Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Having virus or spyware or malware problems.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Having virus or spyware or malware problems.

Unread postby drhinebarger » March 31st, 2010, 7:51 pm

I can be at a random site than all of a sudden a alert pops up and says virus detected and than goes to another screen and says it is scanning now i think it says windows is scanning it or something but i just reformatted my computer not to long ago so there should be nothing on it, i have trend micro and seem to always some how get something on the computer. Also with my hotmail email account i always get post deliver status notice and it sends stuff to people on my list, wasnt sure if you knew what that was but the following is the log i got on hijackthis. Please let me know what i need to do. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:42 PM, on 3/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Desktop\explorer.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-220523388-1715567821-725345543-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Crystal')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://devryonline.webex.com/client/T2 ... eatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 4320 bytes
drhinebarger
Active Member
 
Posts: 7
Joined: March 31st, 2010, 7:46 pm
Top
Advertisement
Register to Remove

Re: Having virus or spyware or malware problems.

Unread postby MWR 3 day Mod » April 3rd, 2010, 11:16 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am
Top

Re: Having virus or spyware or malware problems.

Unread postby melboy » April 4th, 2010, 12:26 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please DO NOT run any other tools or scans whilst I am helping you.
  5. It is important that you reply to this thread. Do not start a new topic.
  6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  7. Absence of symptoms does not mean that everything is clear.


IMPORTANT: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


NOTE: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


=================================================================================================================


DeFogger

Download DeFogger from here and save it to your desktop.

Double click Defogger.exe to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.



random's system information tool (RSIT)

  • Download random's system information tool (RSIT) by random/random from HERE and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt (<<will be maximized)
    • info.txt (<<will be minimized)
  • Post both of these logs in your next reply (Sometimes you have to make several post to get the logs posted.)



Gmer

Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.



In your next reply:
  1. RSIT log.txt
  2. RSIT info.txt
  3. GMER log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: Having virus or spyware or malware problems.

Unread postby drhinebarger » April 4th, 2010, 6:30 pm

Here is the defroger_disable:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:25 on 04/04/2010 (User)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read tmactmon.sys
Unable to read tmcomm.sys
Unable to read tmevtmgr.sys


-=E.O.F=-


Here is the RSIT Info-

info.txt logfile of random's system information tool 1.06 2010-04-04 18:26:43

======Uninstall list======

-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}
Adobe Reader 9.3.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Citrix online plug-in (Web)-->MsiExec.exe /I{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Documents and Settings\User\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
MyScribe-->"C:\Program Files\CafeScribe\MyScribe\uninstall.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165-v2)-->"C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Trend Micro AntiVirus-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro AntiVirus-->MsiExec.exe /X{9D2B0322-44AE-460E-9283-4D2D7A9205AE}
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: Trend Micro AntiVirus

======System event log======

Computer Name: PREFERRE-52AA64
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 189
Source Name: Cdrom
Time Written: 20100319102711.000000-240
Event Type: error
User:

Computer Name: PREFERRE-52AA64
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 188
Source Name: Cdrom
Time Written: 20100319102705.000000-240
Event Type: error
User:

Computer Name: PREFERRE-52AA64
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 187
Source Name: Cdrom
Time Written: 20100319102659.000000-240
Event Type: error
User:

Computer Name: PREFERRE-52AA64
Event Code: 3019
Message: The redirector failed to determine the connection type.

Record Number: 186
Source Name: MRxSmb
Time Written: 20100319102658.000000-240
Event Type: warning
User:

Computer Name: PREFERRE-52AA64
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 81
Source Name: Cdrom
Time Written: 20100319101315.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: PREFERRE-52AA64
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 91
Source Name: Application Hang
Time Written: 20100324110450.000000-240
Event Type: error
User:

Computer Name: PREFERRE-52AA64
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 90
Source Name: Application Hang
Time Written: 20100324110450.000000-240
Event Type: error
User:

Computer Name: PREFERRE-52AA64
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 57
Source Name: WinMgmt
Time Written: 20100319121010.000000-240
Event Type: warning
User: PREFERRE-52AA64\User

Computer Name: PREFERRE-52AA64
Event Code: 1517
Message: Windows saved user PREFERRE-52AA64\User registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 52
Source Name: Userenv
Time Written: 20100319101632.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PREFERRE-52AA64
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 11
Source Name: WinMgmt
Time Written: 20100318193556.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
drhinebarger
Active Member
 
Posts: 7
Joined: March 31st, 2010, 7:46 pm
Top

Re: Having virus or spyware or malware problems.

