Free Malware Removal Forum

by **bigdreamer02** » September 27th, 2009, 1:40 am

My computer going blue screen and then says it's dumping RAM. Also after each scaning it keeps finding a generic trojan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:32 PM, on 9/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Atievxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Belkin\F5D7010v8\jswpsapi.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (file missing)
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe /lock
O4 - Global Startup: Belkin Wireless G Cardbus Adapter Utility.lnk = C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1043921236
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1083465065
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Belkin\F5D7010v8\jswpsapi.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 6098 bytes

by **MWR 3 day Mod** » October 1st, 2009, 1:27 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

by **Jack&Jill** » October 4th, 2009, 12:29 pm

Hello bigdreamer02,

Welcome to Malware Removal. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.

Please observe and follow these Forum Rules.
As I am currently training at Malware Removal, it will take some time for me to go through your logs, please be patient with me.
Be assured that any recommendations to you will be done as soon as possible and will be approved by an expert.
Reply and keep only to this thread. If you have the same topic elsewhere, please inform me or the other forum so that either can be closed.
Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
If you have any doubts or problems during the fix, please stop and ask.
If you need to be away for a while during the fix, please let me know.
Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
Do not use or run any tools without supervision as they may cause more harm if improperly used.
If you do not reply within 3 days, this topic will be closed.

If you are agreeable to the above, then everything should go smoothly

. We may begin.
I am working on your log now and will be back the soonest.

At the mean time, please post an Uninstall list

Open HijackThis.
Go to Open the Misc Tools section by clicking on the box.
Under the Systems tools, look for Open Uninstall Manager and click on it.
Click Save list... and save the text file in a convenient location.
Copy and paste the Uninstall list contents in your reply.

by **Jack&Jill** » October 6th, 2009, 10:37 pm

Hello bigdreamer02,

It has been 2 days since my last post. Do you still need help? Any problems following my instructions? Need more time?

If I do not get any response within the next 24 hours, this topic will be closed.

by **bigdreamer02** » October 6th, 2009, 11:17 pm

this is what it said:

[color=#0040BF]ACDSee Photo Manager 2009
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Belkin Wireless G Cardbus Adapter
e-Sword
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
iTunes
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
OGA Notifier 2.0.0048.0
PC-GBS 5.2
QuickTime
RealPlayer
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Spelling Dictionaries Support For Adobe Reader 9
Trend Micro Internet Security Pro
Trend Micro Internet Security Pro
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Walmart MP3 Music Downloads
Windows Defender
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinPcap 4.0.2
Wireshark 1.0.4

PC-GBS and wireshark are programs my husband uses for work, so you can rule them out

by **Jack&Jill** » October 7th, 2009, 9:56 am

Hello bigdreamer02

,

Since your computer is a corporate/business/work computer, please note the following:

Inform you IT department immediately when any workplace computers have been infected. There could be more than one machine at stake, possibly even the server.
I am unable to proceed further with the fixes due to our policy in dealings with corporate or business computers. The intention of this forum is not to replace a company's IT department.
We are also not willing to be held liable if any sensitive material has been compromised, be it caused by the infections or during the malware removal process. We are only helping out to get rid of malwares from computers, no other intentions or purposes.

It would be advisable to refer to your IT department to have the computer fixed, or you may directly go the local computer shops if it is a personal business.

Thank you for your understanding. Let me know if you have any further questions.

by **bigdreamer02** » October 7th, 2009, 4:38 pm

Ok the is for my home laptop. I am a stay at home mom with 3 kids. I have a large IT family background. My husband is A+ certifited tech, but out of town which is why I'm tring to fix the computer and am posting for help. I am NOT a company and don't know where you got that from my info. I am the tech dept, And if you won't help me I'll just have to repost for help and someone on this forum should be able to help me.

[PC-GBS and wireshark are programs my husband uses for work, so you can rule them out]

On occasion my husband has extra work he dose at home, which is why I put the above note. They were recently installed after all the problems were already there.

by **Jack&Jill** » October 7th, 2009, 9:09 pm

Hello bigdreamer02

,

On occasion my husband has extra work he dose at home

That's the problem because we have a policy in dealing with work computers. Since it is your home laptop that is occasionally used for work, I can continue but please note that neither I nor Malware Removal will be responsible for any compromised sensitive information. If you are agreeable to this then please proceed as below.

We need to diagnose the blue screen (BSOD) your computer is experiencing. Please provide the error message information as shown in the picture:

The stop error will be always be displayed, but the other information may or may not be available. Just provide whatever is available.

Please download OTL© by OldTimer and save it to your desktop. Click here.

Double click on OTL.exe to run it.
Make sure all the Use SafeList options is checked (ticked). There are five of them.
Check Scan All Users.
Click on Run Scan at the top left hand corner. This might take a while.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
Note: These files are saved as OTL.txt and Extras.txt on the desktop.

Please post back:
1. the error message displayed when your computer get BSOD
2. the OTL logs (OTL.txt and Extras.txt)

by **bigdreamer02** » October 7th, 2009, 9:16 pm

None of his info is stored on HD all store on USB sticks or an external HD. Also Trend Micro will not allow me to go to your linked site.

Address: http://oldtimer.geekstogo.com/otl.exe
Page rating: Dangerous

I attempted to bypass Trend Micro and got a URL error.

404 Not Found
The resource requested could not be found on this server! Powered By LiteSpeed Web Server
LiteSpeed Technologies is not responsible for administration and contents of this web site!

Is there another site I can download from? (I'm going to attempt to google it.)

by **bigdreamer02** » October 7th, 2009, 10:17 pm

The BSD is a system fault stop error and immediate reboot.

by **Jack&Jill** » October 8th, 2009, 8:33 am

Hello bigdreamer02

,

Reboot your computer and tap on the F8 key repeatedly during startup. A menu will appear.

Select Disable automatic restart on system failure by using the arrow keys and Enter.

Then get the BSOD details.

