Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Antivirus detected Trojan called VBS/Bugestore.A and a Trojan called win32/Bugnraw.IJ

This is a discussion on Antivirus detected Trojan called VBS/Bugestore.A and a Trojan called win32/Bugnraw.IJ within the Resolved HJT Threads forums, part of the Tech Support Forum category. This is a repost, my original thread was closed. I'm sorry for the delay in response. Here is the original


 
 
Thread Tools Search this Thread
Old 09-22-2008, 12:53 AM   #1
Guest
 
Join Date: Jan 2005
Posts: 23
OS:



This is a repost, my original thread was closed. I'm sorry for the delay in response.

Here is the original thread LINK

As an update to the original post I have not been able to boot into windows.

Thanks in advance for your help!
skywisej is offline  
Sponsored Links
Advertisement
 
Old 09-28-2008, 01:56 PM   #2
Security Team
Analyst
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 3,025
OS: Windows 7 Ultimate



Hi skywisej,


Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------
  • Download RSIT by random/random and save it to your desktop.
  • Double click RSIT.exe to start the tool and click Continue at the disclaimer.
  • When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of both here.
__________________


Proud Member of ASAP
Proud Member of UNITE

Microsoft MVP - Consumer Security 2009
forhockey is offline  
Old 09-29-2008, 01:23 AM   #3
Guest
 
Join Date: Jan 2005
Posts: 23
OS:



The computer freezes right after boot up so I am unable to download anything, as I can't get a browser to load. Is there a way I can download something with another computer? What do you suggest I do?

Edited to add: The computer boots up properly and freezes in normal mode. It will not fully boot up in safe mode. I get a screen that says safe mode in the 4 corners but it goes no further that that.
skywisej is offline  
Sponsored Links
Advertisement
 
Old 09-29-2008, 01:57 AM   #4
Guest
 
Join Date: Jan 2005
Posts: 23
OS:



I got the computer running long enough to run the program you asked but it froze before i could post the log files. I'll try again tomorrow and see if I can get the logs saved to a flash drive so I can post them from another computer.
skywisej is offline  
Old 09-29-2008, 04:41 PM   #5
Guest
 
Join Date: Jan 2005
Posts: 23
OS:



Unfortunately I can't seem to get the computer to reboot to get those files. So i guess I'm back to where I was... I can't run the program you asked me too. What should I do?
skywisej is offline  
Old 09-30-2008, 03:31 PM   #6
Security Team
Analyst
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 3,025
OS: Windows 7 Ultimate



Hi skywisej,

Quote:

The computer boots up properly and freezes in normal mode. It will not fully boot up in safe mode. I get a screen that says safe mode in the 4 corners but it goes no further that that.
You may have to wait a few minutes until you see a yes/no prompt asking you if you want to continue in running Windows in safemode. How long do you wait when you see Safe mode in the 4 corners?



Lets see if the tool created the logs... Please navigate to the following directory:

C:\rsit

Do you see the following files?

log.txt
info.txt

If they exist then please reply back with the results inside both those files.
__________________


Proud Member of ASAP
Proud Member of UNITE

Microsoft MVP - Consumer Security 2009
forhockey is offline  
Old 09-30-2008, 06:16 PM   #7
Guest
 
Join Date: Jan 2005
Posts: 23
OS:



Trying to log in to safe mode the computer is getting stuck on multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\Mup.sys

It's been sitting there for well over 20 minutes this way.

When it was going to safe mode before it was left for quite a while on the four corners saying safe mode and didn't go further than that.
skywisej is offline  
Old 09-30-2008, 07:17 PM   #8
Security Team
Analyst
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 3,025
OS: Windows 7 Ultimate



Hi skywisej,

Do you have a Windows XP CD? We can try a few things, but we will need the Windows XP CD.

Please let me know.

Thanks
__________________


Proud Member of ASAP
Proud Member of UNITE

Microsoft MVP - Consumer Security 2009
forhockey is offline  
Old 09-30-2008, 08:51 PM   #9
Guest
 
Join Date: Jan 2005
Posts: 23
OS:



I have a Reinstallation CD for Windows XP... will that help?
skywisej is offline  
Old 10-01-2008, 04:02 PM   #10
Security Team
Analyst
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 3,025
OS: Windows 7 Ultimate



We would actually need the Windows XP CD. However, you're probably would be best to re-install Windows at this state, as you cannot bootup the computer (Safemode or Normal mode), and since the computer has been infected for such a great deal of time. The Re-installation CD for Windows XP should restore your computer to factory defaults, so hopefully you have done a back-up of your data before this problem occurred.
__________________


Proud Member of ASAP
Proud Member of UNITE

Microsoft MVP - Consumer Security 2009
forhockey is offline  
Old 10-01-2008, 04:26 PM   #11
Guest
 
Join Date: Jan 2005
Posts: 23
OS:



When I put the CD in and booted it from there it gave me an option of Recovery Console. Can anything be done with that? I would prefer not to reinstall windows if I don't have to. If that is all that can be done I do understand.
skywisej is offline  
Old 10-01-2008, 04:37 PM   #12
Security Team
Analyst
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 3,025
OS: Windows 7 Ultimate



Hi skywisej,

We'll give it a shot then.