Unread postby drhinebarger » April 4th, 2010, 6:49 pm

RSIT Log is:

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2010-04-04 18:47:47
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 70 GB (91%) free of 76 GB
Total RAM: 502 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:47:54 PM, on 4/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\trend micro\User.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://devryonline.webex.com/client/T2 ... eatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 4046 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-25 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2010-01-26 1020248]
"ConnectionCenter"=C:\Program Files\Citrix\ICA Client\concentr.exe [2009-09-12 103768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-04-04 18:26:34 ----D---- C:\rsit
2010-03-30 10:32:12 ----D---- C:\Documents and Settings\All Users\Application Data\09349833
2010-03-27 12:44:56 ----D---- C:\Documents and Settings\User\Application Data\Yahoo!
2010-03-27 12:38:17 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2010-03-27 12:37:12 ----D---- C:\WINDOWS\SxsCaPendDel
2010-03-27 12:36:04 ----D---- C:\Program Files\Yahoo!
2010-03-25 15:33:21 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-03-25 15:25:44 ----D---- C:\Documents and Settings\User\Application Data\Mozilla
2010-03-25 15:24:47 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-03-25 15:24:46 ----D---- C:\Program Files\Common Files\Java
2010-03-25 15:24:37 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-25 15:24:37 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-25 15:24:37 ----A---- C:\WINDOWS\system32\java.exe
2010-03-25 15:24:37 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-03-25 15:24:20 ----D---- C:\Program Files\Java
2010-03-25 15:24:04 ----D---- C:\Documents and Settings\User\Application Data\Sun
2010-03-23 21:11:44 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-03-23 21:11:15 ----D---- C:\Program Files\Common Files\Adobe
2010-03-23 21:11:15 ----D---- C:\Program Files\Adobe
2010-03-23 21:08:04 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-03-23 19:53:16 ----D---- C:\Documents and Settings\User\Application Data\webex
2010-03-21 23:43:45 ----D---- C:\WINDOWS\system32\Service
2010-03-21 17:00:53 ----D---- C:\Documents and Settings\User\Application Data\MyScribe
2010-03-21 17:00:50 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-03-21 17:00:06 ----D---- C:\Program Files\CafeScribe
2010-03-19 21:42:30 ----D---- C:\Documents and Settings\User\Application Data\ICAClient
2010-03-19 21:42:19 ----D---- C:\Program Files\Citrix
2010-03-19 20:59:36 ----D---- C:\Documents and Settings\User\Application Data\Adobe
2010-03-19 20:58:39 ----D---- C:\Documents and Settings\User\Application Data\Macromedia
2010-03-19 20:37:59 ----SHD---- C:\RECYCLER
2010-03-19 20:28:47 ----D---- C:\Documents and Settings\All Users\Application Data\Trend Micro
2010-03-19 20:28:34 ----D---- C:\Program Files\Trend Micro
2010-03-19 12:53:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-03-19 12:53:09 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-03-19 12:52:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-03-19 12:52:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-03-19 12:52:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-03-19 12:49:11 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2010-03-19 12:23:57 ----D---- C:\WINDOWS\Prefetch
2010-03-19 12:16:59 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-03-19 12:16:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-03-19 12:16:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-03-19 12:16:39 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-03-19 12:16:32 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-03-19 12:16:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-03-19 12:16:21 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-19 12:16:15 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-03-19 12:16:10 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-03-19 12:16:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-03-19 12:16:00 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-03-19 12:15:55 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-03-19 12:15:50 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-03-19 12:15:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-03-19 12:15:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-03-19 12:15:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-03-19 12:15:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-03-19 12:15:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-03-19 12:15:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-03-19 12:15:15 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-03-19 12:15:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-03-19 12:15:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-03-19 12:15:00 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-03-19 12:14:55 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-03-19 12:14:50 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-03-19 12:14:44 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-03-19 12:14:38 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-03-19 12:14:33 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-03-19 12:14:28 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-03-19 12:14:23 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-03-19 12:14:18 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-03-19 12:14:13 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-03-19 12:14:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-03-19 12:14:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-03-19 12:13:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-03-19 12:13:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-03-19 12:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-03-19 12:13:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-03-19 12:13:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-03-19 12:13:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-03-19 12:13:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-03-19 12:13:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-03-19 12:13:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-03-19 12:13:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-03-19 12:13:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-03-19 12:12:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-03-19 12:12:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-03-19 12:12:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-03-19 12:12:42 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-03-19 12:12:36 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-03-19 12:09:31 ----D---- C:\WINDOWS\system32\scripting
