Thread: trojan-keylogger.win32.fung...What the heck is this and how do I kill it?
View Single Post
Old 10-30-2008, 10:56 AM   #1 (permalink)
ryanpangle
Registered User
 
Join Date: Oct 2008
Posts: 5
OS: WinXP SrvcPk 3


trojan-keylogger.win32.fung...What the heck is this and how do I kill it?
Approximately 3-4 days ago I started receiving a message across the screen every 15 mins or so. It looks like a Windows Firewall alert message but I noticed that a few words in the display are misspelled like Your as in "your computer" is spelled Tour and instead of Firewall it says Frewall. The alert tells me that I have a Trojan-Keylogger.Win32.fung virus or spyware worm and that it will take screenshots and keylog my info. I'm getting pissed. It keeps popping up and I have no idea what to do. I have run Avira and SpyBot but...nothing.

It reads like this:

Windows Security Alert
To help protect tour computer, Windows Frewall has blocked activity of harmful software

Do you want to block suspocious software?
Name: Trojan-Keylogger.WIN32.FUNG
Risk Level: High
Description: Fung is a Spyware program that records keystrokes and takes screen shots of the computer
********

So, I followed some instructions and created this scan(s)
Hope this helps!!!

_________________________

Logfile of random's system information tool 1.04 (written by random/random)
Run by Dolly boushey at 2008-10-30 11:33:19
Microsoft Windows XP Professional Service Pack 3
System drive C: has 29 GB (75%) free of 38 GB
Total RAM: 511 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:33 AM, on 10/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\iprntctl.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Dolly boushey\Application Data\Google\mupd1_2_1165664.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\DOLLYB~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe
C:\Documents and Settings\Dolly boushey\Desktop\RSIT.exe
C:\Program Files\trend micro\Dolly boushey.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [asus32] "C:\Documents and Settings\Dolly boushey\Application Data\Google\mupd1_2_1165664.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1199830544906
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OneStepSearch Service - Unknown owner - C:\Program Files\OneStep\onestep.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6350 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2004-01-08 4866048]
"nwiz"=nwiz.exe /installquiet []
"SigmaTel StacMon"=C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe [2004-04-29 90169]
"Broadcom Wireless Manager UI"=C:\WINDOWS\System32\WLTRAY.exe [2005-12-19 1347584]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"iPrint Tray"=C:\WINDOWS\system32\iprntctl.exe [2007-09-06 40960]
"iPrint Event Monitor"=C:\WINDOWS\system32\iprntlgn.exe [2007-09-06 45056]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"asus32"=C:\Documents and Settings\Dolly boushey\Application Data\Google\mupd1_2_1165664.exe [2008-10-29 98304]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\Documents and Settings\Dolly boushey\Start Menu\Programs\Startup
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b00d0e90-c2e4-11dc-8e2d-000f1f23261f}]
shell\AutoRun\command - E:\