Please go into recovery console. Usually by pressing the 'r' key.

Next, select your operating system. Most of the time its number 1, so press 1 and hit Enter.

Next type the following command in BOLD:

chkdsk /r

hit Enter on your keyboard.

note: There is a space between chkdsk and /r

Let the cd scan your hard drive for errors. Once the scan has completed you can remove the disk and try booting to Windows in Normal Mode
__________________


Proud Member of ASAP
Proud Member of UNITE

Microsoft MVP - Consumer Security 2009
forhockey is offline  
Old 10-01-2008, 05:32 PM   #13
Guest
 
Join Date: Jan 2005
Posts: 23
OS:



Okay, it still doesn't want to boot into windows so I guess maybe I'm stuck? I have a quesiton though.. when I boot from the XP CD it asks me if I want to do an automatic system recovery and press F2. What would that be?
skywisej is offline  
Old 10-01-2008, 06:22 PM   #14
Security Team
Analyst
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 3,025
OS: Windows 7 Ultimate



If you press F2 then that will wipe your system clean and your back to what your system was like when you first got it from the factory.

Unfortunately, your only option now is to start over :(
__________________


Proud Member of ASAP
Proud Member of UNITE

Microsoft MVP - Consumer Security 2009
forhockey is offline  
Old 10-01-2008, 06:53 PM   #15
Guest
 
Join Date: Jan 2005
Posts: 23
OS:



Okay, well that's alright. I think I got everything important off of the computer already so I guess I'm okay. Can you answer another question for me? How do I know what partition to install XP to? Partition 1 is [FAT], Partition 2 is [NTFS]
skywisej is offline  
Old 10-02-2008, 01:14 PM   #16
Guest
 
Join Date: Jan 2005
Posts: 23
OS:



Okay nevermind... I think I've got it all reinstalled now.
skywisej is offline  
Old 10-02-2008, 03:23 PM   #17
Guest
 
Join Date: Jan 2005
Posts: 23
OS:



Okay, so here's an update... I reinstalled windows and I installed Trend Micro Systems Virus Scan. It detected the following:

Troj_Tibs.dgz
VBS_Fakealer.hj
Troj_Renos.eo

It says that it successfully quarantined them.

One question I have is whether it's safe to download SP3 yet? I wanted to wait for your okay to be sure.

Here is a current RSIT log... Can you let me know if I'm clean now?
Logfile of random's system information tool 1.04 (written by random/random)
Run by Jenny at 2008-10-02 15:19:40
Microsoft Windows XP Professional Service Pack 2
System drive C: has 61 GB (80%) free of 76 GB
Total RAM: 1022 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:11 PM, on 10/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jenny.JENLAP\Desktop\RSIT.exe
C:\Program Files\trend micro\Jenny.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://windowsupdate.microsoft.com/
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsof...?1222981285250
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 4424 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2007-01-25 159744]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-02-19 303104]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-28 8429568]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=C:\WINDOWS\system32\nvHotkey.dll [2007-04-28 67584]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-28 81920]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-07-29 1398024]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 2 months======