Regarding the OTL I requested you to download, I get the same error with the link you provided, but the link I provided is OK. You can set the Trend Micro to allow acces or try disabling it temporarily to attempt the download, then enable it back. Try again, if still cannot work, please try the next step.

Please download RSIT© by random/random and save it to your desktop. Click here.

Double click on RSIT.exe to run it.
Click Continue at the disclaimer screen.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
- log.txt (<<will be maximized)
- info.txt (<<will be minimized)
Note: These files are saved in C:\rsit.

Please post back:
1. the BSOD details
2. RSIT logs (log.txt and info.txt)

by **bigdreamer02** » October 10th, 2009, 1:14 am

log.txt reads as follows:
Logfile of random's system information tool 1.06 (written by random/random)
Run by amyjon at 2009-10-09 22:00:44
Microsoft Windows XP Professional Service Pack 3
System drive C: has 58 GB (76%) free of 76 GB
Total RAM: 511 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:05 PM, on 10/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\VMEP\bin\AutoFileHandler.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Belkin\F5D7010v8\jswpsapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\DOCUME~1\amyjon\LOCALS~1\Temp\HouseCall\housecall.bin
C:\Documents and Settings\amyjon\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\amyjon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe /lock
O4 - Global Startup: Belkin Wireless G Cardbus Adapter Utility.lnk = C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1043921236
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1083465065
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic File Handler Service (AutoFileHandler) - Intelligent Automation Corp. - C:\Program Files\VMEP\bin\AutoFileHandler.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Belkin\F5D7010v8\jswpsapi.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Unknown owner - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 6343 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\OGALogon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-09-29 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43C6D902-A1C5-45c9-91F6-FD9E90337E18}]
TSToolbarBHO - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll [2009-07-27 148816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{CCAC5586-44D7-4c43-B64A-F042461A97D2} - Trend Micro Toolbar - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll [2009-07-27 148816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2009-09-25 1020248]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-29 198160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"TrendSecure Remote File Lock"=C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe [2009-07-24 329040]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Belkin Wireless G Cardbus Adapter Utility.lnk - C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\Real\RealPlayer\realplay.exe"="E:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-10-09 22:00:44 ----D---- C:\rsit
2009-10-05 22:21:44 ----D---- C:\Documents and Settings\amyjon\Application Data\Office Genuine Advantage
2009-10-05 22:21:03 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-10-04 14:54:57 ----A---- C:\WINDOWS\PC-GBS.INI
2009-10-04 14:52:06 ----D---- C:\Program Files\MSXML 4.0
2009-10-04 14:51:07 ----N---- C:\WINDOWS\system32\PEGRP32C.DLL
2009-10-04 14:50:12 ----D---- C:\Program Files\VMEP
2009-10-04 14:48:38 ----D---- C:\Program Files\Common Files\InstallShield
2009-10-04 13:39:21 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-10-04 13:35:41 ----D---- C:\WINDOWS\system32\zh-TW
2009-10-04 13:35:40 ----D---- C:\WINDOWS\system32\zh-HK
2009-10-04 13:35:40 ----D---- C:\WINDOWS\system32\tr-TR
2009-10-04 13:35:40 ----D---- C:\WINDOWS\system32\sv-SE
2009-10-04 13:35:40 ----D---- C:\WINDOWS\system32\pt-BR
2009-10-04 13:35:40 ----D---- C:\WINDOWS\system32\nl-NL
2009-10-04 13:35:40 ----D---- C:\WINDOWS\system32\nb-NO
2009-10-04 13:35:40 ----D---- C:\WINDOWS\system32\ko-KR
2009-10-04 13:35:40 ----D---- C:\WINDOWS\system32\it-IT
2009-10-04 13:35:39 ----D---- C:\WINDOWS\system32\he-IL
2009-10-04 13:35:39 ----D---- C:\WINDOWS\system32\fr-FR
2009-10-04 13:35:39 ----D---- C:\WINDOWS\system32\fi-FI
2009-10-04 13:35:39 ----D---- C:\WINDOWS\system32\es-ES
2009-10-04 13:35:39 ----D---- C:\WINDOWS\system32\el-GR
2009-10-04 13:35:39 ----D---- C:\WINDOWS\system32\de-DE
2009-10-04 13:35:38 ----D---- C:\WINDOWS\system32\da-DK
2009-10-04 13:35:38 ----D---- C:\WINDOWS\system32\ar-SA
2009-10-02 03:26:22 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-09-29 23:39:34 ----D---- C:\Program Files\Walmart MP3 Music Downloads
2009-09-29 23:17:18 ----A---- C:\WINDOWS\system32\clrviddc.dll
2009-09-29 23:13:51 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-09-29 23:13:23 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-09-29 23:13:23 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-09-29 23:11:53 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-09-29 23:11:53 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-09-29 22:51:01 ----D---- C:\Program Files\Real
2009-09-27 00:34:14 ----D---- C:\WINDOWS\system32\appmgmt
2009-09-25 23:07:28 ----A---- C:\WINDOWS\DCEBoot.exe
2009-09-25 21:54:05 ----D---- C:\Program Files\iPod
2009-09-25 21:53:47 ----D---- C:\Program Files\iTunes
2009-09-25 21:53:47 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-25 21:46:54 ----D---- C:\Program Files\QuickTime
2009-09-25 21:20:11 ----D---- C:\WINDOWS\system32\Service
2009-09-25 20:36:15 ----D---- C:\Documents and Settings\All Users\Application Data\Trend Micro
2009-09-25 20:35:41 ----D---- C:\Program Files\Trend Micro
2009-09-24 10:54:35 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-24 10:50:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-24 10:47:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-24 10:46:42 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-09-24 10:30:10 ----D---- C:\Documents and Settings\amyjon\Application Data\SupportSoft
2009-09-24 10:29:38 ----D---- C:\temp
2009-09-24 10:29:07 ----D---- C:\Program Files\Common Files\supportsoft
2009-08-24 23:19:03 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2009-08-24 23:15:13 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-24 19:16:26 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-24 19:16:16 ----D---- C:\Program Files\MSBuild
2009-08-24 19:16:00 ----D---- C:\Program Files\Reference Assemblies
2009-08-24 19:14:55 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-24 19:14:53 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-24 19:14:51 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-24 19:14:49 ----D---- C:\06c18b60a5ec19484adf1ebc3ce1ed
2009-08-24 19:07:40 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2009-08-24 19:07:30 ----HDC---- C:\WINDOWS\$NtUninstallKB943729$
2009-08-24 19:07:22 ----D---- C:\Documents and Settings\amyjon\Application Data\Windows Desktop Search
2009-08-24 19:06:12 ----D---- C:\WINDOWS\system32\GroupPolicy
2009-08-24 19:06:12 ----D---- C:\Program Files\Windows Desktop Search
2009-08-24 19:05:56 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2009-08-24 19:05:33 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2009-08-24 19:00:47 ----RSD---- C:\WINDOWS\assembly
2009-08-24 19:00:47 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-24 19:00:43 ----D---- C:\WINDOWS\system32\URTTemp
2009-08-24 18:29:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-24 18:28:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-08-24 18:27:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-08-24 17:32:56 ----D---- C:\WINDOWS\Prefetch
2009-08-24 17:32:41 ----D---- C:\WINDOWS\Minidump