2010-03-19 12:09:31 ----D---- C:\WINDOWS\l2schemas
2010-03-19 12:09:30 ----D---- C:\WINDOWS\system32\en
2010-03-19 12:09:30 ----D---- C:\WINDOWS\system32\bits
2010-03-19 12:06:47 ----D---- C:\WINDOWS\network diagnostic
2010-03-19 12:03:50 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-03-19 12:03:48 ----D---- C:\WINDOWS\EHome
2010-03-19 11:37:34 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-03-19 11:37:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2010-03-19 11:37:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2010-03-19 11:37:20 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2010-03-19 11:37:15 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2010-03-19 11:37:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2010-03-19 11:37:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2010-03-19 11:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971468_0$
2010-03-19 11:36:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-03-19 11:36:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-03-19 11:36:40 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-03-19 11:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB955759_0$
2010-03-19 11:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974318_0$
2010-03-19 11:36:24 ----HDC---- C:\WINDOWS\$NtUninstallKB969059_0$
2010-03-19 11:35:42 ----D---- C:\WINDOWS\ie8updates
2010-03-19 11:35:24 ----D---- C:\WINDOWS\WBEM
2010-03-19 11:34:51 ----HDC---- C:\WINDOWS\ie8
2010-03-19 11:34:51 ----D---- C:\WINDOWS\system32\en-US
2010-03-19 11:34:07 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2010-03-19 11:31:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2010-03-19 11:30:57 ----HDC---- C:\WINDOWS\$NtUninstallKB978037_0$
2010-03-19 11:30:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975713_0$
2010-03-19 11:30:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2010-03-19 11:30:40 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2_0$
2010-03-19 11:30:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2010-03-19 11:30:30 ----HDC---- C:\WINDOWS\$NtUninstallKB972270_0$
2010-03-19 11:30:25 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_0$
2010-03-19 11:30:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2010-03-19 11:30:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$
2010-03-19 11:30:03 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2010-03-19 11:29:59 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-03-19 11:29:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975561_0$
2010-03-19 11:29:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-03-19 11:29:46 ----HDC---- C:\WINDOWS\$NtUninstallKB978251_0$
2010-03-19 11:29:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2010-03-19 11:29:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2010-03-19 11:29:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-03-19 11:29:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2010-03-19 11:29:20 ----HDC---- C:\WINDOWS\$NtUninstallKB974571_0$
2010-03-19 11:29:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975560_0$
2010-03-19 11:29:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2010-03-19 11:29:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_0$
2010-03-19 11:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2010-03-19 11:28:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2010-03-19 11:28:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$
2010-03-19 11:28:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-03-19 11:28:13 ----A---- C:\WINDOWS\system32\MRT.exe
2010-03-19 11:28:05 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2010-03-19 11:28:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2010-03-19 11:27:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2010-03-19 11:27:51 ----HDC---- C:\WINDOWS\$NtUninstallKB974392_0$
2010-03-19 11:27:46 ----HDC---- C:\WINDOWS\$NtUninstallKB977914_0$
2010-03-19 11:27:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2010-03-19 11:27:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-03-19 11:27:28 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2010-03-19 11:27:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978706_0$
2010-03-19 11:27:18 ----D---- C:\WINDOWS\ServicePackFiles
2010-03-19 11:27:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-03-19 11:27:12 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2010-03-19 11:27:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2010-03-19 11:27:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2010-03-19 11:26:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2010-03-19 11:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2010-03-19 11:26:44 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-03-19 11:26:41 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-03-19 11:26:35 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2010-03-19 11:26:30 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2010-03-19 11:26:24 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2010-03-19 11:26:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969947_0$
2010-03-19 10:20:34 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-03-19 10:20:33 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2010-03-19 10:20:33 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2010-03-19 10:16:12 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-03-19 10:16:03 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-03-19 10:16:03 ----D---- C:\WINDOWS\system32\PreInstall