2008-10-02 14:59:38 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-10-02 14:59:32 ----A---- C:\WINDOWS\system32\MSSTDFMT.DLL
2008-10-02 14:12:09 ----D---- C:\WINDOWS\LastGood
2008-10-02 13:09:23 ----D---- C:\Documents and Settings\Jenny.JENLAP\Application Data\Macromedia
2008-10-02 13:09:22 ----D---- C:\Documents and Settings\Jenny.JENLAP\Application Data\Adobe
2008-10-02 12:59:41 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-10-02 12:58:50 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-02 12:58:39 ----D---- C:\WINDOWS\network diagnostic
2008-10-02 12:58:37 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2008-10-02 12:58:19 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-10-02 12:39:47 ----D---- C:\Program Files\O2Micro OZ776 SCR Driver
2008-10-02 12:34:22 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-10-02 12:32:17 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-02 12:31:48 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-10-02 12:29:29 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Dell
2008-10-02 12:29:05 ----A---- C:\WINDOWS\system32\msxml4r.dll
2008-10-02 12:29:05 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-10-02 12:29:04 ----A---- C:\WINDOWS\system32\msxml4a.dll
2008-10-02 12:28:30 ----A---- C:\WINDOWS\system32\MFC71u.dll
2008-10-02 12:17:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trend Micro
2008-10-02 12:15:27 ----D---- C:\Program Files\Trend Micro
2008-10-02 11:58:20 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-10-02 11:58:08 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-10-02 11:57:56 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-10-02 11:57:55 ----A---- C:\WINDOWS\system32\nvwssr.dll
2008-10-02 11:57:55 ----A---- C:\WINDOWS\system32\nvwss.dll
2008-10-02 11:57:55 ----A---- C:\WINDOWS\system32\nvwrszht.dll
2008-10-02 11:57:55 ----A---- C:\WINDOWS\system32\nvwrszhc.dll
2008-10-02 11:57:55 ----A---- C:\WINDOWS\system32\nvwrsru.dll
2008-10-02 11:57:55 ----A---- C:\WINDOWS\system32\nvwrsptb.dll
2008-10-02 11:57:55 ----A---- C:\WINDOWS\system32\nvwrspl.dll
2008-10-02 11:57:55 ----A---- C:\WINDOWS\system32\nvwrsko.dll
2008-10-02 11:57:55 ----A---- C:\WINDOWS\system32\nvwrsja.dll
2008-10-02 11:57:55 ----A---- C:\WINDOWS\system32\nvwrsit.dll
2008-10-02 11:57:55 ----A---- C:\WINDOWS\system32\nvwrsfr.dll
2008-10-02 11:57:55 ----A---- C:\WINDOWS\system32\nvwrses.dll
2008-10-02 11:57:55 ----A---- C:\WINDOWS\system32\nvwrsde.dll
2008-10-02 11:57:55 ----A---- C:\WINDOWS\system32\nvwimg.dll
2008-10-02 11:57:54 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2008-10-02 11:57:54 ----A---- C:\WINDOWS\system32\nvwddi.dll
2008-10-02 11:57:53 ----A---- C:\WINDOWS\system32\nvvitvsr.dll
2008-10-02 11:57:53 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2008-10-02 11:57:52 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-10-02 11:57:52 ----A---- C:\WINDOWS\system32\nvshell.dll
2008-10-02 11:57:52 ----A---- C:\WINDOWS\system32\nvrszht.dll
2008-10-02 11:57:52 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2008-10-02 11:57:52 ----A---- C:\WINDOWS\system32\nvrsru.dll
2008-10-02 11:57:52 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2008-10-02 11:57:52 ----A---- C:\WINDOWS\system32\nvrspl.dll
2008-10-02 11:57:52 ----A---- C:\WINDOWS\system32\nvrsko.dll
2008-10-02 11:57:52 ----A---- C:\WINDOWS\system32\nvrsja.dll
2008-10-02 11:57:52 ----A---- C:\WINDOWS\system32\nvrsit.dll
2008-10-02 11:57:52 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2008-10-02 11:57:52 ----A---- C:\WINDOWS\system32\nvrses.dll
2008-10-02 11:57:52 ----A---- C:\WINDOWS\system32\nvrsde.dll
2008-10-02 11:57:51 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2008-10-02 11:57:50 ----A---- C:\WINDOWS\system32\nvmoblsr.dll
2008-10-02 11:57:50 ----A---- C:\WINDOWS\system32\nvmobls.dll
2008-10-02 11:57:50 ----A---- C:\WINDOWS\system32\nvmctray.dll
2008-10-02 11:57:50 ----A---- C:\WINDOWS\system32\nvmccssr.dll
2008-10-02 11:57:50 ----A---- C:\WINDOWS\system32\nvmccss.dll
2008-10-02 11:57:50 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2008-10-02 11:57:50 ----A---- C:\WINDOWS\system32\nvmccs.dll
2008-10-02 11:57:50 ----A---- C:\WINDOWS\system32\nview.dll
2008-10-02 11:57:50 ----A---- C:\WINDOWS\system32\nvhotkey.dll
2008-10-02 11:57:49 ----A---- C:\WINDOWS\system32\nvgamesr.dll
2008-10-02 11:57:49 ----A---- C:\WINDOWS\system32\nvgames.dll
2008-10-02 11:57:49 ----A---- C:\WINDOWS\system32\nvexpbar.dll
2008-10-02 11:57:49 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-10-02 11:57:47 ----A---- C:\WINDOWS\system32\nvdispsr.dll
2008-10-02 11:57:45 ----A---- C:\WINDOWS\system32\nvdisps.dll
2008-10-02 11:57:45 ----A---- C:\WINDOWS\system32\nvcpluir.dll
2008-10-02 11:57:45 ----A---- C:\WINDOWS\system32\nvcplui.exe
2008-10-02 11:57:43 ----A---- C:\WINDOWS\system32\nvcpl.dll
2008-10-02 11:57:42 ----A---- C:\WINDOWS\system32\nvcodins.dll
2008-10-02 11:57:42 ----A---- C:\WINDOWS\system32\nvcod.dll
2008-10-02 11:57:42 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-10-02 11:57:42 ----A---- C:\WINDOWS\system32\nvapi.dll
2008-10-02 11:57:40 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-10-02 11:57:40 ----A---- C:\WINDOWS\system32\keystone.exe
2008-10-02 11:18:22 ----D---- C:\Documents and Settings\Jenny.JENLAP\Application Data\Mozilla
2008-10-02 11:13:48 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
2008-10-02 11:12:29 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-02 1150 ----A---- C:\WINDOWS\system32\BCMLogon.dll
2008-10-02 1148 ----A---- C:\WINDOWS\system32\wltrynt.dll
2008-10-02 1148 ----A---- C:\WINDOWS\system32\preflib.dll
2008-10-02 1148 ----A---- C:\WINDOWS\system32\MSVCR71.DLL