2009-08-24 17:30:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-24 17:30:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-08-24 17:29:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-08-24 17:27:52 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-08-24 17:27:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-08-24 17:27:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-08-24 17:27:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-08-24 17:27:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-08-24 17:26:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-08-24 17:26:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-08-24 17:26:08 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-08-24 17:25:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-08-24 17:25:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-08-24 17:25:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-08-24 17:25:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-08-24 17:25:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-08-24 17:24:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-08-24 17:24:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-08-24 17:24:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-08-24 17:24:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-08-24 17:24:12 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-08-24 17:24:03 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-08-24 17:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-08-24 17:13:26 ----D---- C:\WINDOWS\system32\scripting
2009-08-24 17:13:12 ----D---- C:\WINDOWS\l2schemas
2009-08-24 17:13:10 ----D---- C:\WINDOWS\system32\en
2009-08-24 16:40:52 ----D---- C:\Documents and Settings\amyjon\Application Data\ACD Systems
2009-08-24 16:37:00 ----D---- C:\Documents and Settings\All Users\Application Data\ACD Systems
2009-08-24 16:36:45 ----D---- C:\Program Files\ACD Systems
2009-08-24 16:36:44 ----D---- C:\Program Files\Common Files\ACD Systems
2009-08-24 12:52:00 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-24 10:57:20 ----D---- C:\WINDOWS\ie7updates
2009-08-24 10:56:00 ----D---- C:\WINDOWS\WBEM
2009-08-24 10:55:59 ----D---- C:\WINDOWS\system32\en-US
2009-08-24 10:54:30 ----HDC---- C:\WINDOWS\ie7
2009-08-24 10:54:04 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-08-24 10:53:41 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-08-24 10:53:11 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-08-24 10:53:00 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-08-24 10:49:16 ----D---- C:\WINDOWS\network diagnostic
2009-08-24 10:49:15 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2009-08-24 10:48:51 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2009-08-24 10:43:43 ----D---- C:\DECCHECK
2009-08-24 07:22:15 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-08-24 07:19:43 ----D---- C:\Program Files\Windows Defender
2009-08-24 06:20:06 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-08-24 06:20:06 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-08-24 00:39:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-08-24 00:37:02 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-08-24 00:34:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2009-08-24 00:31:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-08-24 00:28:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2_0$
2009-08-24 00:25:09 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-08-24 00:22:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-08-24 00:20:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-24 00:18:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-24 00:16:58 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-08-24 00:14:31 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-08-24 00:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-08-24 00:09:10 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-08-24 00:06:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-08-23 21:54:43 ----A---- C:\WINDOWS\ODBC.INI
2009-08-23 21:54:14 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-08-23 21:46:56 ----D---- C:\Program Files\Microsoft.NET
2009-08-23 21:45:34 ----D---- C:\Program Files\Microsoft ActiveSync
2009-08-23 21:44:49 ----A---- C:\WINDOWS\cdplayer.ini
2009-08-23 21:43:14 ----D---- C:\Program Files\Common Files\DESIGNER
2009-08-23 21:40:20 ----D---- C:\WINDOWS\SHELLNEW
2009-08-23 21:33:30 ----D---- C:\Program Files\Microsoft Office
2009-08-23 21:30:48 ----D---- C:\Program Files\Common Files\xing shared
2009-08-23 21:27:08 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-08-23 21:26:53 ----D---- C:\Program Files\Common Files\Real
2009-08-23 21:26:52 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2009-08-23 21:26:31 ----D---- C:\Documents and Settings\amyjon\Application Data\Real
2009-08-23 21:07:40 ----RHD---- C:\MSOCache
2009-08-23 21:07:32 ----D---- C:\Documents and Settings\amyjon\Application Data\Apple Computer
2009-08-23 21:06:54 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-08-23 21:05:59 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-23 21:04:00 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-23 21:03:56 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-08-23 21:03:48 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-08-23 21:03:45 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-08-23 21:03:45 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-08-23 21:03:38 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-08-23 21:03:28 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-08-23 21:03:28 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-08-23 21:02:54 ----N---- C:\WINDOWS\system32\setupn.exe
2009-08-23 21:02:46 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-08-23 21:02:43 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-08-23 21:02:41 ----N---- C:\WINDOWS\system32\qutil.dll
2009-08-23 21:02:39 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-08-23 21:02:39 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-08-23 21:02:38 ----N---- C:\WINDOWS\system32\qagent.dll
2009-08-23 21:02:34 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-08-23 21:02:21 ----N---- C:\WINDOWS\system32\onex.dll
2009-08-23 21:02:13 ----D---- C:\Program Files\Common Files\Apple
2009-08-23 21:01:55 ----N---- C:\WINDOWS\system32\napstat.exe
2009-08-23 21:01:55 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-08-23 21:01:55 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-08-23 21:01:52 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-08-23 21:01:52 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-08-23 21:01:47 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-08-23 21:01:47 ----N---- C:\WINDOWS\system32\mssha.dll
2009-08-23 21:01:13 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-08-23 21:01:13 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-08-23 21:01:13 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-08-23 21:01:12 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-08-23 21:00:51 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-08-23 21:00:27 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-08-23 21:00:26 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-08-23 21:00:26 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-08-23 21:00:25 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-08-23 21:00:25 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-08-23 20:58:22 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-08-23 20:58:21 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-08-23 20:57:37 ----A---- C:\WINDOWS\005522_.tmp
2009-08-23 20:57:33 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-08-23 20:57:32 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-08-23 20:57:32 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-08-23 20:57:32 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-08-23 20:57:32 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-08-23 20:57:32 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-08-23 20:57:32 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-08-23 20:57:32 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-08-23 20:57:25 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-08-23 20:57:25 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-08-23 20:57:25 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-08-23 20:57:25 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-08-23 20:57:25 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-08-23 20:57:25 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-08-23 20:57:25 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-08-23 20:57:22 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-08-23 20:57:22 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-08-23 20:57:21 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-08-23 20:57:15 ----N---- C:\WINDOWS\system32\credssp.dll