2010-03-19 10:16:03 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-03-19 10:16:02 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2010-03-19 10:16:02 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-19 10:15:07 ----D---- C:\Program Files\CONEXANT
2010-03-19 10:15:02 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2010-03-19 10:15:02 ----A---- C:\WINDOWS\system32\HSFCI008.dll
2010-03-19 10:12:40 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-03-19 10:12:18 ----A---- C:\WINDOWS\system32\mhwt.dll
2010-03-19 10:12:18 ----A---- C:\WINDOWS\system32\intelmoh.dll
2010-03-19 10:11:35 ----D---- C:\drvrtmp
2010-03-19 10:11:35 ----A---- C:\WINDOWS\system32\Prounstl.exe
2010-03-19 10:11:35 ----A---- C:\WINDOWS\system32\IntelNic.dll
2010-03-19 10:11:35 ----A---- C:\WINDOWS\system32\e100bmsg.dll
2010-03-19 09:50:13 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-03-19 09:50:11 ----A---- C:\WINDOWS\system32\staco.dll
2010-03-19 09:49:56 ----HDC---- C:\WINDOWS\$NtUninstallKB835221WXP$
2010-03-19 09:49:53 ----A---- C:\WINDOWS\system32\stacapi.dll
2010-03-19 09:49:52 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-19 09:49:52 ----D---- C:\Program Files\SigmaTel
2010-03-19 09:49:49 ----D---- C:\Program Files\Common Files\InstallShield
2010-03-19 09:46:10 ----A---- C:\WINDOWS\system32\igfxres.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\iglicd32.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\igldev32.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\igfxzoom.exe
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\igfxtray.exe
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\igfxsrvc.exe
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\igfxress.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\igfxpph.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\igfxpers.exe
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\igfxext.exe
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\igfxexps.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\igfxdo.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\igfxdev.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuTRK.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuTHA.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuSVE.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuRUS.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuPTG.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuPTB.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuPLK.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuNOR.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuNLD.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuKOR.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuJPN.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuITA.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuHUN.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuHEB.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuFRC.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuFRA.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuFIN.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuESP.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuENG.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuELL.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmudlg.exe
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuDEU.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuDAN.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuCSY.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuCHT.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuCHS.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuARB.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmuARA.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmrnt5.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmrem.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmdnt5.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmdev5.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\ialmdd5.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\iAlmCoIn_v4543.dll
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\hkcmd.exe
2010-03-19 09:44:53 ----A---- C:\WINDOWS\system32\hccutils.dll
2010-03-19 09:43:15 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-03-19 09:43:14 ----D---- C:\Program Files\Intel
2010-03-19 09:42:51 ----D---- C:\Download
2010-03-19 09:20:35 ----D---- C:\Documents and Settings\User\Application Data\Identities
2010-03-19 09:20:33 ----HD---- C:\Program Files\Uninstall Information
2010-03-19 09:20:27 ----ASH---- C:\Documents and Settings\User\Application Data\desktop.ini
2010-03-19 09:20:26 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2010-03-19 09:18:55 ----D---- C:\WINDOWS\SoftwareDistribution
2010-03-19 09:18:53 ----SD---- C:\WINDOWS\system32\Microsoft
2010-03-19 09:18:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-18 19:38:42 ----D---- C:\WINDOWS\system32\xircom
2010-03-18 19:38:42 ----D---- C:\Program Files\xerox
2010-03-18 19:38:42 ----D---- C:\Program Files\microsoft frontpage
2010-03-18 19:38:39 ----D---- C:\DELL
2010-03-18 19:38:33 ----A---- C:\WINDOWS\control.ini
2010-03-18 19:38:33 ----A---- C:\AUTOEXEC.BAT
2010-03-18 19:38:24 ----A---- C:\WINDOWS\OEWABLog.txt
2010-03-18 19:38:20 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-03-18 19:37:33 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-18 19:37:33 ----RD---- C:\WINDOWS\Offline Web Pages
2010-03-18 19:37:33 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-03-18 19:37:28 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-03-18 19:37:24 ----HD---- C:\Program Files\WindowsUpdate
2010-03-18 19:37:09 ----D---- C:\WINDOWS\system32\DirectX
2010-03-18 19:36:55 ----A---- C:\WINDOWS\system32\atrace.dll
2010-03-18 19:36:53 ----A---- C:\WINDOWS\system32\desktop.ini
2010-03-18 19:36:53 ----A---- C:\WINDOWS\desktop.ini
2010-03-18 19:36:48 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-03-18 19:36:47 ----D---- C:\Program Files\Common Files\Services