2008-10-02 1148 ----A---- C:\WINDOWS\system32\MSVCP71.DLL
2008-10-02 1148 ----A---- C:\WINDOWS\system32\MFC71.DLL
2008-10-02 1148 ----A---- C:\WINDOWS\system32\bcmwlu00.exe
2008-10-02 1148 ----A---- C:\WINDOWS\system32\bcmwlpkt.dll
2008-10-02 1148 ----A---- C:\WINDOWS\system32\ATL71.DLL
2008-10-02 1147 ----A---- C:\WINDOWS\system32\WLTRYSVC.EXE
2008-10-02 1147 ----A---- C:\WINDOWS\system32\WLTRAY.EXE
2008-10-02 1147 ----A---- C:\WINDOWS\system32\WLBCGCBPRO731.DLL
2008-10-02 1147 ----A---- C:\WINDOWS\system32\BCMWLTRY.EXE
2008-10-02 1147 ----A---- C:\WINDOWS\system32\bcm1xsup.dll
2008-10-02 10:59:13 ----A---- C:\WINDOWS\system32\Vxdif.dll
2008-10-02 10:53:15 ----D---- C:\Intel
2008-10-02 10:51:30 ----A---- C:\WINDOWS\system32\stlang.dll
2008-10-02 10:51:30 ----A---- C:\WINDOWS\system32\stacsv.exe
2008-10-02 10:51:30 ----A---- C:\WINDOWS\stsystra.exe
2008-10-02 10:51:27 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-10-02 10:51:21 ----A---- C:\WINDOWS\system32\staco.dll
2008-10-02 10:48:11 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-10-02 10:48:09 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2008-10-02 10:47:57 ----A---- C:\WINDOWS\system32\Uci32114.dll
2008-10-02 10:47:57 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2008-10-02 10:43:22 ----D---- C:\Documents and Settings\Jenny.JENLAP\Application Data\Intel
2008-10-02 10:43:19 ----A---- C:\WINDOWS\system32\results.txt
2008-10-02 10:42:54 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intel
2008-10-02 10:42:34 ----D---- C:\Program Files\Intel
2008-10-02 10:32:41 ----D---- C:\Documents and Settings\Jenny.JENLAP\Application Data\InstallShield
2008-10-02 10:29:12 ----D---- C:\WINDOWS\system32\vmm32
2008-10-02 10:27:30 ----D---- C:\Documents and Settings\Jenny.JENLAP\Application Data\Identities
2008-10-02 10:27:21 ----ASH---- C:\Documents and Settings\Jenny.JENLAP\Application Data\desktop.ini
2008-10-02 10:27:20 ----SD---- C:\Documents and Settings\Jenny.JENLAP\Application Data\Microsoft
2008-10-02 10:21:20 ----D---- C:\WINDOWS\Prefetch
2008-10-02 10:21:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-02 10:16:20 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2008-10-02 10:16:01 ----A---- C:\WINDOWS\control.ini
2008-10-02 10:15:49 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-02 10:15:43 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-10-02 10:14:48 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-02 10:14:41 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-10-02 10:13:53 ----A---- C:\WINDOWS\system32\atrace.dll
2008-10-02 10:13:50 ----A---- C:\WINDOWS\system32\desktop.ini
2008-10-02 10:13:50 ----A---- C:\WINDOWS\desktop.ini
2008-10-02 10:13:44 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-10-02 10:13:43 ----A---- C:\WINDOWS\system32\acctres.dll
2008-10-02 10:13:42 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-10-02 10:13:35 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-02 10:13:35 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-02 10:13:35 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-10-02 10:13:35 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-10-02 10:13:34 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-02 10:13:34 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-02 10:13:34 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-10-02 10:13:34 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-02 10:13:34 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-02 10:13:33 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-10-02 10:13:33 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-10-02 10:13:33 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-10-02 10:13:33 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-10-02 10:13:29 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-10-02 10:13:29 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-10-02 10:13:29 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-10-02 10:13:29 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-10-02 10:13:25 ----A---- C:\WINDOWS\system32\fltMc.exe
2008-10-02 10:13:25 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-10-02 10:13:24 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-10-02 10:13:24 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-10-02 10:13:24 ----A---- C:\WINDOWS\system32\srclient.dll
2008-10-02 10:13:23 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-10-02 10:13:23 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-10-02 10:13:23 ----A---- C:\WINDOWS\system32\msconf.dll
2008-10-02 10:13:23 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-10-02 10:13:23 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-10-02 10:13:23 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-10-02 10:13:23 ----A---- C:\WINDOWS\system32\ils.dll
2008-10-02 10:13:22 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-10-02 10:13:22 ----A---- C:\WINDOWS\system32\inetres.dll
2008-10-02 10:13:21 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-10-02 10:13:20 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-10-02 10:13:20 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-10-02 10:13:20 ----A---- C:\WINDOWS\system32\mstask.dll
2008-10-02 10:13:19 ----A---- C:\WINDOWS\system32\isign32.dll
2008-10-02 10:13:19 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-10-02 10:13:19 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-10-02 10:13:19 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-10-02 10:12:33 ----A---- C:\WINDOWS\vbaddin.ini
2008-10-02 10:12:33 ----A---- C:\WINDOWS\vb.ini
2008-10-02 10:12:09 ----A---- C:\WINDOWS\system32\write.exe