2009-08-23 20:57:03 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-08-23 20:57:03 ----N---- C:\WINDOWS\system32\azroles.dll
2009-08-23 20:56:43 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-08-23 20:55:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-08-23 20:55:39 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-08-23 20:54:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-08-23 20:54:16 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-08-23 20:53:28 ----D---- C:\Program Files\Apple Software Update
2009-08-23 20:53:27 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-08-23 20:53:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-23 20:51:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-08-23 20:49:52 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-08-23 20:49:14 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2_0$
2009-08-23 20:48:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-23 20:48:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-08-23 20:47:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-23 20:46:08 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-08-23 20:45:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-08-23 20:44:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-23 20:43:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-08-23 20:42:57 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-08-23 20:41:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-08-23 20:34:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-08-23 20:34:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-23 20:33:50 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-08-23 20:33:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-08-23 20:33:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-08-23 20:33:05 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-08-23 20:30:05 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-23 20:29:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-08-23 20:28:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-08-23 20:28:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-23 20:28:03 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-08-23 20:26:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2009-08-23 20:24:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-08-23 20:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-08-23 20:23:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-08-23 20:22:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-08-23 20:22:21 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-08-23 20:21:55 ----D---- C:\WINDOWS\system32\Adobe
2009-08-23 20:21:45 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-08-23 20:00:28 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-08-23 20:00:24 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-08-23 19:50:59 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-08-23 19:50:38 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-08-23 19:49:50 ----D---- C:\Program Files\Windows Media Connect 2
2009-08-23 19:49:21 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-08-23 19:46:21 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-08-23 19:43:25 ----D---- C:\WINDOWS\system32\LogFiles
2009-08-23 19:43:08 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-08-23 19:16:02 ----D---- C:\Program Files\Adobe
2009-08-23 18:21:40 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-08-23 18:20:24 ----D---- C:\Documents and Settings\amyjon\Application Data\Macromedia
2009-08-23 18:20:23 ----D---- C:\Documents and Settings\amyjon\Application Data\Adobe
2009-08-23 18:19:18 ----D---- C:\Program Files\Common Files\Adobe
2009-08-23 18:13:54 ----D---- C:\WINDOWS\system32\PreInstall
2009-08-23 18:13:52 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-08-23 18:13:52 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-23 18:13:30 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-08-23 16:28:42 ----D---- C:\Program Files\AVG
2009-08-23 14:46:28 ----D---- C:\WINDOWS\peernet
2009-08-23 14:46:26 ----D---- C:\WINDOWS\provisioning
2009-08-23 14:42:05 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-23 14:36:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-08-23 14:35:51 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-08-23 14:32:27 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-08-23 14:32:22 ----D---- C:\WINDOWS\EHome
2009-08-23 10:13:41 ----N---- C:\WINDOWS\system32\spnpinst.exe
2009-08-23 09:25:06 ----SD---- C:\WINDOWS\system32\Microsoft
2009-08-23 09:18:18 ----D---- C:\WINDOWS\system32\bits
2009-08-23 09:18:09 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2009-08-23 09:16:48 ----N---- C:\WINDOWS\system32\xpob2res.dll
2009-08-23 09:16:48 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2009-08-23 09:16:48 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2009-08-23 09:16:48 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-08-23 09:16:48 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-08-23 09:14:08 ----D---- C:\Program Files\WinPcap
2009-08-23 09:13:17 ----A---- C:\WINDOWS\system32\wups2.dll
2009-08-23 09:13:17 ----A---- C:\WINDOWS\system32\wups.dll
2009-08-23 09:13:16 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-08-23 09:13:15 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-08-23 09:13:15 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-08-23 09:13:10 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-08-23 09:13:10 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-08-23 09:12:53 ----D---- C:\Program Files\Wireshark
2009-08-23 09:12:21 ----D---- C:\WINDOWS\SoftwareDistribution
2009-08-23 09:10:22 ----D---- C:\Program Files\Grisoft
2009-08-23 09:00:00 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-23 08:59:05 ----D---- C:\Program Files\Belkin
2009-08-23 08:58:46 ----D---- C:\WINDOWS\{A489CB5D-54D3-4225-A78B-AAA86BA5D2D1}
2009-08-22 23:26:35 ----SHD---- C:\RECYCLER
2009-08-22 23:20:21 ----A---- C:\WINDOWS\ModemLog_3Com 56K V.90 Mini PCI Modem.txt
2009-08-22 23:18:32 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-08-22 23:10:50 ----D---- C:\Program Files\e-Sword
2009-08-22 23:02:36 ----SHD---- C:\WINDOWS\Installer
2009-08-22 23:02:32 ----D---- C:\Documents and Settings\amyjon\Application Data\Identities
2009-08-22 23:02:25 ----HD---- C:\Program Files\Uninstall Information
2009-08-22 23:02:21 ----ASH---- C:\Documents and Settings\amyjon\Application Data\desktop.ini
2009-08-22 23:02:20 ----SD---- C:\Documents and Settings\amyjon\Application Data\Microsoft
2009-08-22 23:00:44 ----SHD---- C:\System Volume Information
2009-08-22 23:00:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-22 22:56:01 ----D---- C:\WINDOWS\system32\xircom
2009-08-22 22:56:01 ----D---- C:\Program Files\xerox
2009-08-22 22:56:01 ----D---- C:\Program Files\microsoft frontpage
2009-08-22 22:55:25 ----A---- C:\WINDOWS\control.ini
2009-08-22 22:55:25 ----A---- C:\AUTOEXEC.BAT
2009-08-22 22:55:15 ----A---- C:\WINDOWS\OEWABLog.txt
2009-08-22 22:55:11 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-08-22 22:53:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-22 22:53:49 ----RD---- C:\WINDOWS\Offline Web Pages
2009-08-22 22:53:49 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-08-22 22:53:40 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-08-22 22:53:19 ----D---- C:\WINDOWS\srchasst
2009-08-22 22:53:09 ----D---- C:\WINDOWS\system32\Macromed
2009-08-22 22:53:09 ----D---- C:\WINDOWS\system32\DirectX
2009-08-22 22:52:57 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-08-22 22:52:56 ----D---- C:\Program Files\Movie Maker
2009-08-22 22:52:37 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-08-22 22:52:37 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-08-22 22:52:37 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-08-22 22:52:37 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-08-22 22:52:37 ----A---- C:\WINDOWS\system32\atrace.dll