2010-03-18 19:36:47 ----A---- C:\WINDOWS\system32\acctres.dll
2010-03-18 19:36:45 ----SD---- C:\WINDOWS\Tasks
2010-03-18 19:36:45 ----D---- C:\Program Files\Common Files\MSSoap
2010-03-18 19:36:45 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-03-18 19:36:42 ----D---- C:\WINDOWS\srchasst
2010-03-18 19:36:41 ----D---- C:\WINDOWS\system32\Macromed
2010-03-18 19:36:39 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-03-18 19:36:39 ----A---- C:\WINDOWS\system32\wups.dll
2010-03-18 19:36:39 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-03-18 19:36:39 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-03-18 19:36:39 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-03-18 19:36:39 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-03-18 19:36:39 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-03-18 19:36:39 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-03-18 19:36:39 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-03-18 19:36:38 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-03-18 19:36:38 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-03-18 19:36:38 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-03-18 19:36:38 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-03-18 19:36:35 ----D---- C:\Program Files\Movie Maker
2010-03-18 19:36:33 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-03-18 19:36:33 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-03-18 19:36:33 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-03-18 19:36:33 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-03-18 19:36:30 ----D---- C:\WINDOWS\system32\Restore
2010-03-18 19:36:30 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-03-18 19:36:30 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-03-18 19:36:30 ----A---- C:\WINDOWS\system32\srclient.dll
2010-03-18 19:36:30 ----A---- C:\WINDOWS\system32\fltmc.exe
2010-03-18 19:36:30 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-03-18 19:36:29 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-03-18 19:36:29 ----A---- C:\WINDOWS\system32\msconf.dll
2010-03-18 19:36:29 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-03-18 19:36:29 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-03-18 19:36:29 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-03-18 19:36:29 ----A---- C:\WINDOWS\system32\ils.dll
2010-03-18 19:36:27 ----D---- C:\Program Files\NetMeeting
2010-03-18 19:36:27 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-03-18 19:36:27 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-03-18 19:36:26 ----A---- C:\WINDOWS\system32\inetres.dll
2010-03-18 19:36:26 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-03-18 19:36:25 ----D---- C:\Program Files\Outlook Express
2010-03-18 19:36:25 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-03-18 19:36:25 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-03-18 19:36:25 ----A---- C:\WINDOWS\system32\mstask.dll
2010-03-18 19:36:24 ----A---- C:\WINDOWS\system32\isign32.dll
2010-03-18 19:36:24 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-03-18 19:36:24 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-03-18 19:36:24 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-03-18 19:36:20 ----D---- C:\Program Files\Internet Explorer
2010-03-18 19:36:20 ----D---- C:\Program Files\Common Files\System
2010-03-18 19:36:12 ----D---- C:\Program Files\ComPlus Applications
2010-03-18 19:36:10 ----A---- C:\WINDOWS\vbaddin.ini
2010-03-18 19:36:10 ----A---- C:\WINDOWS\vb.ini
2010-03-18 19:36:06 ----D---- C:\WINDOWS\Registration
2010-03-18 19:35:43 ----D---- C:\Program Files\Windows Media Player
2010-03-18 19:35:43 ----D---- C:\Program Files\Online Services
2010-03-18 19:35:39 ----D---- C:\Program Files\Messenger
2010-03-18 19:35:37 ----D---- C:\Program Files\MSN Gaming Zone
2010-03-18 19:35:37 ----A---- C:\WINDOWS\system32\write.exe
2010-03-18 19:35:30 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-03-18 19:35:30 ----A---- C:\WINDOWS\system32\hticons.dll
2010-03-18 19:35:30 ----A---- C:\WINDOWS\system32\avwav.dll
2010-03-18 19:35:30 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-03-18 19:35:30 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-03-18 19:35:29 ----A---- C:\WINDOWS\system32\winchat.exe
2010-03-18 19:35:25 ----A---- C:\WINDOWS\system32\getuname.dll
2010-03-18 19:35:25 ----A---- C:\WINDOWS\system32\charmap.exe
2010-03-18 19:35:25 ----A---- C:\WINDOWS\system32\calc.exe
2010-03-18 19:35:24 ----A---- C:\WINDOWS\system32\winmine.exe
2010-03-18 19:35:24 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-03-18 19:35:24 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-03-18 19:35:24 ----A---- C:\WINDOWS\system32\tskill.exe
2010-03-18 19:35:24 ----A---- C:\WINDOWS\system32\sol.exe
2010-03-18 19:35:24 ----A---- C:\WINDOWS\system32\reset.exe
2010-03-18 19:35:24 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-03-18 19:35:24 ----A---- C:\WINDOWS\system32\freecell.exe
2010-03-18 19:35:23 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-03-18 19:35:23 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-03-18 19:35:23 ----A---- C:\WINDOWS\system32\tscon.exe
2010-03-18 19:35:23 ----A---- C:\WINDOWS\system32\shadow.exe
2010-03-18 19:35:23 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-03-18 19:35:23 ----A---- C:\WINDOWS\system32\regini.exe
2010-03-18 19:35:23 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-03-18 19:35:23 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-03-18 19:35:23 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-03-18 19:35:23 ----A---- C:\WINDOWS\system32\msg.exe
2010-03-18 19:35:23 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-03-18 19:35:23 ----A---- C:\WINDOWS\system32\logoff.exe
2010-03-18 19:35:23 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-03-18 19:35:22 ----A---- C:\WINDOWS\system32\stclient.dll