2008-10-02 10:12:04 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-10-02 10:12:04 ----A---- C:\WINDOWS\system32\hticons.dll
2008-10-02 10:12:04 ----A---- C:\WINDOWS\system32\avwav.dll
2008-10-02 10:12:04 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-10-02 10:12:03 ----A---- C:\WINDOWS\system32\winchat.exe
2008-10-02 10:12:03 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-10-02 10:11:57 ----A---- C:\WINDOWS\system32\getuname.dll
2008-10-02 10:11:57 ----A---- C:\WINDOWS\system32\charmap.exe
2008-10-02 10:11:57 ----A---- C:\WINDOWS\system32\calc.exe
2008-10-02 10:11:56 ----A---- C:\WINDOWS\system32\winmine.exe
2008-10-02 10:11:56 ----A---- C:\WINDOWS\system32\sol.exe
2008-10-02 10:11:56 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-10-02 10:11:56 ----A---- C:\WINDOWS\system32\freecell.exe
2008-10-02 10:11:55 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-10-02 10:11:55 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-10-02 10:11:55 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-10-02 10:11:55 ----A---- C:\WINDOWS\system32\tskill.exe
2008-10-02 10:11:55 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-10-02 10:11:55 ----A---- C:\WINDOWS\system32\tscon.exe
2008-10-02 10:11:55 ----A---- C:\WINDOWS\system32\shadow.exe
2008-10-02 10:11:55 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-10-02 10:11:55 ----A---- C:\WINDOWS\system32\reset.exe
2008-10-02 10:11:55 ----A---- C:\WINDOWS\system32\regini.exe
2008-10-02 10:11:55 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-10-02 10:11:55 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-10-02 10:11:55 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-10-02 10:11:54 ----A---- C:\WINDOWS\system32\msg.exe
2008-10-02 10:11:54 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-10-02 10:11:54 ----A---- C:\WINDOWS\system32\logoff.exe
2008-10-02 10:11:54 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-10-02 10:11:53 ----A---- C:\WINDOWS\system32\stclient.dll
2008-10-02 10:11:53 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-10-02 10:11:53 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-10-02 10:11:53 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-10-02 10:11:53 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-10-02 10:11:53 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-10-02 10:11:53 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-10-02 10:11:52 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-10-02 10:11:48 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-10-02 10:11:47 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-10-02 10:11:47 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-10-02 10:11:47 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-10-02 10:11:47 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-10-02 10:11:46 ----A---- C:\WINDOWS\system32\spider.exe
2008-10-02 10:11:46 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-10-02 10:11:46 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-10-02 10:11:45 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-10-02 10:11:45 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-10-02 10:11:45 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-10-02 10:11:44 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-10-02 10:11:44 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-10-02 10:11:44 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-10-02 10:11:44 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-10-02 10:11:44 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-10-02 10:11:44 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-10-02 10:11:44 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-10-02 10:11:44 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-10-02 10:11:44 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-10-02 10:11:44 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-10-02 10:11:43 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-10-02 10:11:43 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-10-02 10:11:43 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-10-02 10:11:43 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-10-02 10:11:43 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-10-02 10:11:42 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-10-02 10:11:42 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-10-02 10:11:42 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-10-02 10:11:42 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-10-02 10:11:42 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-10-02 10:11:41 ----A---- C:\WINDOWS\system32\colbact.dll
2008-10-02 10:11:41 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-10-02 10:11:41 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-10-02 10:11:40 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-10-02 10:11:40 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-10-02 10:11:39 ----A---- C:\WINDOWS\system32\comuid.dll
2008-10-02 10:11:39 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-10-02 10:11:39 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-10-02 10:11:32 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-10-02 10:11:32 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-10-02 10:11:32 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-10-02 10:11:31 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-10-02 03:09:15 ----A---- C:\WINDOWS\system32\h323log.txt
2008-10-02 03:02:34 ----A---- C:\WINDOWS\system32\usbui.dll
2008-10-02 03:00:28 ----A---- C:\WINDOWS\imsins.BAK
2008-10-02 03:00:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-02 03:00:24 ----A---- C:\WINDOWS\ODBCINST.INI
