:\WINDOWS\system32\yofivowi.dll
2009-03-30 20:46:23 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-30 20:46:23 ----D---- C:\Documents and Settings\kellly\Application Data\Lavasoft
2009-03-30 20:41:36 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-30 07:40:21 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-28 11:03:42 ----D---- C:\Program Files\Java
2009-03-28 09:50:01 ----SD---- C:\WINDOWS\Tasks
2009-03-28 09:39:58 ----D---- C:\WINDOWS\WinSxS
2009-03-24 08:32:36 ----D---- C:\Documents and Settings\kellly\Application Data\Adobe
2009-03-24 06:50:02 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-24 06:41:50 ----D---- C:\Program Files\Adobe
2009-03-24 06:40:47 ----D---- C:\Program Files\Common Files\Adobe
2009-03-24 06:37:32 ----RSD---- C:\WINDOWS\Fonts
2009-03-24 06:35:51 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-03-24 06:35:50 ----N---- C:\WINDOWS\system32\PxSFS.DLL
2009-03-24 06:35:50 ----N---- C:\WINDOWS\system32\PxMas.dll
2009-03-24 06:35:49 ----N---- C:\WINDOWS\system32\PxWave.dll
2009-03-24 06:35:49 ----N---- C:\WINDOWS\system32\Px.dll
2009-03-19 21:21:22 ----D---- C:\Documents and Settings\kellly\Application Data\AdobeUM
2009-03-13 23:41:12 ----D---- C:\Documents and Settings\All Users\Application Data\Juniper Networks
2009-03-13 23:39:44 ----D---- C:\Documents and Settings\kellly\Application Data\Juniper Networks
2009-03-11 06:53:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-11 06:45:18 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-03-11 06:45:12 ----A---- C:\WINDOWS\imsins.BAK
2009-03-10 17:37:22 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-15 19:46:37 ----D---- C:\Program Files\Google
2009-02-15 11:04:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-01-24 11:28:19 ----D---- C:\Program Files\Apple Software Update
2009-01-24 11:18:13 ----D---- C:\Program Files\Common Files\Apple
2009-01-24 11:15:40 ----D---- C:\Program Files\QuickTime
2009-01-10 21:00:31 ----A---- C:\WINDOWS\win.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 NEOFLTR_600_12507;Juniper Networks TDI Filter Driver (NEOFLTR_600_12507); \??\C:\WINDOWS\system32\Drivers\NEOFLTR_600_12507.SYS []
R1 NEOFLTR_620_13687;Juniper Networks TDI Filter Driver (NEOFLTR_620_13687); \??\C:\WINDOWS\system32\Drivers\NEOFLTR_620_13687.SYS []
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-02-16 65936]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-04-17 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-11-26 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2008-11-26 205328]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-11-26 1195384]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2005-11-08 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2005-11-08 439680]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2005-11-08 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-11-08 143360]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2005-11-08 77824]
R3 GearAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-02-15 1096192]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 neokdss;neokdss; C:\WINDOWS\system32\Drivers\neokdss.sys []
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-11-08 114688]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2008-02-16 333328]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-07-13 340704]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-03-03 18944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
R2 FlipShare Service;FlipShare Service; C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe [2008-11-13 439616]
R2 IAANTMon;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-06-17 86140]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-28 152984]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2009-02-19 700760]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008-02-16 333064]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 dlcd_device;dlcd_device; C:\WINDOWS\system32\dlcdcoms.exe [2005-06-21 491520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
R3 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe [2008-02-16 488768]
R3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-02-16 648456]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-24 651720]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-21 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-15 137200]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
-----------------EOF-----------------