Log:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Me at 2010-09-23 07:18:44
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 6 GB (17%) free of 38 GB
Total RAM: 383 MB (33% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:19:01 AM, on 23/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Me\Desktop\RSIT.exe
C:\Program Files\trend micro\Me.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptopR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.library.ubc.ca:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Tsa.exe] "C:\Program Files\TELUS\TELUS security advisor\Tsa.exe" /AUTORUN
O4 - HKLM\..\Run: [GlobeCom_Full_Client_McciTrayApp] "C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRschO] C:\DOCUME~1\Mike\LOCALS~1\Temp\yg3ubcxx10.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKcrc] C:\WINDOWS\login.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRnfM] C:\DOCUME~1\Mike\LOCALS~1\Temp\e9dukf8.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKee] C:\WINDOWS\user.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [Nfosireyil] rundll32.exe "C:\Documents and Settings\Mike\Local Settings\Application Data\colph401.dll",Startup (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKZe] C:\WINDOWS\avp.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKese] C:\WINDOWS\svchost.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRpuc] C:\DOCUME~1\Mike\LOCALS~1\Temp\lsass.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRsPc] C:\DOCUME~1\Mike\LOCALS~1\Temp\win16.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRrvc] C:\DOCUME~1\Mike\LOCALS~1\Temp\setup.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKZSc] C:\WINDOWS\avp32.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRrxe] C:\DOCUME~1\Mike\LOCALS~1\Temp\system.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKfsc] C:\WINDOWS\winlogon.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRssc] C:\DOCUME~1\Mike\LOCALS~1\Temp\winlogon.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKfpe] C:\WINDOWS\winamp.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRnsc] C:\DOCUME~1\Mike\LOCALS~1\Temp\drweb.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRspe] C:\DOCUME~1\Mike\LOCALS~1\Temp\winamp.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKaZ] C:\WINDOWS\cmd.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKexe] C:\WINDOWS\system.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKetc] C:\WINDOWS\sysedit.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRnoc] C:\DOCUME~1\Mike\LOCALS~1\Temp\debug.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [handlerfix70700en00.exe] C:\Documents and Settings\Mike\Application Data\39395100633A10AE9AF9F51C5D8432B7\handlerfix70700en00.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [COM+ Manager] "C:\Documents and Settings\Mike\.COMMgr\complmgr.exe" (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [OTGV1DNWQQ] C:\WINDOWS\Njiwaa.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [YXE7DXCQ37] C:\DOCUME~1\Mike\LOCALS~1\Temp\Npx.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [Jkumariw] rundll32.exe "C:\Documents and Settings\Mike\Local Settings\Application Data\ofewofeh.dll",Startup (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKeella/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] C:\WINDOWS\user.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRnfMomd.com/dw/dw.php?id=%s&ver=d01] C:\DOCUME~1\Mike\LOCALS~1\Temp\e9dukf8.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKasc] C:\WINDOWS\drweb.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRrta] C:\DOCUME~1\Mike\LOCALS~1\Temp\services.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKfPc] C:\WINDOWS\win16.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKbuqc] C:\WINDOWS\iexplarer.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRotc] C:\DOCUME~1\Mike\LOCALS~1\Temp\hexdump.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKcZ] C:\WINDOWS\mdm.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKfre] C:\WINDOWS\wininst.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKaoc] C:\WINDOWS\debug.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRsa] C:\DOCUME~1\Mike\LOCALS~1\Temp\win.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRmSc] C:\DOCUME~1\Mike\LOCALS~1\Temp\avp32.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRrse] C:\DOCUME~1\Mike\LOCALS~1\Temp\svchost.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRme] C:\DOCUME~1\Mike\LOCALS~1\Temp\avp.exe (User 'Mike')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... -
res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/Mi ... b31267.cabO16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) -
https://www.yardiaspcn6.com/23568lesres ... iewer9.cabO16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) -
http://mlslink.mlxchange.com/Control/Mu ... mboBox.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebook.com/controls/Fac ... loader.cabO16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) -
http://vanmappub.vancouver.ca/download/mgaxctrl.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://go.divx.com/plugin/DivXBrowserPlugin.cabO16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) -
http://mlslink.mlxchange.com/Control/MLXClientUtils.cabO16 - DPF: {74485F99-60D0-45F9-94B0-C99F76F09D0B} (Express Uploader Control) -
http://www.londondrugs.com/photolab/Ima ... oader6.cabO16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) -
http://www.shockwave.com/content/barnya ... nstall.cabO16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) -
http://mlslink.mlxchange.com/Control/IRCSharc.cabO16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) -
http://www.shockwave.com/content/tumblebugs/axhost.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cabO16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) -
http://photo.walmart.com/photo/uploads/ ... Client.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMe ... loader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZI ... b32846.cabO16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) -
http://costco.pnimedia.com/upload/activ ... ontrol.cabO16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) -
http://a532.g.akamai.net/f/532/6712/4h/ ... taller.exeO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cabO16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) -
http://messenger.zone.msn.com/binary/WoF.cab31267.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
http://www.shockwave.com/content/zuma/p ... der_v5.cabO16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) -
https://merlin.telus.net/wizlet/Merlin1 ... Wizard.cabO16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) -
http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) -
http://walmart.pnimedia.com/upload/acti ... .0.0.9.cab?