2009-08-22 22:52:32 ----A---- C:\WINDOWS\system32\desktop.ini
2009-08-22 22:52:32 ----A---- C:\WINDOWS\desktop.ini
2009-08-22 22:52:26 ----D---- C:\WINDOWS\system32\Restore
2009-08-22 22:52:26 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-08-22 22:52:25 ----D---- C:\Program Files\Windows Media Player
2009-08-22 22:52:25 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-08-22 22:52:25 ----A---- C:\WINDOWS\system32\srclient.dll
2009-08-22 22:52:24 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-08-22 22:52:24 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-08-22 22:52:24 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-08-22 22:52:24 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-08-22 22:52:24 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-08-22 22:52:24 ----A---- C:\WINDOWS\system32\ils.dll
2009-08-22 22:52:23 ----A---- C:\WINDOWS\system32\msconf.dll
2009-08-22 22:52:20 ----D---- C:\WINDOWS\PCHEALTH
2009-08-22 22:52:20 ----D---- C:\Program Files\NetMeeting
2009-08-22 22:52:20 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-08-22 22:52:20 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-08-22 22:52:20 ----A---- C:\WINDOWS\system32\acctres.dll
2009-08-22 22:52:19 ----D---- C:\Program Files\Common Files\Services
2009-08-22 22:52:18 ----A---- C:\WINDOWS\system32\inetres.dll
2009-08-22 22:52:17 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-08-22 22:52:13 ----SD---- C:\WINDOWS\Tasks
2009-08-22 22:52:13 ----D---- C:\Program Files\Outlook Express
2009-08-22 22:52:13 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-08-22 22:52:13 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-08-22 22:52:13 ----A---- C:\WINDOWS\system32\mstask.dll
2009-08-22 22:52:13 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-08-22 22:52:12 ----A---- C:\WINDOWS\system32\isign32.dll
2009-08-22 22:52:12 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-08-22 22:52:12 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-08-22 22:52:12 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-08-22 22:52:10 ----D---- C:\Program Files\Common Files\MSSoap
2009-08-22 22:52:04 ----D---- C:\Program Files\Common Files\System
2009-08-22 22:52:02 ----D---- C:\Program Files\Internet Explorer
2009-08-22 22:51:08 ----D---- C:\Program Files\ComPlus Applications
2009-08-22 22:51:06 ----A---- C:\WINDOWS\vbaddin.ini
2009-08-22 22:51:06 ----A---- C:\WINDOWS\vb.ini
2009-08-22 22:51:01 ----D---- C:\WINDOWS\Registration
2009-08-22 22:50:53 ----HD---- C:\Program Files\WindowsUpdate
2009-08-22 22:50:53 ----D---- C:\Program Files\Online Services
2009-08-22 22:50:46 ----D---- C:\Program Files\Messenger
2009-08-22 22:50:39 ----D---- C:\Program Files\MSN
2009-08-22 22:50:36 ----D---- C:\Program Files\MSN Gaming Zone
2009-08-22 22:50:36 ----A---- C:\WINDOWS\system32\write.exe
2009-08-22 22:50:25 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-08-22 22:50:25 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-08-22 22:50:24 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-08-22 22:50:24 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-08-22 22:50:24 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-08-22 22:50:24 ----A---- C:\WINDOWS\system32\hticons.dll
2009-08-22 22:50:24 ----A---- C:\WINDOWS\system32\avwav.dll
2009-08-22 22:50:24 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-08-22 22:50:24 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-08-22 22:50:23 ----D---- C:\Program Files\Windows NT
2009-08-22 22:50:23 ----A---- C:\WINDOWS\system32\winchat.exe
2009-08-22 22:50:22 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-08-22 22:50:17 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-08-22 22:50:16 ----A---- C:\WINDOWS\system32\getuname.dll
2009-08-22 22:50:16 ----A---- C:\WINDOWS\system32\charmap.exe
2009-08-22 22:50:15 ----A---- C:\WINDOWS\system32\winmine.exe
2009-08-22 22:50:15 ----A---- C:\WINDOWS\system32\spider.exe
2009-08-22 22:50:15 ----A---- C:\WINDOWS\system32\sol.exe
2009-08-22 22:50:15 ----A---- C:\WINDOWS\system32\calc.exe
2009-08-22 22:50:14 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-08-22 22:50:14 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-08-22 22:50:14 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-08-22 22:50:14 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-08-22 22:50:14 ----A---- C:\WINDOWS\system32\freecell.exe
2009-08-22 22:50:13 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-08-22 22:50:13 ----A---- C:\WINDOWS\system32\reset.exe
2009-08-22 22:50:13 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-08-22 22:50:13 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-08-22 22:50:13 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-08-22 22:50:13 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-08-22 22:50:13 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-08-22 22:50:12 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-08-22 22:50:12 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-08-22 22:50:12 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-08-22 22:50:12 ----A---- C:\WINDOWS\system32\tskill.exe
2009-08-22 22:50:12 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-08-22 22:50:12 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-08-22 22:50:12 ----A---- C:\WINDOWS\system32\tscon.exe
2009-08-22 22:50:12 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-08-22 22:50:12 ----A---- C:\WINDOWS\system32\shadow.exe
2009-08-22 22:50:12 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-08-22 22:50:12 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-08-22 22:50:11 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-08-22 22:50:11 ----A---- C:\WINDOWS\system32\regini.exe
2009-08-22 22:50:11 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-08-22 22:50:11 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-08-22 22:50:11 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-08-22 22:50:11 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-08-22 22:50:11 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-08-22 22:50:11 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-08-22 22:50:11 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-08-22 22:50:11 ----A---- C:\WINDOWS\system32\msg.exe
2009-08-22 22:50:11 ----A---- C:\WINDOWS\system32\logoff.exe
2009-08-22 22:50:11 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-08-22 22:50:10 ----D---- C:\WINDOWS\system32\MsDtc
2009-08-22 22:50:10 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-08-22 22:50:10 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-08-22 22:50:10 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-08-22 22:50:10 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-08-22 22:50:10 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-08-22 22:50:10 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-08-22 22:50:09 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-08-22 22:50:09 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-08-22 22:50:09 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-08-22 22:50:09 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-08-22 22:50:08 ----D---- C:\WINDOWS\system32\Com
2009-08-22 22:50:08 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-08-22 22:50:08 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-08-22 22:50:08 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-08-22 22:50:08 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-08-22 22:50:08 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-08-22 22:50:08 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-08-22 22:50:08 ----A---- C:\WINDOWS\system32\colbact.dll
2009-08-22 22:50:07 ----A---- C:\WINDOWS\system32\stclient.dll
2009-08-22 22:50:07 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-08-22 22:50:07 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-08-22 22:50:07 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-08-22 22:50:07 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-08-22 22:50:06 ----A---- C:\WINDOWS\system32\comuid.dll