2008-10-02 03:00:19 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-10-02 03:00:19 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-10-02 03:00:19 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-10-02 03:00:17 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-10-02 03:00:17 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-10-02 03:00:17 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-10-02 03:00:17 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-10-02 03:00:17 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-10-02 03:00:17 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-10-02 03:00:17 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-10-02 03:00:17 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-10-02 03:00:17 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-10-02 03:00:17 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-10-02 03:00:17 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-10-02 03:00:17 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-10-02 03:00:15 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-10-02 03:00:15 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-10-02 03:00:15 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-10-02 03:00:15 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-10-02 03:00:15 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-10-02 03:00:15 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-10-02 03:00:15 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-10-02 03:00:14 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-10-02 03:00:14 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-10-02 03:00:14 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-10-02 03:00:14 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-10-02 03:00:14 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-10-02 03:00:12 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-10-02 03:00:12 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-10-02 03:00:12 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-10-02 03:00:12 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-10-02 03:00:12 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-10-02 03:00:12 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-10-02 03:00:12 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-10-02 03:00:12 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-10-02 03:00:12 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-10-02 03:00:12 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-10-02 03:00:12 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-10-02 03:00:11 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-10-02 03:00:11 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-10-02 03:00:09 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-10-02 03:00:09 ----A---- C:\WINDOWS\system32\irclass.dll
2008-10-02 03:00:09 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-10-02 03:00:09 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-10-02 03:00:09 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-10-02 03:00:07 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-10-02 03:00:07 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-10-02 03:00:06 ----A---- C:\WINDOWS\system32\batt.dll
2008-10-02 03:00:06 ----A---- C:\WINDOWS\NOTEPAD.EXE
2008-10-02 03:00:05 ----A---- C:\WINDOWS\system32\storprop.dll
2008-10-02 02:59:57 ----RA---- C:\WINDOWS\SET2A.tmp
2008-10-02 02:59:57 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
2008-10-02 02:59:56 ----RA---- C:\WINDOWS\SET29.tmp
2008-10-02 02:59:53 ----RA---- C:\WINDOWS\SET8.tmp
2008-10-02 02:59:51 ----RA---- C:\WINDOWS\SET4.tmp
2008-10-02 02:59:49 ----RA---- C:\WINDOWS\SET3.tmp
2008-10-02 02:59:38 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-10-02 02:59:14 ----A---- C:\WINDOWS\setuplog.txt
2008-10-01 19:39:36 ----D---- C:\WINDOWS\Minidump
2008-10-01 12:12:55 ----D---- C:\WINDOWS\dell
2008-09-29 01:39:22 ----D---- C:\rsit
2008-09-09 12:18:45 ----D---- C:\WINDOWS\CSC
2008-09-06 02:31:12 ----D---- C:\ie-spyad_zo
2008-09-06 02:11:39 ----D---- C:\Program Files\SpywareBlaster
2008-09-06 01:17:36 ----D---- C:\Program Files\Panda Security
2008-09-05 23:30:42 ----N---- C:\WINDOWS\system32\WgaLogon.dll
2008-09-05 23:29:58 ----N---- C:\WINDOWS\system32\WgaTray.exe
2008-09-05 08:04:00 ----D---- C:\Program Files\Sudoku
2008-09-05 08:04:00 ----D---- C:\Program Files\BFG
2008-09-05 08:03:02 ----D---- C:\Program Files\Mahjong Towers Eternity
2008-09-04 18:20:09 ----D---- C:\Program Files\Common Files\SWF Studio
2008-09-04 18:20:06 ----D---- C:\Program Files\Allure Beauty and Style File Widget
2008-09-04 16:29:45 ----D---- C:\WINDOWS\Cache
2008-09-04 16:29:45 ----D---- C:\Program Files\Coupons
2008-09-02 21:41:45 ----D---- C:\Program Files\GameHouse
2008-09-02 08:29:58 ----D---- C:\Program Files\Siber Systems
2008-08-28 07:57:23 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-23 20:45:28 ----D---- C:\Program Files\Wal-Mart Music Downloads Store
2008-08-23 02:39:45 ----D---- C:\Program Files\Amazon
2008-08-15 14:49:09 ----D---- C:\Program Files\Hidden Expedition - Titanic
2008-08-15 14:45:53 ----D---- C:\Program Files\bfgclient
2008-08-14 05:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-14 05:36:18 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-14 05:36:13 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 05:35:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-14 05:35:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 05:35:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-14 05:34:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