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/So ... b31267.cabO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 17468 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-15 278192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-07-15 814648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-14 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-14 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-15 278192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2003-10-07 159744]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-08-24 88363]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2004-03-01 200766]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-03-25 335872]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-08-19 290816]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Tsa.exe"=C:\Program Files\TELUS\TELUS security advisor\Tsa.exe [2009-10-23 3245296]
"GlobeCom_Full_Client_McciTrayApp"=C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe [2009-10-05 1528832]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-13 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-03-25 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
======List of files/folders created in the last 1 months======
2010-09-23 07:18:44 ----D---- C:\rsit
2010-09-21 20:27:57 ----D---- C:\WINDOWS\temp
2010-09-21 20:27:48 ----A---- C:\ComboFix.txt
2010-09-21 19:39:14 ----A---- C:\Boot.bak
2010-09-21 19:39:04 ----RASHD---- C:\cmdcons
2010-09-21 19:34:23 ----A---- C:\WINDOWS\zip.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\SWSC.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\SWREG.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\sed.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\PEV.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\NIRCMD.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\MBR.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\grep.exe
2010-09-21 19:34:15 ----D---- C:\WINDOWS\ERDNT
2010-09-21 19:33:43 ----D---- C:\Qoobox
2010-09-18 16:08:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-18 16:08:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-18 16:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-18 16:08:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-18 16:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-18 16:07:29 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-17 07:04:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-09-16 19:40:20 ----D---- C:\Documents and Settings\Me\Application Data\Malwarebytes
2010-09-16 19:40:02 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-09-16 19:40:01 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-09-16 19:40:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-09-16 19:40:00 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-09-16 07:25:25 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2010-09-14 10:09:35 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-09-14 10:09:10 ----A---- C:\WINDOWS\system32\javaws.exe
2010-09-14 10:09:10 ----A---- C:\WINDOWS\system32\javaw.exe
2010-09-14 10:09:10 ----A---- C:\WINDOWS\system32\java.exe
2010-09-14 10:09:10 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-09-14 09:00:23 ----D---- C:\Program Files\Trend Micro
2010-09-14 07:23:49 ----D---- C:\fee95291534d7f02c2a7ac079fe4f7
2010-09-14 07:23:44 ----D---- C:\ce0170b554a64c47e2c87b387ad010
2010-09-14 07:23:42 ----D---- C:\7d2e028758266725872881f1ddb3
2010-09-14 07:23:40 ----D---- C:\_395375_
2010-09-14 07:23:36 ----D---- C:\f18609db94f14f805b30
2010-09-14 07:23:34 ----D---- C:\45e92621205f66461998a3499b3a
2010-09-14 07:23:32 ----D---- C:\_387375_
2010-09-14 07:23:30 ----D---- C:\772c09f5e7db99afbacfd2b9ce7387b3
2010-09-14 07:23:23 ----D---- C:\1363f5f844bd7cd1114a6845
2010-09-14 07:23:22 ----D---- C:\a60030cd7edb4ab583d5512c525b1a
2010-09-14 07:23:20 ----D---- C:\b64b05fa5312736394bf2a3d9a4d6f
2010-09-14 07:23:19 ----D---- C:\baa93d9d2337e028615428
2010-09-14 07:23:16 ----D---- C:\74fc28ba119392c2ec4ab16f87
2010-09-14 07:23:13 ----D---- C:\49356d2d6db7be74b37f
2010-09-14 07:23:12 ----D---- C:\855e840173f3c955469a5de3e8a0