2009-08-22 22:50:06 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-08-22 22:50:06 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-08-22 22:50:06 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-08-22 22:49:51 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-08-22 22:49:51 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-08-22 22:49:51 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-08-22 22:49:51 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-08-22 22:49:50 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-08-22 15:45:51 ----A---- C:\WINDOWS\system32\h323log.txt
2009-08-22 15:39:47 ----A---- C:\WINDOWS\system32\Atievxx.exe
2009-08-22 15:39:46 ----A---- C:\WINDOWS\system32\atidvai.dll
2009-08-22 15:39:34 ----A---- C:\WINDOWS\system32\usbui.dll
2009-08-22 15:39:28 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-08-22 15:37:49 ----A---- C:\WINDOWS\imsins.BAK
2009-08-22 15:37:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-22 15:37:43 ----D---- C:\Program Files\Common Files\ODBC
2009-08-22 15:37:43 ----A---- C:\WINDOWS\ODBCINST.INI
2009-08-22 15:37:40 ----RD---- C:\Program Files
2009-08-22 15:37:40 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-08-22 15:37:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-08-22 15:37:40 ----D---- C:\Program Files\Common Files
2009-08-22 15:37:37 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-08-22 15:37:37 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-08-22 15:37:37 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-08-22 15:37:35 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-08-22 15:37:35 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-08-22 15:37:35 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-08-22 15:37:35 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-08-22 15:37:35 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-08-22 15:37:35 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-08-22 15:37:35 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-08-22 15:37:35 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-08-22 15:37:35 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-08-22 15:37:35 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-08-22 15:37:35 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-08-22 15:37:35 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-08-22 15:37:33 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-08-22 15:37:33 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-08-22 15:37:33 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-08-22 15:37:33 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-08-22 15:37:33 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-08-22 15:37:33 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-08-22 15:37:33 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-08-22 15:37:31 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-08-22 15:37:31 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-08-22 15:37:31 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-08-22 15:37:31 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-08-22 15:37:31 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-08-22 15:37:30 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-08-22 15:37:30 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-08-22 15:37:30 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-08-22 15:37:30 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-08-22 15:37:30 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-08-22 15:37:29 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-08-22 15:37:29 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-08-22 15:37:29 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-08-22 15:37:29 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-08-22 15:37:29 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-08-22 15:37:29 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-08-22 15:37:29 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-08-22 15:37:29 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-08-22 15:37:26 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-08-22 15:37:26 ----A---- C:\WINDOWS\system32\irclass.dll
2009-08-22 15:37:26 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-08-22 15:37:26 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-08-22 15:37:26 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-08-22 15:37:26 ----A---- C:\WINDOWS\system32\batt.dll
2009-08-22 15:37:23 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-08-22 15:37:23 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-08-22 15:37:23 ----A---- C:\WINDOWS\system32\storprop.dll
2009-08-22 15:37:23 ----A---- C:\WINDOWS\notepad.exe
2009-08-22 15:37:13 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-08-22 15:37:10 ----RA---- C:\WINDOWS\SET7.tmp
2009-08-22 15:37:07 ----RA---- C:\WINDOWS\SET3.tmp
2009-08-22 15:37:00 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-22 15:37:00 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-22 15:36:54 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-22 15:36:37 ----D---- C:\Documents and Settings
2009-08-22 15:35:43 ----RASH---- C:\boot.ini
2009-08-22 15:32:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-22 15:32:00 ----RSD---- C:\WINDOWS\Fonts
2009-08-22 15:32:00 ----RD---- C:\WINDOWS\Web
2009-08-22 15:32:00 ----HD---- C:\WINDOWS\inf
2009-08-22 15:32:00 ----D---- C:\WINDOWS\WinSxS
2009-08-22 15:32:00 ----D---- C:\WINDOWS\twain_32
2009-08-22 15:32:00 ----D---- C:\WINDOWS\Temp
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\wins
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\wbem
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\usmt
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\spool
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\ShellExt
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\Setup
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\ras
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\oobe
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\npp
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\mui
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\inetsrv
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\IME
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\icsxml
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\ias
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\export
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\drivers
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\dhcp
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\config
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\3com_dmi
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\3076
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\2052
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\1054
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\1042
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\1041
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\1037
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\1033
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\1031
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\1028
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32\1025
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system32
2009-08-22 15:32:00 ----D---- C:\WINDOWS\system
2009-08-22 15:32:00 ----D---- C:\WINDOWS\security
2009-08-22 15:32:00 ----D---- C:\WINDOWS\Resources
2009-08-22 15:32:00 ----D---- C:\WINDOWS\repair
2009-08-22 15:32:00 ----D---- C:\WINDOWS\mui
2009-08-22 15:32:00 ----D---- C:\WINDOWS\msapps
2009-08-22 15:32:00 ----D---- C:\WINDOWS\msagent
2009-08-22 15:32:00 ----D---- C:\WINDOWS\Media
2009-08-22 15:32:00 ----D---- C:\WINDOWS\java
2009-08-22 15:32:00 ----D---- C:\WINDOWS\ime
2009-08-22 15:32:00 ----D---- C:\WINDOWS\Help
2009-08-22 15:32:00 ----D---- C:\WINDOWS\Driver Cache
2009-08-22 15:32:00 ----D---- C:\WINDOWS\Debug
2009-08-22 15:32:00 ----D---- C:\WINDOWS\Cursors
2009-08-22 15:32:00 ----D---- C:\WINDOWS\Connection Wizard
2009-08-22 15:32:00 ----D---- C:\WINDOWS\Config
2009-08-22 15:32:00 ----D---- C:\WINDOWS\AppPatch
2009-08-22 15:32:00 ----D---- C:\WINDOWS\addins
2009-08-22 15:32:00 ----D---- C:\WINDOWS
2009-08-03 15:07:42 ----A---- C:\WINDOWS\system32\OGAEXEC.exe
2009-08-03 15:07:42 ----A---- C:\WINDOWS\system32\OGACheckControl.dll
2009-08-03 15:07:42 ----A---- C:\WINDOWS\system32\OGAAddin.dll