======List of files/folders modified in the last 2 months======

2008-10-02 14:59:32 ----D---- C:\WINDOWS\system32
2008-10-02 14:23:45 ----D---- C:\WINDOWS\Temp
2008-10-02 14:14:15 ----D---- C:\WINDOWS\system32\drivers
2008-10-02 14:12:11 ----HD---- C:\WINDOWS\inf
2008-10-02 14:12:09 ----D---- C:\WINDOWS
2008-10-02 14:01:30 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-02 13:40:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-02 13:29:03 ----D---- C:\Program Files\Mozilla Firefox
2008-10-02 13:19:59 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-02 13:18:01 ----SHD---- C:\RECYCLER
2008-10-02 13:15:47 ----D---- C:\MDT
2008-10-02 13:11:41 ----D---- C:\WINDOWS\Help
2008-10-02 13:11:41 ----D---- C:\Program Files\Internet Explorer
2008-10-02 13:10:45 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-02 13:08:22 ----D---- C:\Program Files\Messenger
2008-10-02 1334 ----D---- C:\WINDOWS\system32\en-US
2008-10-02 13:05:21 ----D---- C:\WINDOWS\WBEM
2008-10-02 13:05:10 ----D---- C:\WINDOWS\Media
2008-10-02 13:04:58 ----HDC---- C:\WINDOWS\ie7
2008-10-02 12:58:54 ----D---- C:\WINDOWS\Debug
2008-10-02 12:56:58 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-02 12:40:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-02 12:40:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-02 12:39:49 ----SHD---- C:\WINDOWS\Installer
2008-10-02 12:39:47 ----RD---- C:\Program Files
2008-10-02 12:38:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-02 12:37:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-02 12:33:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-02 12:32:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-10-02 12:32:21 ----D---- C:\WINDOWS\WinSxS
2008-10-02 12:30:34 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-02 11:59:49 ----D---- C:\WINDOWS\nview
2008-10-02 11:13:45 ----D---- C:\Program Files\Broadcom
2008-10-02 11:09:25 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-02 1137 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-02 10:59:18 ----D---- C:\Program Files\Apoint
2008-10-02 10:54:52 ----D---- C:\WINDOWS\security
2008-10-02 10:32:46 ----D---- C:\Program Files\Dell
2008-10-02 10:32:27 ----D---- C:\dell
2008-10-02 10:27:20 ----D---- C:\Documents and Settings
2008-10-02 10:21:21 ----SHD---- C:\System Volume Information
2008-10-02 10:21:21 ----D---- C:\WINDOWS\system32\Restore
2008-10-02 10:21:20 ----SD---- C:\WINDOWS\Tasks
2008-10-02 10:20:34 ----D---- C:\WINDOWS\system32\config
2008-10-02 10:16:42 ----D---- C:\WINDOWS\repair
2008-10-02 10:16:01 ----A---- C:\WINDOWS\win.ini
2008-10-02 10:15:39 ----D---- C:\WINDOWS\Registration
2008-10-02 10:15:28 ----D---- C:\WINDOWS\system32\ias
2008-10-02 10:14:51 ----RD---- C:\WINDOWS\Web
2008-10-02 10:14:48 ----RD---- C:\WINDOWS\Offline Web Pages
2008-10-02 10:14:22 ----D---- C:\WINDOWS\srchasst
2008-10-02 10:13:54 ----D---- C:\WINDOWS\system32\oobe
2008-10-02 10:13:37 ----D---- C:\Program Files\Windows Media Player
2008-10-02 10:13:22 ----D---- C:\Program Files\Outlook Express
2008-10-02 10:13:22 ----D---- C:\Program Files\Common Files\System
2008-10-02 10:12:48 ----D---- C:\WINDOWS\system32\Com
2008-10-02 10:12:25 ----D---- C:\WINDOWS\system32\MsDtc
2008-10-02 10:12:08 ----D---- C:\WINDOWS\Cursors
2008-10-02 10:11:52 ----D---- C:\WINDOWS\system32\wbem
2008-10-02 10:09:23 ----SH---- C:\boot.ini
2008-10-02 03:00:21 ----N---- C:\WINDOWS\system.ini
2008-10-02 03:00:20 ----RSD---- C:\WINDOWS\Fonts
2008-10-02 03:00:08 ----D---- C:\WINDOWS\system
2008-10-02 02:58:01 ----D---- C:\WINDOWS\system32\Setup
2008-10-02 02:57:50 ----D---- C:\WINDOWS\system32\usmt
2008-10-02 02:57:41 ----D---- C:\WINDOWS\AppPatch
2008-10-02 02:57:34 ----D---- C:\WINDOWS\mui
2008-10-02 02:57:34 ----D---- C:\WINDOWS\ehome
2008-10-02 02:57:33 ----D---- C:\WINDOWS\ime
2008-10-02 02:57:21 ----D---- C:\WINDOWS\PeerNet
2008-10-02 02:57:07 ----D---- C:\WINDOWS\system32\npp
2008-10-02 02:57:00 ----D---- C:\WINDOWS\msagent
2008-10-02 02:53:33 ----D---- C:\WINDOWS\twain_32
2008-10-02 02:53:05 ----D---- C:\WINDOWS\system32\ras
2008-10-02 02:52:38 ----D---- C:\WINDOWS\system32\icsxml
2008-10-02 02:51:56 ----D---- C:\WINDOWS\system32\1033
2008-10-02 02:50:34 ----D---- C:\WINDOWS\system32\URTTemp
2008-10-02 02:50:30 ----D---- C:\WINDOWS\system32\DLA
2008-10-02 02:50:29 ----D---- C:\WINDOWS\system32\BioAPIFFDB
2008-10-02 02:50:28 ----HD---- C:\WINDOWS\ShellNew
2008-10-02 02:50:22 ----RSD---- C:\WINDOWS\assembly
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB948881$
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB944533$
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB941644$
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB941568$
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2008-10-02 02:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2008-10-02 02:50:22 ----D---- C:\WINDOWS\addins
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2008-10-02 02:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-10-02 01:41:10 ----D---- C:\WINDOWS\Driver Cache
2008-09-05 23:30:06 ----N---- C:\WINDOWS\system32\LegitCheckControl.dll
2008-09-04 18:20:09 ----D---- C:\Program Files\Common Files
2008-09-04 14:42:18 ----D---- C:\Program Files\Yahoo!
2008-08-29 03:02:36 ----D---- C:\Program Files\Common Files\Microsoft Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-02-15 65936]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-07-18 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2008-07-18 205328]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-07-18 1195448]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-02-17 132608]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-02-23 56576]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-11-02 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-11-02 209152]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-28 6727136]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-02-19 1228296]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2008-02-15 333328]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-20 58240]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-11-02 730112]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-28 163908]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 698888]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [2007-02-19 90112]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008-02-15 333064]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
R3 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2008-02-16 488768]
R3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-02-16 648456]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.04 2008-10-02 15:20:13