2010-09-14 07:23:09 ----D---- C:\09b61d8503b6f1063e7d
2010-09-14 07:23:06 ----D---- C:\3bd899fd5d368e2470128d73
2010-09-14 07:23:05 ----D---- C:\34405c64724bcc7260a5d2a617
2010-09-14 07:23:04 ----D---- C:\b2311185d3286ebdf40d61
2010-09-14 07:23:02 ----D---- C:\8b2ca3708f2e95c0f54455a9
2010-09-14 07:23:02 ----D---- C:\1b772185add08dd58f70bcdd
2010-09-14 07:23:01 ----D---- C:\46d5bd0e610e5d22adf178a7aad057
2010-09-14 07:23:00 ----D---- C:\_354765_
2010-09-14 07:22:59 ----D---- C:\36e4488e4304ef69cc62e050f3bf9f
2010-09-14 07:22:50 ----D---- C:\0b1693e4b4013143f45008a1
2010-09-14 07:22:37 ----D---- C:\f5a143b055983d38ebe83f85ec70
2010-09-14 07:22:35 ----D---- C:\5726e76afb49aefa2862cf6ed77d1816
2010-09-14 07:22:30 ----D---- C:\01037b456d7f32495cf6
2010-09-14 07:22:29 ----D---- C:\800207c25078d57021
2010-09-14 07:22:26 ----D---- C:\97b5f47469907e8021f12433f307cf8c
2010-09-14 07:22:21 ----D---- C:\682d8b45f17a47eb80
2010-09-14 07:22:11 ----D---- C:\163e489d03d0f8454de81ae92d2aa0
2010-09-14 07:22:07 ----D---- C:\e22844eb387ffac5a5f54c
2010-09-14 07:22:05 ----D---- C:\a8bfe3407e0cde3bd7
2010-09-14 07:22:01 ----D---- C:\d5a2a239ade084b0b4f9cb09827b
2010-09-14 07:21:59 ----D---- C:\1e87559810e58889e080317641cbf6
2010-09-14 07:21:58 ----D---- C:\e2dafad9f0ac5bc0b006a2
2010-09-14 07:21:55 ----D---- C:\727b8619740fdd671a033f
2010-09-14 07:21:44 ----D---- C:\252556a334ae64cfce30bdf96b68
2010-09-14 07:21:37 ----D---- C:\13c7d0076909ef466122f692
2010-09-14 07:21:32 ----D---- C:\3c697eabe6e3a4d6ffc61586ed
2010-09-14 07:21:30 ----D---- C:\e9630b88bf46840222ac
2010-09-14 07:21:29 ----D---- C:\1283d0bc00835eeb6f3f0d
2010-09-14 07:21:26 ----D---- C:\09a232c927e2281bd5c6
2010-09-14 07:21:21 ----D---- C:\c51af5b61f3d6c87d52b27292c2f
2010-09-13 20:20:45 ----D---- C:\96.tmp
2010-09-13 11:14:20 ----ASH---- C:\hiberfil.sys
2010-09-13 10:04:23 ----A---- C:\WINDOWS\ntbtlog.txt
2010-09-13 10:02:44 ----A---- C:\WINDOWS\lsrslt.ini
======List of files/folders modified in the last 1 months======
2010-09-21 20:27:59 ----D---- C:\WINDOWS\system32\drivers
2010-09-21 20:27:57 ----D---- C:\WINDOWS
2010-09-21 20:24:32 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-21 20:16:23 ----D---- C:\WINDOWS\system32
2010-09-21 20:16:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-09-21 20:14:52 ----A---- C:\WINDOWS\system.ini
2010-09-21 20:14:15 ----D---- C:\WINDOWS\system32\drivers\etc
2010-09-21 20:01:40 ----D---- C:\WINDOWS\system32\config
2010-09-21 19:54:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-09-21 19:50:45 ----D---- C:\WINDOWS\AppPatch
2010-09-21 19:50:45 ----D---- C:\Program Files\Common Files
2010-09-21 19:39:14 ----RASH---- C:\boot.ini
2010-09-21 19:34:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-21 19:34:22 ----SHD---- C:\System Volume Information
2010-09-21 19:34:22 ----D---- C:\WINDOWS\system32\Restore
2010-09-21 19:34:15 ----D---- C:\WINDOWS\Prefetch
2010-09-18 16:08:55 ----HD---- C:\WINDOWS\inf
2010-09-18 16:08:43 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-18 16:08:40 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-09-18 16:08:40 ----A---- C:\WINDOWS\imsins.BAK
2010-09-17 07:05:36 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-16 22:21:30 ----D---- C:\WINDOWS\addins
2010-09-16 22:15:58 ----SD---- C:\WINDOWS\Tasks
2010-09-16 19:40:00 ----RD---- C:\Program Files
2010-09-14 10:28:39 ----SHD---- C:\WINDOWS\Installer
2010-09-14 10:28:39 ----SD---- C:\Documents and Settings\Me\Application Data\Microsoft
2010-09-14 10:28:39 ----D---- C:\Config.Msi
2010-09-14 10:09:33 ----D---- C:\Program Files\Common Files\Java
2010-09-14 10:08:12 ----D---- C:\Program Files\Java
2010-09-14 08:17:36 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-09-13 10:04:57 ----D---- C:\Documents and Settings
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 atiide;atiide; C:\WINDOWS\system32\DRIVERS\atiide.sys [2004-04-14 5632]
R0 caboagp;ATI Cabo AGP Filter; C:\WINDOWS\system32\DRIVERS\atisgkaf.sys [2003-04-23 13174]