======List of files/folders created in the last 1 months======

2008-10-30 11:33:20 ----D---- C:\Program Files\trend micro
2008-10-30 11:33:19 ----D---- C:\rsit
2008-10-30 11:20:47 ----A---- C:\WINDOWS\gmer.ini
2008-10-30 11:20:45 ----RA---- C:\WINDOWS\gmer.exe
2008-10-30 11:20:45 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-10-30 11:20:45 ----A---- C:\WINDOWS\gmer.dll
2008-10-30 03:52:57 ----D---- C:\Program Files\Avira
2008-10-30 03:52:57 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-30 03:41:16 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-30 03:04:40 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-30 03:04:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-29 17:48:49 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-29 02:01:19 ----D---- C:\Documents and Settings\Dolly boushey\Application Data\Google
2008-10-26 05:15:55 ----D---- C:\Program Files\Bonjour
2008-10-26 05:14:55 ----D---- C:\Program Files\QuickTime
2008-10-26 05:13:27 ----D---- C:\Program Files\Apple Software Update
2008-10-26 03:39:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-26 03:38:48 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-26 03:38:48 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-26 03:38:48 ----A---- C:\WINDOWS\system32\java.exe
2008-10-26 03:29:52 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-10-26 03:28:54 ----D---- C:\WINDOWS\Prefetch
2008-10-26 03:26:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-26 03:26:05 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-26 03:25:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-26 03:25:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-26 03:25:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-26 03:25:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-26 03:25:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-26 03:25:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-26 03:25:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-26 03:24:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-26 03:24:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-26 03:24:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-26 03:24:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-26 03:24:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-26 03:24:23 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-26 03:17:13 ----D---- C:\WINDOWS\system32\scripting
2008-10-26 03:17:10 ----D---- C:\WINDOWS\l2schemas
2008-10-26 03:17:08 ----D---- C:\WINDOWS\system32\en
2008-10-26 03:07:27 ----D---- C:\WINDOWS\network diagnostic
2008-10-24 02:29:30 ----D---- C:\Documents and Settings\Dolly boushey\Application Data\Mozilla
2008-10-23 21:52:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-23 05:23:51 ----D---- C:\Documents and Settings\Dolly boushey\Application Data\Move Networks
2008-10-23 03:50:14 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-10-23 03:49:59 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-10-23 03:49:58 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-10-23 03:49:39 ----N---- C:\WINDOWS\system32\setupn.exe
2008-10-23 03:49:32 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-23 03:49:30 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-10-23 03:49:28 ----N---- C:\WINDOWS\system32\qutil.dll
2008-10-23 03:49:25 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-10-23 03:49:25 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-10-23 03:49:25 ----N---- C:\WINDOWS\system32\qagent.dll
2008-10-23 03:49:18 ----N---- C:\WINDOWS\system32\onex.dll
2008-10-23 03:49:04 ----N---- C:\WINDOWS\system32\napstat.exe
2008-10-23 03:49:03 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-10-23 03:49:03 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-10-23 03:49:01 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-10-23 03:49:01 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-10-23 03:48:57 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-10-23 03:48:57 ----N---- C:\WINDOWS\system32\mssha.dll
2008-10-23 03:48:31 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-10-23 03:48:30 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-23 03:48:29 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-10-23 03:48:29 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-10-23 03:48:13 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-10-23 03:48:11 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-10-23 03:48:10 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-10-23 03:48:10 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-10-23 03:48:10 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-10-23 03:48:10 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-10-23 03:47:52 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-10-23 03:47:52 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-10-23 03:47:31 ----A---- C:\WINDOWS\006018_.tmp
2008-10-23 03:47:28 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-10-23 03:47:28 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-10-23 03:47:28 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-10-23 03:47:28 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-10-23 03:47:28 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-10-23 03:47:28 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-10-23 03:47:28 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-10-23 03:47:28 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-10-23 03:47:22 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-10-23 03:47:22 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-10-23 03:47:22 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-10-23 03:47:22 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-10-23 03:47:22 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-10-23 03:47:22 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-10-23 03:47:22 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-10-23 03:47:20 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-10-23 03:47:20 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-10-23 03:47:19 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-10-23 03:47:15 ----N---- C:\WINDOWS\system32\credssp.dll
2008-10-23 03:47:04 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-23 03:47:04 ----N---- C:\WINDOWS\system32\azroles.dll
2008-10-23 03:46:48 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-10-23 01:12:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-23 01:12:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-23 01:12:23 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-23 01:11:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-23 01:10:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-13 19:42:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-10-13 19:42:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-10-13 19:41:53 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-10-13 19:41:42 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-10-13 19:41:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-10-13 19:40:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-10-13 19:40:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-10-13 19:40:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-13 19:40:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-10-13 19:38:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-10-13 19:38:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-10-13 19:37:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-10-13 19:37:20 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-10-13 19:36:55 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-10-10 16:22:23 ----D---- C:\Program Files\OneStep