2010-03-18 19:35:22 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-03-18 19:35:22 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-03-18 19:35:22 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-03-18 19:35:22 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-03-18 19:35:22 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-03-18 19:35:22 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-03-18 19:35:22 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-03-18 19:35:19 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-03-18 19:35:09 ----D---- C:\Program Files\MSN
2010-03-18 19:35:09 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-03-18 19:35:08 ----D---- C:\Program Files\Windows NT
2010-03-18 19:35:08 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-03-18 19:35:08 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-03-18 19:35:08 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-03-18 19:35:08 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-03-18 19:35:08 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-03-18 19:35:07 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-03-18 19:35:07 ----A---- C:\WINDOWS\system32\spider.exe
2010-03-18 19:35:07 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-03-18 19:35:07 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-03-18 19:35:07 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-03-18 19:35:07 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-03-18 19:35:07 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-03-18 19:35:06 ----D---- C:\WINDOWS\system32\MsDtc
2010-03-18 19:35:06 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2010-03-18 19:35:06 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-03-18 19:35:06 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-03-18 19:35:06 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-03-18 19:35:06 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-03-18 19:35:06 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-03-18 19:35:06 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-03-18 19:35:06 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-03-18 19:35:06 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-03-18 19:35:06 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-03-18 19:35:06 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-03-18 19:35:06 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-03-18 19:35:05 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-03-18 19:35:05 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-03-18 19:35:05 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-03-18 19:35:05 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-03-18 19:35:05 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-03-18 19:35:04 ----D---- C:\WINDOWS\system32\Com
2010-03-18 19:35:04 ----A---- C:\WINDOWS\system32\comuid.dll
2010-03-18 19:35:04 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-03-18 19:35:04 ----A---- C:\WINDOWS\system32\colbact.dll
2010-03-18 19:35:04 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-03-18 19:35:04 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-03-18 19:35:04 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-03-18 19:35:04 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-03-18 19:35:03 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-03-18 19:35:00 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-03-18 19:35:00 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-03-18 19:35:00 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-03-18 19:34:59 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-03-18 14:34:22 ----A---- C:\WINDOWS\system32\h323log.txt
2010-03-18 14:31:35 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-03-18 14:30:45 ----A---- C:\WINDOWS\system32\usbui.dll
2010-03-18 14:29:46 ----A---- C:\WINDOWS\imsins.BAK
2010-03-18 14:29:44 ----SHD---- C:\WINDOWS\Installer
2010-03-18 14:29:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-18 14:29:43 ----D---- C:\Program Files\Common Files\ODBC
2010-03-18 14:29:43 ----A---- C:\WINDOWS\ODBCINST.INI
2010-03-18 14:29:40 ----RD---- C:\Program Files
2010-03-18 14:29:40 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-03-18 14:29:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-18 14:29:40 ----D---- C:\Program Files\Common Files
2010-03-18 14:29:38 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-03-18 14:29:37 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-03-18 14:29:37 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-03-18 14:29:36 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-03-18 14:29:36 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-03-18 14:29:36 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-03-18 14:29:36 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-03-18 14:29:36 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-03-18 14:29:36 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-03-18 14:29:36 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-03-18 14:29:36 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-03-18 14:29:36 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-03-18 14:29:36 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-03-18 14:29:36 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-03-18 14:29:36 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-03-18 14:29:34 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-03-18 14:29:34 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-03-18 14:29:34 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-03-18 14:29:34 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-03-18 14:29:34 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-03-18 14:29:34 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-03-18 14:29:34 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-03-18 14:29:33 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-03-18 14:29:33 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-03-18 14:29:33 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-03-18 14:29:33 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-03-18 14:29:33 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-03-18 14:29:32 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2010-03-18 14:29:32 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2010-03-18 14:29:32 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2010-03-18 14:29:32 ----RA---- C:\WINDOWS\system32\kbdro.dll