R0 DevUpper;TI UltraMedia CardBus Controller Filter Driver; C:\WINDOWS\system32\DRIVERS\tiumflt.sys [2003-08-08 8448]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-05-02 36624]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-08-24 1268204]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-10-07 94601]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-03-25 680960]
R3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-08-04 341760]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2003-10-23 46976]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-01 612032]
S2 RPSKT;Security Services Driver (x86); C:\WINDOWS\system32\DRIVERS\rp_skt32.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-01-31 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-01-31 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-01-31 21568]
S3 mbr;mbr; \??\C:\DOCUME~1\Me\LOCALS~1\Temp\mbr.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\IOGEAR\CONFIG~1\PCAMPR5.SYS []
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\IOGEAR\CONFIG~1\PLCNDIS5.SYS []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 tiumfwl;tiumfwl; C:\WINDOWS\system32\drivers\tiumfwl.sys [2003-02-18 42092]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-03-25 397312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-14 153376]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2009-12-10 319488]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-11-22 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-30 182768]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-07-27 98304]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
Info:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Me at 2010-09-23 07:18:44
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 6 GB (17%) free of 38 GB
Total RAM: 383 MB (33% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:19:01 AM, on 23/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Me\Desktop\RSIT.exe
C:\Program Files\trend micro\Me.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptopR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.library.ubc.ca:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Tsa.exe] "C:\Program Files\TELUS\TELUS security advisor\Tsa.exe" /AUTORUN
O4 - HKLM\..\Run: [GlobeCom_Full_Client_McciTrayApp] "C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRschO] C:\DOCUME~1\Mike\LOCALS~1\Temp\yg3ubcxx10.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKcrc] C:\WINDOWS\login.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRnfM] C:\DOCUME~1\Mike\LOCALS~1\Temp\e9dukf8.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKee] C:\WINDOWS\user.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [Nfosireyil] rundll32.exe "C:\Documents and Settings\Mike\Local Settings\Application Data\colph401.dll",Startup (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKZe] C:\WINDOWS\avp.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKese] C:\WINDOWS\svchost.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRpuc] C:\DOCUME~1\Mike\LOCALS~1\Temp\lsass.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRsPc] C:\DOCUME~1\Mike\LOCALS~1\Temp\win16.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRrvc] C:\DOCUME~1\Mike\LOCALS~1\Temp\setup.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKZSc] C:\WINDOWS\avp32.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRrxe] C:\DOCUME~1\Mike\LOCALS~1\Temp\system.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKfsc] C:\WINDOWS\winlogon.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRssc] C:\DOCUME~1\Mike\LOCALS~1\Temp\winlogon.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKfpe] C:\WINDOWS\winamp.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRnsc] C:\DOCUME~1\Mike\LOCALS~1\Temp\drweb.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRspe] C:\DOCUME~1\Mike\LOCALS~1\Temp\winamp.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKaZ] C:\WINDOWS\cmd.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKexe] C:\WINDOWS\system.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKetc] C:\WINDOWS\sysedit.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRnoc] C:\DOCUME~1\Mike\LOCALS~1\Temp\debug.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [handlerfix70700en00.exe] C:\Documents and Settings\Mike\Application Data\39395100633A10AE9AF9F51C5D8432B7\handlerfix70700en00.