======List of files/folders modified in the last 3 months======

2009-08-23 19:50:15 ----A---- C:\WINDOWS\win.ini
2009-08-23 14:37:39 ----RASH---- C:\NTDETECT.COM
2009-08-22 15:37:39 ----N---- C:\WINDOWS\system.ini
2009-08-13 08:16:05 ----A---- C:\WINDOWS\system32\jscript.dll
2009-08-06 19:24:18 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-08-06 19:24:04 ----A---- C:\WINDOWS\system32\cdm.dll
2009-08-06 19:23:46 ----A---- C:\WINDOWS\system32\muweb.dll
2009-08-05 02:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-07-28 21:37:01 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-07-28 21:37:01 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-07-19 19:03:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 06:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-17 11:55:28 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-14 04:03:14 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-07-13 23:43:24 ----N---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 23:43:24 ----N---- C:\WINDOWS\system32\wmp.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2009-09-25 89872]
R2 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2006-11-28 27072]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2009-09-25 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2009-09-25 225808]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2009-09-25 1223832]
R3 AR5211;Belkin Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\ar5211.sys [2007-10-26 549184]
R3 atimtai;atimtai; C:\WINDOWS\System32\DRIVERS\atimtai.sys [2001-08-17 281600]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EL556ND5;3Com 10/100 MiniPCI Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\EL556ND5.sys [2001-08-17 55999]
R3 JSWSCIMD;jswscimd Service; C:\WINDOWS\System32\DRIVERS\jswscimd.sys [2007-08-28 57344]
R3 maestro;ESS Maestro Audio Driver (WDM); C:\WINDOWS\system32\drivers\es198xdl.sys [2002-06-20 414400]
R3 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2009-09-25 339984]
R3 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WDHAALBA;WDHAALBAMiniPCI Winmodem; C:\WINDOWS\System32\DRIVERS\WDHAALBA.sys [2001-08-17 701386]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 AutoFileHandler;Automatic File Handler Service; C:\Program Files\VMEP\bin\AutoFileHandler.exe [2009-08-24 98304]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2009-09-25 715368]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\Belkin\F5D7010v8\jswpsapi.exe [2007-10-29 352338]
R3 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2009-09-25 345352]
R3 TmPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2009-09-25 497008]
R3 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-09-25 689416]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Atievxx.exe [2001-08-17 37376]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

by **bigdreamer02** » October 10th, 2009, 1:15 am

Info.txt reads as follows:
info.txt logfile of random's system information tool 1.06 2009-10-09 22:03:25

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee Photo Manager 2009-->MsiExec.exe /I{300578F9-9EFF-4B93-9AB1-C0E5707EF463}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Belkin Wireless G Cardbus Adapter-->C:\Program Files\InstallShield Installation Information\{E3935FBB-53C6-48BB-B9C4-1407AAD34523}\setup.exe -runfromtemp -l0x0409
e-Sword-->MsiExec.exe /I{42F83BB0-A2C5-405B-A3BA-64F1C5DD9DC1}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows XP Video Decoder Checkup Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DECCHECK.inf,Uninstall
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PC-GBS 5.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C4946A5-B24A-429D-A751-E9C9C945269F}\setup.exe" -l0x9 GBS52
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Trend Micro Internet Security Pro-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security Pro-->MsiExec.exe /X{9D2B0322-44AE-460E-9283-4D2D7A9205AE}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Walmart MP3 Music Downloads-->C:\Program Files\Walmart MP3 Music Downloads\uninstall.exe
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe
Wireshark 1.0.4-->"C:\Program Files\Wireshark\uninstall.exe"

======Security center information======

AV: Trend Micro Internet Security Pro (outdated)
FW: Trend Micro Personal Firewall

======System event log======

Computer Name: JONAMY
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 527
Source Name: Cdrom
Time Written: 20090823210834.000000-420
Event Type: error
User:

Computer Name: JONAMY
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 526
Source Name: Cdrom
Time Written: 20090823210827.000000-420
Event Type: error
User:

Computer Name: JONAMY
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 00173FF8CD26. The IP address being used is 169.254.196.125.

Record Number: 342
Source Name: Dhcp
Time Written: 20090823190224.000000-420
Event Type: warning
User:

Computer Name: JONAMY
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 00173FF8CD26. The IP address being used is 169.254.196.125.

Record Number: 314
Source Name: Dhcp
Time Written: 20090823185115.000000-420
Event Type: warning
User:

Computer Name: JONAMY
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00173FF8CD26. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 313
Source Name: Dhcp
Time Written: 20090823185106.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: JONAMY
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 48
Source Name: WinMgmt
Time Written: 20090823144737.000000-420
Event Type: warning
User: JONAMY\amyjon

Computer Name: JONAMY
Event Code: 4354
Message: The COM+ Event System failed to fire the ConnectionMade method on subscription {C10E1A7C-256D-4713-957A-0826D7A5AE51}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.
Record Number: 47
Source Name: EventSystem
Time Written: 20090823095044.000000-420
Event Type: warning
User:

Computer Name: JONAMY
Event Code: 4354
Message: The COM+ Event System failed to fire the ConnectionMade method on subscription {1C11308C-9219-4E18-956C-3DBBB075F15A}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.
Record Number: 41
Source Name: EventSystem
Time Written: 20090823092513.000000-420
Event Type: warning
User:

Computer Name: JONAMY
Event Code: 4354
Message: The COM+ Event System failed to fire the ConnectionMade method on subscription {9A8E02C2-150B-437B-8C98-AEF03461313D}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.
Record Number: 29
Source Name: EventSystem
Time Written: 20090823090957.000000-420
Event Type: warning
User:

Computer Name: JONAMY
Event Code: 4354
Message: The COM+ Event System failed to fire the StartShell method on subscription {A5978620-5B3F-F1D1-8ED2-00FA0035B753}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.
Record Number: 26
Source Name: EventSystem
Time Written: 20090823090205.000000-420
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=080a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

by **bigdreamer02** » October 10th, 2009, 1:41 pm

BSOD is an inconsistent problem and has not been seen since we disabled the automatic reboot.
I will post the details when they come up but generally the screen displays:
Physical memory dump.

by **Jack&Jill** » October 11th, 2009, 7:12 am

Hello bigdreamer02

,

No signs of malware so far. Just to be sure, we will take just one more step by doing an online scan.

The Antivirus in your Trend Micro Internet Security Pro package is outdated. It is advisable to update it regularly as a constant protection against viruses and the like. Outdated virus database will make your computer vulnerable to the newest and latest threats.

Please update your Adobe Reader to the latest.

Open Adobe Reader.
Go to Help on the pull down menu, then select Check for Updates....
Continue accordingly and close it when done.

Remove unwanted HijackThis entries

Open HijackThis.
Make sure you have close all programs, windows and browsers.
Click Do a system scan only and check (tick) the following entries (if still present) :
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Click Fix checked.
Exit HijackThis when completed.

You may delete this folder:
C:\Program Files\AVG

Do an online scan with Kaspersky Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.

Click here to go to Kaspersky Online Scanner page.
Click on the Kaspersky Online Scanner box. It will open a new IE window, scanning your computer if meet requirements.
Read through the requirements and privacy statement and click on the Accept button.
Download and installation of the scanner and virus definitions will begin. If prompted to install from Kaspersky, please proceed.
When the downloads have finished, click on Settings on the lower left of the window.
Make sure all these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
- Mail databases
Click on My Computer under Scan tab to start scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place as KasperskyScan.txt. Change the Files of type to Text file (.txt) before clicking on the Save button.
Post the contents of that report in your reply.

Another thing I noticed is that your RAM is quite low at 512MB only. How old is the laptop? Any hardware issues before?

Please post back:
1. new HijackThis log
2. the Kaspersky online scan result
3. the reply to my questions
4. BSOD details when available

Free Malware Removal Forum

Trojan and constant RAM dump

Trojan and constant RAM dump

Re: Trojan and constant RAM dump

Re: Trojan and constant RAM dump

Re: Trojan and constant RAM dump

Re: Trojan and constant RAM dump

Re: Trojan and constant RAM dump

Re: Trojan and constant RAM dump

Re: Trojan and constant RAM dump

Re: Trojan and constant RAM dump

Re: Trojan and constant RAM dump

Re: Trojan and constant RAM dump

Re: Trojan and constant RAM dump

Re: Trojan and constant RAM dump

Re: Trojan and constant RAM dump

Re: Trojan and constant RAM dump

Who is online