2010-03-18 14:29:32 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2010-03-18 14:29:32 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2010-03-18 14:29:32 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2010-03-18 14:29:32 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2010-03-18 14:29:32 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2010-03-18 14:29:32 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2010-03-18 14:29:32 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2010-03-18 14:29:32 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2010-03-18 14:29:32 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2010-03-18 14:29:30 ----A---- C:\WINDOWS\system32\irclass.dll
2010-03-18 14:29:29 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-03-18 14:29:29 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-03-18 14:29:29 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-03-18 14:29:29 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-03-18 14:29:28 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2010-03-18 14:29:28 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-03-18 14:29:27 ----A---- C:\WINDOWS\system32\batt.dll
2010-03-18 14:29:27 ----A---- C:\WINDOWS\notepad.exe
2010-03-18 14:29:26 ----A---- C:\WINDOWS\system32\storprop.dll
2010-03-18 14:29:19 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2010-03-18 14:29:14 ----RA---- C:\WINDOWS\SET8.tmp
2010-03-18 14:29:12 ----RA---- C:\WINDOWS\SET4.tmp
2010-03-18 14:29:11 ----RA---- C:\WINDOWS\SET3.tmp
2010-03-18 14:29:06 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-18 14:29:06 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-18 14:29:01 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-03-18 14:28:47 ----A---- C:\WINDOWS\setuplog.txt
2010-03-18 14:28:43 ----SHD---- C:\System Volume Information
2010-03-18 14:28:43 ----D---- C:\Documents and Settings
2010-03-18 14:28:11 ----SH---- C:\boot.ini
2010-03-18 14:23:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-18 14:23:05 ----RSD---- C:\WINDOWS\Fonts
2010-03-18 14:23:05 ----RD---- C:\WINDOWS\Web
2010-03-18 14:23:05 ----HD---- C:\WINDOWS\inf
2010-03-18 14:23:05 ----D---- C:\WINDOWS\WinSxS
2010-03-18 14:23:05 ----D---- C:\WINDOWS\twain_32
2010-03-18 14:23:05 ----D---- C:\WINDOWS\Temp
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\wins
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\wbem
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\usmt
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\spool
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\ShellExt
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\Setup
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\ras
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\oobe
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\npp
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\mui
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\inetsrv
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\IME
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\icsxml
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\ias
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\export
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\drivers
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\dhcp
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\config
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\3com_dmi
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\3076
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\2052
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\1054
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\1042
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\1041
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\1037
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\1033
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\1031
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\1028
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32\1025
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system32
2010-03-18 14:23:05 ----D---- C:\WINDOWS\system
2010-03-18 14:23:05 ----D---- C:\WINDOWS\security
2010-03-18 14:23:05 ----D---- C:\WINDOWS\Resources
2010-03-18 14:23:05 ----D---- C:\WINDOWS\repair
2010-03-18 14:23:05 ----D---- C:\WINDOWS\Provisioning
2010-03-18 14:23:05 ----D---- C:\WINDOWS\PeerNet
2010-03-18 14:23:05 ----D---- C:\WINDOWS\pchealth
2010-03-18 14:23:05 ----D---- C:\WINDOWS\mui
2010-03-18 14:23:05 ----D---- C:\WINDOWS\msapps
2010-03-18 14:23:05 ----D---- C:\WINDOWS\msagent
2010-03-18 14:23:05 ----D---- C:\WINDOWS\Media
2010-03-18 14:23:05 ----D---- C:\WINDOWS\java
2010-03-18 14:23:05 ----D---- C:\WINDOWS\ime
2010-03-18 14:23:05 ----D---- C:\WINDOWS\Help
2010-03-18 14:23:05 ----D---- C:\WINDOWS\Driver Cache
2010-03-18 14:23:05 ----D---- C:\WINDOWS\dell
2010-03-18 14:23:05 ----D---- C:\WINDOWS\Debug
2010-03-18 14:23:05 ----D---- C:\WINDOWS\Cursors
2010-03-18 14:23:05 ----D---- C:\WINDOWS\Connection Wizard
2010-03-18 14:23:05 ----D---- C:\WINDOWS\Config
2010-03-18 14:23:05 ----D---- C:\WINDOWS\AppPatch
2010-03-18 14:23:05 ----D---- C:\WINDOWS\addins
2010-03-18 14:23:05 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2010-03-18 19:38:32 ----A---- C:\WINDOWS\win.ini
2010-03-18 14:29:40 ----N---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2010-03-19 89872]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2010-03-19 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2010-03-19 225808]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2010-03-19 1223832]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
S3 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-25 153376]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2010-01-26 715368]
R3 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2010-03-19 689416]
S3 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2010-03-19 345352]

-----------------EOF-----------------
drhinebarger
Active Member
 
Posts: 7
Joined: March 31st, 2010, 7:46 pm
Top

Re: Having virus or spyware or malware problems.

Unread postby drhinebarger » April 4th, 2010, 7:09 pm

GMER is:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-04 18:59:03
Windows 5.1.2600 Service Pack 3
Running: fedvwy2r.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\ffryafow.sys


---- System - GMER 1.0.15 ----

SSDT 81D4ED60 ZwCreateKey
SSDT 81D4FF00 ZwCreateMutant
SSDT 81D4E260 ZwCreateProcess
SSDT 81D4E520 ZwCreateProcessEx
SSDT 81D4FBC0 ZwCreateThread
SSDT 81D4F2E0 ZwDeleteKey
SSDT 81D4F5A0 ZwDeleteValueKey
SSDT 81D4FD60 ZwLoadDriver
SSDT 81D4E7E0 ZwOpenProcess
SSDT 81D500A0 ZwSetSystemInformation
SSDT 81D4F020 ZwSetValueKey
SSDT 81D4EAA0 ZwTerminateProcess
SSDT 81D4FA20 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
drhinebarger
Active Member
 
Posts: 7
Joined: March 31st, 2010, 7:46 pm
Top

Re: Having virus or spyware or malware problems.

Unread postby melboy » April 5th, 2010, 4:48 am

Hi


Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 19.

  • Go to Sun Java
  • Scroll down to where it says "JDK 6 Update 19 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u19-windows-i586.exe" and save the downloaded file to your desktop.
  • Uninstall all old versions of Java with Java Runtime Environment (JRE or J2SE) in the name
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer



TFC

  • Please download TFC by Old Timer to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.




Malwarebytes' Anti-Malware (MBAM)

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.




ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!




In your next reply:
  1. MBAM log
  2. ESET log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: Having virus or spyware or malware problems.

Unread postby drhinebarger » April 5th, 2010, 10:11 am

MBAM is :

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3956

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/5/2010 9:24:30 AM
mbam-log-2010-04-05 (09-24-30).txt

Scan type: Quick scan
Objects scanned: 105165
Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\09349833 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\09349833\09349833.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


There was nothing found on the ESET, no log either.
drhinebarger
Active Member
 
Posts: 7
Joined: March 31st, 2010, 7:46 pm
Top

Re: Having virus or spyware or malware problems.

Unread postby melboy » April 5th, 2010, 2:41 pm

Hi

How are things running now?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: Having virus or spyware or malware problems.

Unread postby drhinebarger » April 5th, 2010, 3:32 pm

nothing so far anyways, do i need to keep all this stuff i saved or get rid of it like all the scan stuff.
drhinebarger
Active Member
 
Posts: 7
Joined: March 31st, 2010, 7:46 pm
Top

Re: Having virus or spyware or malware problems.

Unread postby melboy » April 5th, 2010, 4:34 pm

Hi


DeFogger Re-enable

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.


OTC by OldTimer

Download OTC by Old Timer and save it to your Desktop.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself


==================================================================


Your log now appears to be clean. Congratulations!
This is my general post for when your logs show no more signs of malware ;) - Please let me know if you still are having problems with your computer and what these problems are.



General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

  • Clear Infected System Restore Points
    • Turn System Restore off
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
      Restart your computer

      • Turn System Restore on
      • On the Desktop, right click on the My Computer icon.
      • Click Properties.
      • Click the System Restore tab.
      • Uncheck Turn off System Restore on all drives.
      • Click Apply
      • Click each drive in turn where system restore is not required and click Settings
        Note: System restore is only needed on drives with an operating system installed
      • For each drive without an operating system, check Turn off system restore on this drive, click Yes then click OK.
      Note: only do this once, and not on a regular basis

    • Make sure that you keep your antivirus updated
      New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
      Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
      Uninstall Tools for Major Antivirus Products
    • Security Updates for Windows, Internet Explorer & Microsoft Office
      Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
      Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
    • Update Non-Microsoft Programs
      Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.


    Recommended Programs

    I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

    • WinPatrol
      As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
    • Malwarebytes' Anti-Malware
      As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. (TIP: Cleaning out temp files can reduce scanning times.)
      Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.
    • Hosts File
      For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
    • Use an alternative Internet Browser
      Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
      Firefox
      Opera


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: Having virus or spyware or malware problems.

Unread postby NonSuch » April 8th, 2010, 4:52 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 133 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index