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [COM+ Manager] "C:\Documents and Settings\Mike\.COMMgr\complmgr.exe" (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [OTGV1DNWQQ] C:\WINDOWS\Njiwaa.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [YXE7DXCQ37] C:\DOCUME~1\Mike\LOCALS~1\Temp\Npx.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [Jkumariw] rundll32.exe "C:\Documents and Settings\Mike\Local Settings\Application Data\ofewofeh.dll",Startup (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKeella/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] C:\WINDOWS\user.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRnfMomd.com/dw/dw.php?id=%s&ver=d01] C:\DOCUME~1\Mike\LOCALS~1\Temp\e9dukf8.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKasc] C:\WINDOWS\drweb.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRrta] C:\DOCUME~1\Mike\LOCALS~1\Temp\services.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKfPc] C:\WINDOWS\win16.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKbuqc] C:\WINDOWS\iexplarer.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRotc] C:\DOCUME~1\Mike\LOCALS~1\Temp\hexdump.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKcZ] C:\WINDOWS\mdm.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKfre] C:\WINDOWS\wininst.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKaoc] C:\WINDOWS\debug.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRsa] C:\DOCUME~1\Mike\LOCALS~1\Temp\win.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRmSc] C:\DOCUME~1\Mike\LOCALS~1\Temp\avp32.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRrse] C:\DOCUME~1\Mike\LOCALS~1\Temp\svchost.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRme] C:\DOCUME~1\Mike\LOCALS~1\Temp\avp.exe (User 'Mike')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... -
res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/Mi ... b31267.cabO16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) -
https://www.yardiaspcn6.com/23568lesres ... iewer9.cabO16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) -
http://mlslink.mlxchange.com/Control/Mu ... mboBox.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebook.com/controls/Fac ... loader.cabO16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) -
http://vanmappub.vancouver.ca/download/mgaxctrl.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://go.divx.com/plugin/DivXBrowserPlugin.cabO16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) -
http://mlslink.mlxchange.com/Control/MLXClientUtils.cabO16 - DPF: {74485F99-60D0-45F9-94B0-C99F76F09D0B} (Express Uploader Control) -
http://www.londondrugs.com/photolab/Ima ... oader6.cabO16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) -
http://www.shockwave.com/content/barnya ... nstall.cabO16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) -
http://mlslink.mlxchange.com/Control/IRCSharc.cabO16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) -
http://www.shockwave.com/content/tumblebugs/axhost.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cabO16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) -
http://photo.walmart.com/photo/uploads/ ... Client.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMe ... loader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZI ... b32846.cabO16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) -
http://costco.pnimedia.com/upload/activ ... ontrol.cabO16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) -
http://a532.g.akamai.net/f/532/6712/4h/ ... taller.exeO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cabO16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) -
http://messenger.zone.msn.com/binary/WoF.cab31267.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
http://www.shockwave.com/content/zuma/p ... der_v5.cabO16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) -
https://merlin.telus.net/wizlet/Merlin1 ... Wizard.cabO16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) -
http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) -
http://walmart.pnimedia.com/upload/acti ... .0.0.9.cab?
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/So ... b31267.cabO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 17468 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-15 278192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-07-15 814648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-14 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-14 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-15 278192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2003-10-07 159744]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-08-24 88363]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2004-03-01 200766]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-03-25 335872]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-08-19 290816]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Tsa.exe"=C:\Program Files\TELUS\TELUS security advisor\Tsa.exe [2009-10-23 3245296]
"GlobeCom_Full_Client_McciTrayApp"=C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe [2009-10-05 1528832]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-13 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-03-25 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
======List of files/folders created in the last 1 months======
2010-09-23 07:18:44 ----D---- C:\rsit
2010-09-21 20:27:57 ----D---- C:\WINDOWS\temp
2010-09-21 20:27:48 ----A---- C:\ComboFix.txt
2010-09-21 19:39:14 ----A---- C:\Boot.bak
2010-09-21 19:39:04 ----RASHD---- C:\cmdcons
2010-09-21 19:34:23 ----A---- C:\WINDOWS\zip.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\SWSC.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\SWREG.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\sed.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\PEV.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\NIRCMD.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\MBR.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\grep.exe
2010-09-21 19:34:15 ----D---- C:\WINDOWS\ERDNT
2010-09-21 19:33:43 ----D---- C:\Qoobox
2010-09-18 16:08:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-18 16:08:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-18 16:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-18 16:08:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-18 16:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-18 16:07:29 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-17 07:04:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-09-16 19:40:20 ----D---- C:\Documents and Settings\Me\Application Data\Malwarebytes
2010-09-16 19:40:02 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-09-16 19:40:01 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-09-16 19:40:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-09-16 19:40:00 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-09-16 07:25:25 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2010-09-14 10:09:35 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-09-14 10:09:10 ----A---- C:\WINDOWS\system32\javaws.exe
2010-09-14 10:09:10 ----A---- C:\WINDOWS\system32\javaw.exe
2010-09-14 10:09:10 ----A---- C:\WINDOWS\system32\java.exe
2010-09-14 10:09:10 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-09-14 09:00:23 ----D---- C:\Program Files\Trend Micro
2010-09-14 07:23:49 ----D---- C:\fee95291534d7f02c2a7ac079fe4f7
2010-09-14 07:23:44 ----D---- C:\ce0170b554a64c47e2c87b387ad010
2010-09-14 07:23:42 ----D---- C:\7d2e028758266725872881f1ddb3
2010-09-14 07:23:40 ----D---- C:\_395375_
2010-09-14 07:23:36 ----D---- C:\f18609db94f14f805b30
2010-09-14 07:23:34 ----D---- C:\45e92621205f66461998a3499b3a
2010-09-14 07:23:32 ----D---- C:\_387375_
2010-09-14 07:23:30 ----D---- C:\772c09f5e7db99afbacfd2b9ce7387b3
2010-09-14 07:23:23 ----D---- C:\1363f5f844bd7cd1114a6845
2010-09-14 07:23:22 ----D---- C:\a60030cd7edb4ab583d5512c525b1a
2010-09-14 07:23:20 ----D---- C:\b64b05fa5312736394bf2a3d9a4d6f
2010-09-14 07:23:19 ----D---- C:\baa93d9d2337e028615428
2010-09-14 07:23:16 ----D---- C:\74fc28ba119392c2ec4ab16f87
2010-09-14 07:23:13 ----D---- C:\49356d2d6db7be74b37f
2010-09-14 07:23:12 ----D---- C:\855e840173f3c955469a5de3e8a0
2010-09-14 07:23:09 ----D---- C:\09b61d8503b6f1063e7d
2010-09-14 07:23:06 ----D---- C:\3bd899fd5d368e2470128d73
2010-09-14 07:23:05 ----D---- C:\34405c64724bcc7260a5d2a617
2010-09-14 07:23:04 ----D---- C:\b2311185d3286ebdf40d61
2010-09-14 07:23:02 ----D---- C:\8b2ca3708f2e95c0f54455a9
2010-09-14 07:23:02 ----D---- C:\1b772185add08dd58f70bcdd
2010-09-14 07:23:01 ----D---- C:\46d5bd0e610e5d22adf178a7aad057
2010-09-14 07:23:00 ----D---- C:\_354765_
2010-09-14 07:22:59 ----D---- C:\36e4488e4304ef69cc62e050f3bf9f
2010-09-14 07:22:50 ----D---- C:\0b1693e4b4013143f45008a1
2010-09-14 07:22:37 ----D---- C:\f5a143b055983d38ebe83f85ec70
2010-09-14 07:22:35 ----D---- C:\5726e76afb49aefa2862cf6ed77d1816
2010-09-14 07:22:30 ----D---- C:\01037b456d7f32495cf6
2010-09-14 07:22:29 ----D---- C:\800207c25078d57021
2010-09-14 07:22:26 ----D---- C:\97b5f47469907e8021f12433f307cf8c
2010-09-14 07:22:21 ----D---- C:\682d8b45f17a47eb80
2010-09-14 07:22:11 ----D---- C:\163e489d03d0f8454de81ae92d2aa0
2010-09-14 07:22:07 ----D---- C:\e22844eb387ffac5a5f54c
2010-09-14 07:22:05 ----D---- C:\a8bfe3407e0cde3bd7
2010-09-14 07:22:01 ----D---- C:\d5a2a239ade084b0b4f9cb09827b
2010-09-14 07:21:59 ----D---- C:\1e87559810e58889e080317641cbf6
2010-09-14 07:21:58 ----D---- C:\e2dafad9f0ac5bc0b006a2
2010-09-14 07:21:55 ----D---- C:\727b8619740fdd671a033f
2010-09-14 07:21:44 ----D---- C:\252556a334ae64cfce30bdf96b68
2010-09-14 07:21:37 ----D---- C:\13c7d0076909ef466122f692
2010-09-14 07:21:32 ----D---- C:\3c697eabe6e3a4d6ffc61586ed
2010-09-14 07:21:30 ----D---- C:\e9630b88bf46840222ac
2010-09-14 07:21:29 ----D---- C:\1283d0bc00835eeb6f3f0d
2010-09-14 07:21:26 ----D---- C:\09a232c927e2281bd5c6
2010-09-14 07:21:21 ----D---- C:\c51af5b61f3d6c87d52b27292c2f
2010-09-13 20:20:45 ----D---- C:\96.tmp
2010-09-13 11:14:20 ----ASH---- C:\hiberfil.sys
2010-09-13 10:04:23 ----A---- C:\WINDOWS\ntbtlog.txt
2010-09-13 10:02:44 ----A---- C:\WINDOWS\lsrslt.ini
======List of files/folders modified in the last 1 months======
2010-09-21 20:27:59 ----D---- C:\WINDOWS\system32\drivers
2010-09-21 20:27:57 ----D---- C:\WINDOWS
2010-09-21 20:24:32 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-21 20:16:23 ----D---- C:\WINDOWS\system32
2010-09-21 20:16:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-09-21 20:14:52 ----A---- C:\WINDOWS\system.ini
2010-09-21 20:14:15 ----D---- C:\WINDOWS\system32\drivers\etc
2010-09-21 20:01:40 ----D---- C:\WINDOWS\system32\config
2010-09-21 19:54:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-09-21 19:50:45 ----D---- C:\WINDOWS\AppPatch
2010-09-21 19:50:45 ----D---- C:\Program Files\Common Files
2010-09-21 19:39:14 ----RASH---- C:\boot.ini
2010-09-21 19:34:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-21 19:34:22 ----SHD---- C:\System Volume Information
2010-09-21 19:34:22 ----D---- C:\WINDOWS\system32\Restore
2010-09-21 19:34:15 ----D---- C:\WINDOWS\Prefetch
2010-09-18 16:08:55 ----HD---- C:\WINDOWS\inf
2010-09-18 16:08:43 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-18 16:08:40 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-09-18 16:08:40 ----A---- C:\WINDOWS\imsins.BAK
2010-09-17 07:05:36 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-16 22:21:30 ----D---- C:\WINDOWS\addins
2010-09-16 22:15:58 ----SD---- C:\WINDOWS\Tasks
2010-09-16 19:40:00 ----RD---- C:\Program Files
2010-09-14 10:28:39 ----SHD---- C:\WINDOWS\Installer
2010-09-14 10:28:39 ----SD---- C:\Documents and Settings\Me\Application Data\Microsoft
2010-09-14 10:28:39 ----D---- C:\Config.Msi
2010-09-14 10:09:33 ----D---- C:\Program Files\Common Files\Java
2010-09-14 10:08:12 ----D---- C:\Program Files\Java
2010-09-14 08:17:36 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-09-13 10:04:57 ----D---- C:\Documents and Settings
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 atiide;atiide; C:\WINDOWS\system32\DRIVERS\atiide.sys [2004-04-14 5632]
R0 caboagp;ATI Cabo AGP Filter; C:\WINDOWS\system32\DRIVERS\atisgkaf.sys [2003-04-23 13174]
R0 DevUpper;TI UltraMedia CardBus Controller Filter Driver; C:\WINDOWS\system32\DRIVERS\tiumflt.sys [2003-08-08 8448]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-05-02 36624]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-08-24 1268204]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-10-07 94601]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-03-25 680960]
R3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-08-04 341760]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2003-10-23 46976]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-01 612032]
S2 RPSKT;Security Services Driver (x86); C:\WINDOWS\system32\DRIVERS\rp_skt32.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-01-31 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-01-31 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-01-31 21568]
S3 mbr;mbr; \??\C:\DOCUME~1\Me\LOCALS~1\Temp\mbr.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\IOGEAR\CONFIG~1\PCAMPR5.SYS []
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\IOGEAR\CONFIG~1\PLCNDIS5.SYS []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 tiumfwl;tiumfwl; C:\WINDOWS\system32\drivers\tiumfwl.sys [2003-02-18 42092]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-03-25 397312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-14 153376]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2009-12-10 319488]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-11-22 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-30 182768]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-07-27 98304]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------