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Touchpad-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OZ776 SCR Driver V1.1.3.9-->C:\Program Files\InstallShield Installation Information\{343D8DE3-AE1F-431A-830C-B66352E8CA12}\setup.exe -runfromtemp -l0x0409
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Trend Micro Internet Security-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security-->MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

======Security center information======

AV: Trend Micro Internet Security
FW: Trend Micro Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
skywisej is offline  
Old 10-02-2008, 03:33 PM   #18
Security Team
Analyst
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 3,025
OS: Windows 7 Ultimate



Hi skywisej,

Please hold of on updating to SP3 yet, as I want to make sure you aren't infected.

I'm not seeing anything in your logs which relate to malware. Where did Trend Micro locate those viruses? Please provide me with the exact location of where the infected files are.


---------------------------------------

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.





  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
__________________


Proud Member of ASAP
Proud Member of UNITE

Microsoft MVP - Consumer Security 2009
forhockey is offline  
Old 10-02-2008, 05:29 PM   #19
Guest
 
Join Date: Jan 2005
Posts: 23
OS:



Trend Micro found the viruses in two places: Documents and Settings\Jenny\Local Settings\Temp and SystemVolumeInformation_restore{879407AB-FC2D-4975-808B-67FB1EC43A30}\RP15\

Here is the results of the Kaspersky Scan:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, October 2, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, October 02, 2008 18:32:06
Records in database: 1283871
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 57546
Threat name: 3
Infected objects: 18
Suspicious objects: 0
Duration of the scan: 00:55:42


File name / Threat name / Threats count
C:\Documents and Settings\Jenny\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-54e206d6-6e86ed5c.zip Infected: Exploit.Java.Gimsh.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\18.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\19.tmp Infected: Backdoor.Win32.Frauder.eo 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1A.tmp Infected: Backdoor.Win32.Frauder.eo 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1B.tmp Infected: Backdoor.Win32.Frauder.eo 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1C.tmp Infected: Backdoor.Win32.Frauder.eo 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1D.tmp Infected: Backdoor.Win32.Frauder.eo 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1E.tmp Infected: Backdoor.Win32.Frauder.eo 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1F.tmp Infected: Backdoor.Win32.Frauder.eo 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\20.tmp Infected: Backdoor.Win32.Frauder.eo 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\27.tmp Infected: Backdoor.Win32.Frauder.eo 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\28.tmp Infected: Backdoor.Win32.Frauder.eo 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\29.tmp Infected: Backdoor.Win32.Frauder.eo 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2A.tmp Infected: Backdoor.Win32.Frauder.eo 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2B.tmp Infected: Backdoor.Win32.Frauder.eo 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2C.tmp Infected: Backdoor.Win32.Frauder.eo 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2D.tmp Infected: Backdoor.Win32.Frauder.eo 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2E.tmp Infected: Backdoor.Win32.Frauder.eo 1

The selected area was scanned.
skywisej is offline  
Old 10-02-2008, 06:33 PM   #20
Security Team
Analyst
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 3,025
OS: Windows 7 Ultimate



Hi skywisej,

The following will get rid of what is showing in your logs...

Clear Java Cache
  • Click Start -> Control Panel -> Java
  • Click Settings under Temporary Internet Files
  • Click Delete Files
  • Click OK on Delete Temporary Files window.
  • Click OK on Temporary Files Settings window
  • Click OK to exit.

-----------------------------------------------------------

Reset System Restore

To turn off System Restore click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.

This will create a new Restore Point.

-----------------------------------------------------------

Also, make sure you clean out your quarantine folder for Trend Micro as you have a few files in there.


-----------------------------------------------------------

Your logs are clean!

Now would be the best time to update to SP3.

Microsoft Updates

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Malware Prevention Tools

These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.
  • SpywareBlaster - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Check regularly for updates.
  • IE-Spyad - Here is an installation guide -> https://www.techsupportforum.com/cont...ticles/63.html
  • MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites.
  • McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox.
  • SpywareGuard - real-time protection that detects and blocks spyware before it can execute.

Alternative Web Browsers

Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites.

Firewalls

If you do not have a firewall, here are a few free ones available for personal use:

Understanding and Using Firewalls


Informational Reading

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:
Please respond to this thread one more time so we can mark this thread as resolved.
__________________


Proud Member of ASAP
Proud Member of UNITE

Microsoft MVP - Consumer Security 2009
forhockey is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 04:02 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts