Hello Dakeyras, good evening
Well this was certainly a long process especially the Kaspersky download and scan.
Hoping that I am giving you good news and you will do the same LOL.
First off:Downloaded
ERUNT Next downloaded
OTMoveIT3 and followed the instructions.
Then I downloaded
Kaspersky which seemed like forever, then I ran the
scan which was also very long.
I have posted all my logs below, surprisingly there was no MALEWARE detected with the Kaspersky Scan.
***********************************
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\FOUND.008 moved successfully.
C:\windows\system32\..\fucxt.iye moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\kazaa\\ not found.
Registry key HKEY_CURRENT_USER\software\Wget\\ not found.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\\aux deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f743dfb-3fe1-11d9-88b1-806d6172696f}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\DEFAULT\LOCALS~1\Temp\~DF5D5E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\DEFAULT\LOCALS~1\Temp\~DF44FB.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\DEFAULT\LOCALS~1\Temp\~DF994C.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_148.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03212009_091313
Files moved on Reboot...
C:\DOCUME~1\DEFAULT\LOCALS~1\Temp\~DF5D5E.tmp moved successfully.
C:\DOCUME~1\DEFAULT\LOCALS~1\Temp\~DF44FB.tmp moved successfully.
C:\DOCUME~1\DEFAULT\LOCALS~1\Temp\~DF994C.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_148.dat not found!
************************
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, March 21, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, March 21, 2009 17:34:55
Records in database: 1946050
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
Scan statistics:
Files scanned: 43302
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:50:09
No malware has been detected. The scan area is clean.
The selected area was scanned.
***************************
Logfile of random's system information tool 1.05 (written by random/random)
Run by DEFAULT at 2009-03-21 13:56:29
Microsoft Windows XP Professional Service Pack 2
System drive C: has 62 GB (82%) free of 76 GB
Total RAM: 510 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:44 PM, on 3/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\CA\eTrust Internet Security Suite\ccschedulersvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\casc.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPCtlPriv.exe
C:\Documents and Settings\DEFAULT\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\DEFAULT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\eTrust Internet Security Suite\casc.exe
O4 - HKLM\..\Run: [CAPPActiveProtection] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe"
O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAAntiSpyware.exe /scan /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) -
http://www.ca.com/securityadvisor/pestscan/pestscan.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 9618271031O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 5445185281O17 - HKLM\System\CCS\Services\Tcpip\..\{CB0C6283-2840-409F-BF46-1CC7FE0F639A}: NameServer = 216.252.64.75 216.252.64.76
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccschedulersvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
--
End of file - 10013 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-01 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-25 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-25 657904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-25 522224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-01 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-01 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-25 251504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-02-10 155648]
"PRONoMgr.exe"=c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2002-10-23 86016]
"CAVRID"=C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe [2008-12-18 271600]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-09-01 176128]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-10-23 233472]
"DeviceDiscovery"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-05-21 229437]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-04-24 54784]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-01 136600]
"cctray"=C:\Program Files\CA\eTrust Internet Security Suite\casc.exe [2009-03-29 374000]
"CAPPActiveProtection"=C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe [2009-03-29 324848]
"CaPPcl"=C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAAntiSpyware.exe [2009-03-29 570608]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-03-15 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-05 68856]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\DEFAULT\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\WINDOWS\system32\UmxWnp.Dll [2007-06-06 79368]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2009-03-29 17:26:14 ----D---- C:\Program Files\Trend Micro
2009-03-21 09:13:13 ----D---- C:\_OTMoveIt
2009-03-21 08:57:44 ----D---- C:\Program Files\ERUNT
2009-03-18 21:03:22 ----D---- C:\WINDOWS\temp
2009-03-18 21:03:20 ----A---- C:\ComboFix.txt
2009-03-18 20:59:54 ----D---- C:\Combo-Fix
2009-03-18 20:57:12 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-16 19:10:55 ----A---- C:\Boot.bak
2009-03-16 19:10:53 ----RASHD---- C:\cmdcons
2009-03-16 18:54:19 ----A---- C:\WINDOWS\zip.exe
2009-03-16 18:54:19 ----A---- C:\WINDOWS\VFIND.exe
2009-03-16 18:54:19 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-03-16 18:54:19 ----A---- C:\WINDOWS\SWSC.exe
2009-03-16 18:54:19 ----A---- C:\WINDOWS\SWREG.exe
2009-03-16 18:54:19 ----A---- C:\WINDOWS\sed.exe
2009-03-16 18:54:19 ----A---- C:\WINDOWS\grep.exe
2009-03-16 18:54:19 ----A---- C:\WINDOWS\fdsv.exe
2009-03-14 11:39:42 ----A---- C:\WINDOWS\NIRCMD.exe
2009-03-14 11:39:26 ----D---- C:\WINDOWS\ERDNT
2009-03-14 11:30:35 ----D---- C:\Qoobox
2009-03-05 21:26:42 ----D---- C:\rsit
2009-03-05 00:29:50 ----D---- C:\Documents and Settings\DEFAULT\Application Data\Malwarebytes
2009-03-05 00:29:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-05 00:29:40 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-24 19:11:11 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-02-24 19:11:10 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-02-22 22:17:53 ----D---- C:\WINDOWS\pss
2009-02-22 21:30:16 ----A---- C:\WINDOWS\system32\isafprod.dll
======List of files/folders modified in the last 1 months======
2009-03-21 09:17:24 ----A---- C:\WINDOWS\ModemLog_U.S. Robotics V.92 Fax Host Int.txt
2009-03-21 09:15:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-18 21:02:06 ----A---- C:\WINDOWS\system.ini
2009-03-16 19:10:56 ----RASH---- C:\boot.ini
2009-02-22 23:38:02 ----A---- C:\WINDOWS\win.ini
2009-02-22 21:32:54 ----A---- C:\caisslog.txt
2009-02-22 21:30:18 ----A---- C:\caavsetupLog.txt
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-15 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2006-03-15 14848]
R1 KmxAgent;KmxAgent; C:\WINDOWS\System32\DRIVERS\kmxagent.sys [2008-11-18 72696]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2008-12-18 879760]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2008-12-18 21488]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2008-12-18 26352]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2008-12-18 161008]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2008-12-18 21104]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-04-24 730092]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-03-15 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\USR_MDMV.sys [2005-08-08 1035008]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\USR_BSC2.sys [2005-08-08 231168]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
R3 KmxCfg;KmxCfg; C:\WINDOWS\System32\DRIVERS\kmxcfg.sys [2008-12-12 205304]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-15 12160]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-03-15 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-15 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-15 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-03-15 20480]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2008-12-18 108288]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_USR.sys [2005-08-08 729728]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-15 26496]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CAISafe;CAISafe; C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe [2008-12-18 144696]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 ccSchedulerSVC;CA Common Scheduler Service; C:\Program Files\CA\eTrust Internet Security Suite\ccschedulersvc.exe [2009-03-29 128240]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2008-09-29 283888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-01 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-09-22 53248]
R2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2008-12-12 1153528]
R2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2008-12-10 797176]
R2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-12-19 297464]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe [2008-12-18 292080]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe [2009-03-29 259312]
R3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPCtlPriv.exe [2009-03-29 222448]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-25 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2006-03-15 14336]
S3 NetSvc;Intel NCS NetService; c:\Program Files\Intel\NCS\Sync\NetSvc.exe [2002-09-27 139264]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2006-03-15 38912]
S4 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-06-14 323584]
-----------------EOF-----------------
Talk with you tomorrow, nite
Anne