======List of files/folders modified in the last 1 months======

2008-10-30 11:33:20 ----RD---- C:\Program Files
2008-10-30 11:20:47 ----D---- C:\WINDOWS
2008-10-30 11:20:45 ----D---- C:\WINDOWS\system32\drivers
2008-10-30 10:40:34 ----D---- C:\Program Files\Mozilla Firefox
2008-10-30 10:29:22 ----D---- C:\Documents and Settings\Dolly boushey\Application Data\OpenOffice.org2
2008-10-30 10:29:07 ----D---- C:\WINDOWS\Temp
2008-10-30 04:37:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-30 03:42:15 ----D---- C:\WINDOWS\system32
2008-10-30 03:39:49 ----SD---- C:\Documents and Settings\Dolly boushey\Application Data\Microsoft
2008-10-30 02:53:37 ----SHD---- C:\WINDOWS\Installer
2008-10-30 02:53:37 ----D---- C:\Program Files\Common Files
2008-10-29 16:08:35 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-29 02:02:19 ----D---- C:\Documents and Settings\Dolly boushey\Application Data\Identities
2008-10-29 02:02:19 ----D---- C:\Documents and Settings\Dolly boushey\Application Data\Apple Computer
2008-10-29 02:02:19 ----D---- C:\Documents and Settings\Dolly boushey\Application Data\Adobe
2008-10-28 03:17:12 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-27 04:13:22 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-27 04:13:21 ----RSD---- C:\WINDOWS\assembly
2008-10-26 05:18:03 ----HD---- C:\WINDOWS\inf
2008-10-26 05:13:30 ----SD---- C:\WINDOWS\Tasks
2008-10-26 03:43:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-26 03:43:17 ----D---- C:\WINDOWS\WinSxS
2008-10-26 03:42:10 ----D---- C:\Program Files\Internet Explorer
2008-10-26 03:40:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-26 03:39:30 ----A---- C:\WINDOWS\imsins.BAK
2008-10-26 03:38:46 ----D---- C:\Program Files\Java
2008-10-26 03:35:06 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-26 03:29:58 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-26 03:29:22 ----A---- C:\WINDOWS\setuplog.txt
2008-10-26 03:28:20 ----D---- C:\WINDOWS\system32\Setup
2008-10-26 03:28:19 ----D---- C:\WINDOWS\AppPatch
2008-10-26 03:28:18 ----D---- C:\WINDOWS\system32\wbem
2008-10-26 03:28:16 ----RSD---- C:\WINDOWS\Fonts
2008-10-26 03:26:15 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-26 03:24:30 ----D---- C:\Program Files\Messenger
2008-10-26 03:23:56 ----D---- C:\WINDOWS\security
2008-10-26 03:18:24 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-26 03:18:22 ----D---- C:\Program Files\Windows Media Player
2008-10-26 03:17:45 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-26 03:17:44 ----D---- C:\WINDOWS\ime
2008-10-26 03:17:43 ----D---- C:\WINDOWS\Help
2008-10-26 03:17:16 ----D---- C:\WINDOWS\system32\en-US
2008-10-26 03:17:15 ----D---- C:\WINDOWS\system32\usmt
2008-10-26 03:17:08 ----D---- C:\WINDOWS\system32\bits
2008-10-26 03:17:08 ----D---- C:\WINDOWS\peernet
2008-10-26 03:17:07 ----D---- C:\Program Files\Movie Maker
2008-10-26 03:10:56 ----D---- C:\WINDOWS\system32\Restore
2008-10-26 03:10:56 ----D---- C:\WINDOWS\system32\npp
2008-10-26 03:10:56 ----D---- C:\WINDOWS\mui
2008-10-26 03:10:54 ----D---- C:\WINDOWS\msagent
2008-10-26 03:10:51 ----D---- C:\WINDOWS\srchasst
2008-10-26 03:10:49 ----D---- C:\Program Files\NetMeeting
2008-10-26 03:10:47 ----D---- C:\WINDOWS\system32\Com
2008-10-26 03:10:42 ----D---- C:\Program Files\Windows NT
2008-10-26 03:10:42 ----D---- C:\Program Files\Outlook Express
2008-10-26 03:10:37 ----D---- C:\Program Files\Common Files\System
2008-10-26 03:10:04 ----D---- C:\WINDOWS\system32\oobe
2008-10-26 03:10:01 ----D---- C:\WINDOWS\system
2008-10-26 03:05:57 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-26 03:05:45 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-26 03:00:25 ----D---- C:\WINDOWS\EHome
2008-10-24 06:13:21 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-23 04:02:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-23 04:00:49 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-23 04:00:36 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-10 16:48:52 ----D---- C:\WINDOWS\Debug
2008-10-07 12:19:42 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 nipplpt2;Novell iCapture Lpt Redirector 2; C:\WINDOWS\system32\drivers\nipplpt.sys [2007-09-06 34671]
R1 OMCI;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2004-02-20 17217]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-05-15 43136]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-01-08 1378636]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2004-05-12 258704]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-10-30 85969]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-30 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-30 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2004-01-08 77824]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
S2 OneStepSearch Service;OneStepSearch Service; C:\Program Files\OneStep\onestep.exe C:\Program Files\OneStep\onestep.dll Service []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
Attached Files
File Type: txt info.txt (7.6 KB, 3 views)
File Type: txt gmer.txt (1.2 KB, 6 views)
ryanpangle is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here