Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Possible spyware/malware unwanted ad's

This is a discussion on Possible spyware/malware unwanted ad's within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, I hope I am posting in the right place. I have recently reformatted my computer. Everytime I try and


 
 
Thread Tools Search this Thread
Old 10-28-2008, 01:05 AM   #1
Guest
 
Join Date: Oct 2008
Posts: 5
OS:



Hi,

I hope I am posting in the right place. I have recently reformatted my computer. Everytime I try and go to windows update it redirects me to msn.com

I go to my ISP's home page and try to check my mail the ad's on the site are all about an enhancement drug. When I contacted my ISP they told me that I had a spyware problem the ad I mentioned was not one they would approve of. I have run my virus software and no luck. I have run adaware and no luck fixing my problem.

I can't update my PC :( When I try the link for windows update under tools in IE I get directed to msn.com. I found a direct link to microsfot update, when I click it the page does not load. Says I am not connected to the internet. I am however, as I am downloading other things in the background. I also tried to download windows live messenger, same thing I get a page not found, or check my internet connection.

I also am unable to get rid of this ad, it shows up even on cnet.com when I was trying to update drivers.

I am sorry if the format in which I posted is incorrect, I "think" I followed the directions listed.

I hope this is enough information, any help at all would be appreciated.

Kirsta

Logfile of random's system information tool 1.04 (written by random/random)
Run by Cathy at 2008-10-28 02:49:32
Microsoft Windows XP Home Edition Service Pack 1
System drive C: has 135 GB (91%) free of 149 GB
Total RAM: 1534 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:42 AM, on 10/28/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE
C:\Program Files\EMBARQ Online Security\Common\FSLAUNCH.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Cathy\Desktop\RSIT.exe
C:\Program Files\trend micro\Cathy.exe

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\EMBARQ Online Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\EMBARQ Online Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\EMBARQ Online Security\FSPC\fspcmsie.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://content.embarq.synacor.com/gi...nner/fscax.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3425 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-28 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-28 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-28 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2003-03-31 842268]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"F-Secure Manager"=C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE [2008-04-23 182936]
"F-Secure TNB"=C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe [2008-04-23 744032]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-28 136600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-09-23 143360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-10-28 02:49:32 ----D---- C:\rsit
2008-10-28 02:49:32 ----D---- C:\Program Files\trend micro
2008-10-28 02:45:23 ----A---- C:\WINDOWS\gmer.ini
2008-10-28 02:45:22 ----RA---- C:\WINDOWS\gmer.exe
2008-10-28 02:45:22 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-10-28 02:45:22 ----A---- C:\WINDOWS\gmer.dll
2008-10-28 02:33:38 ----D---- C:\WINDOWS\Sun
2008-10-28 02:31:52 ----A---- C:\WINDOWS\System32\javaws.exe
2008-10-28 02:31:52 ----A---- C:\WINDOWS\System32\javaw.exe
2008-10-28 02:31:52 ----A---- C:\WINDOWS\System32\java.exe
2008-10-28 02:31:52 ----A---- C:\WINDOWS\System32\deploytk.dll
2008-10-28 02:31:46 ----D---- C:\Program Files\Java
2008-10-28 02:28:16 ----D---- C:\Documents and Settings\Cathy\Application Data\Sun
2008-10-28 01:58:06 ----D---- C:\Program Files\Lavasoft
2008-10-28 01:58:06 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-28 01:57:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-28 01:35:37 ----D---- C:\Documents and Settings\Cathy\Application Data\MSN6
2008-10-28 01:35:37 ----D---- C:\Documents and Settings\All Users\Application Data\MSN6
2008-10-28 00:42:30 ----D---- C:\Documents and Settings\Cathy\Application Data\F-Secure
2008-10-28 00:39:00 ----D---- C:\Program Files\EMBARQ Online Security
2008-10-28 00:38:58 ----D---- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-10-28 00:38:51 ----D---- C:\Documents and Settings\All Users\Application Data\fssg
2008-10-27 22:51:22 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-27 22:17:42 ----D---- C:\fsaua.data
2008-10-27 22:15:40 ----D---- C:\Logs
2008-10-27 21:14:14 ----D---- C:\Documents and Settings\Cathy\Application Data\Mozilla
2008-10-27 21:14:09 ----D---- C:\Program Files\Mozilla Firefox
2008-10-27 15:27:50 ----N---- C:\WINDOWS\System32\ati2sgag.exe
2008-10-27 15:27:31 ----D---- C:\ATI
2008-10-27 15:11:15 ----D---- C:\drvrtmp
2008-10-27 15:11:15 ----A---- C:\WINDOWS\System32\Prounstl.exe
2008-10-27 15:11:15 ----A---- C:\WINDOWS\System32\IntelNic.dll
2008-10-27 15:11:15 ----A---- C:\WINDOWS\System32\e100bmsg.dll
2008-10-27 15:08:42 ----D---- C:\WINDOWS\VirtualEar
2008-10-27 15:08:42 ----D---- C:\Program Files\Analog Devices
2008-10-27 15:08:42 ----A---- C:\WINDOWS\System32\virtear.dll
2008-10-27 15:08:42 ----A---- C:\WINDOWS\System32\Audio3d.dll
2008-10-27 15:08:41 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-27 15:08:41 ----A---- C:\WINDOWS\System32\DSndUp.exe
2008-10-27 15:08:41 ----A---- C:\WINDOWS\System32\CleanUp.exe
2008-10-27 15:08:31 ----A---- C:\WINDOWS\System32\PostProc.dll
2008-10-27 15:08:31 ----A---- C:\WINDOWS\System32\Edcrypt.dll
2008-10-27 15:08:29 ----D---- C:\dell
2008-10-27 15:08:00 ----D---- C:\WINDOWS\System32\vmm32
2008-10-27 15:07:59 ----D---- C:\Program Files\Dell
2008-10-27 15:07:47 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-27 14:47:53 ----A---- C:\WINDOWS\IsUninst.exe
2008-10-27 14:34:25 ----D---- C:\Program Files\Intel
2008-10-27 14:34:18 ----A---- C:\WINDOWS\System32\usbui.dll
2008-10-27 14:34:05 ----D---- C:\WINDOWS\System32\ReinstallBackups
2008-10-27 14:28:31 ----SHD---- C:\RECYCLER
2008-10-27 14:24:29 ----SD---- C:\WINDOWS\System32\Microsoft
2008-10-27 14:13:00 ----D---- C:\Program Files\ATI Technologies
2008-10-27 13:55:45 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-10-27 13:51:42 ----A---- C:\WINDOWS\System32\wpa.bak
2008-10-27 13:46:26 ----D---- C:\Program Files\World of Warcraft
2008-10-27 13:45:45 ----D---- C:\WINDOWS\RegisteredPackages
2008-10-27 13:45:30 ----A---- C:\WINDOWS\System32\wstdecod.dll
2008-10-27 13:45:29 ----A---- C:\WINDOWS\System32\quartz.dll
2008-10-27 13:45:29 ----A---- C:\WINDOWS\System32\qedwipes.dll
2008-10-27 13:45:29 ----A---- C:\WINDOWS\System32\qedit.dll
2008-10-27 13:45:29 ----A---- C:\WINDOWS\System32\qasf.dll
2008-10-27 13:45:29 ----A---- C:\WINDOWS\System32\psisdecd.dll
2008-10-27 13:45:29 ----A---- C:\WINDOWS\System32\msyuv.dll
2008-10-27 13:45:29 ----A---- C:\WINDOWS\System32\mswebdvd.dll
2008-10-27 13:45:29 ----A---- C:\WINDOWS\System32\msvidctl.dll
2008-10-27 13:45:29 ----A---- C:\WINDOWS\System32\msdmo.dll
2008-10-27 13:45:29 ----A---- C:\WINDOWS\System32\ksuser.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\qdvd.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\qdv.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\qcap.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\mciqtz32.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\encapi.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dxdllreg.exe
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dxdiagn.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dxdiag.exe
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dx8vb.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dx7vb.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dswave.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dsound3d.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dsound.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dsdmoprp.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dsdmo.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dpwsockx.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dpvvox.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dpvsetup.exe
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dpvoice.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dpvacm.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dpnsvr.exe
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dpnlobby.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dpnhupnp.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dpnhpast.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dpnet.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dpnaddr.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dpmodemx.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dplayx.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dplaysvr.exe
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dmusic.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dmsynth.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dmstyle.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dmscript.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dmloader.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dmime.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dmcompos.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\dmband.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\devenum.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\ddrawex.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\ddraw.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\d3dim700.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\d3d9.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\d3d8thk.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\d3d8.dll
2008-10-27 13:45:28 ----A---- C:\WINDOWS\System32\amstream.dll
2008-10-27 13:42:02 ----SHD---- C:\WINDOWS\Installer
2008-10-27 13:42:00 ----D---- C:\Documents and Settings\Cathy\Application Data\Identities
2008-10-27 13:41:56 ----HD---- C:\Program Files\Uninstall Information
2008-10-27 13:41:55 ----ASH---- C:\Documents and Settings\Cathy\Application Data\desktop.ini
2008-10-27 13:41:54 ----SD---- C:\Documents and Settings\Cathy\Application Data\Microsoft
2008-10-27 13:41:16 ----SHD---- C:\System Volume Information
2008-10-27 13:41:16 ----D---- C:\WINDOWS\Prefetch
2008-10-27 13:41:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-27 13:37:50 ----D---- C:\WINDOWS\System32\xircom
2008-10-27 13:37:50 ----D---- C:\Program Files\xerox
2008-10-27 13:37:50 ----D---- C:\Program Files\microsoft frontpage
2008-10-27 13:37:48 ----A---- C:\WINDOWS\control.ini
2008-10-27 13:37:48 ----A---- C:\AUTOEXEC.BAT
2008-10-27 13:37:44 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-27 13:37:43 ----A---- C:\WINDOWS\System32\mapi32.dll
2008-10-27 13:37:18 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-27 13:37:18 ----RD---- C:\WINDOWS\Offline Web Pages
2008-10-27 13:37:18 ----RAH---- C:\WINDOWS\System32\logonui.exe.manifest
2008-10-27 13:37:15 ----RAH---- C:\WINDOWS\System32\cdplayer.exe.manifest
2008-10-27 13:37:02 ----D---- C:\WINDOWS\System32\DirectX
2008-10-27 13:36:39 ----A---- C:\WINDOWS\System32\safrslv.dll
2008-10-27 13:36:39 ----A---- C:\WINDOWS\System32\safrdm.dll
2008-10-27 13:36:39 ----A---- C:\WINDOWS\System32\safrcdlg.dll
2008-10-27 13:36:39 ----A---- C:\WINDOWS\System32\racpldlg.dll
2008-10-27 13:36:39 ----A---- C:\WINDOWS\System32\atrace.dll
2008-10-27 13:36:36 ----A---- C:\WINDOWS\System32\desktop.ini
2008-10-27 13:36:36 ----A---- C:\WINDOWS\desktop.ini
2008-10-27 13:36:30 ----A---- C:\WINDOWS\System32\nmevtmsg.dll
2008-10-27 13:36:30 ----A---- C:\WINDOWS\System32\mnmsrvc.exe
2008-10-27 13:36:30 ----A---- C:\WINDOWS\System32\isrdbg32.dll
2008-10-27 13:36:29 ----A---- C:\WINDOWS\System32\acctres.dll
2008-10-27 13:36:28 ----D---- C:\Program Files\Common Files\Services
2008-10-27 13:36:27 ----A---- C:\WINDOWS\System32\inetres.dll
2008-10-27 13:36:25 ----SD---- C:\WINDOWS\Tasks
2008-10-27 13:36:24 ----A---- C:\WINDOWS\System32\isign32.dll
2008-10-27 13:36:24 ----A---- C:\WINDOWS\System32\inetcfg.dll
2008-10-27 13:36:24 ----A---- C:\WINDOWS\System32\icwphbk.dll
2008-10-27 13:36:24 ----A---- C:\WINDOWS\System32\icwdial.dll
2008-10-27 13:36:24 ----A---- C:\WINDOWS\System32\icfgnt5.dll
2008-10-27 13:36:22 ----D---- C:\Program Files\Common Files\MSSoap
2008-10-27 13:36:18 ----D---- C:\WINDOWS\System32\Macromed
2008-10-27 13:36:18 ----D---- C:\WINDOWS\srchasst
2008-10-27 13:36:17 ----A---- C:\WINDOWS\System32\qmgrprxy.dll
2008-10-27 13:36:17 ----A---- C:\WINDOWS\System32\qmgr.dll
2008-10-27 13:36:16 ----D---- C:\Program Files\Movie Maker
2008-10-27 13:36:13 ----D---- C:\WINDOWS\System32\Restore
2008-10-27 13:36:13 ----D---- C:\WINDOWS\PCHealth
2008-10-27 13:36:13 ----A---- C:\WINDOWS\System32\srrstr.dll
2008-10-27 13:36:12 ----A---- C:\WINDOWS\System32\srsvc.dll
2008-10-27 13:36:12 ----A---- C:\WINDOWS\System32\srclient.dll
2008-10-27 13:36:12 ----A---- C:\WINDOWS\System32\nmmkcert.dll
2008-10-27 13:36:12 ----A---- C:\WINDOWS\System32\msconf.dll
2008-10-27 13:36:12 ----A---- C:\WINDOWS\System32\mnmdd.dll
2008-10-27 13:36:12 ----A---- C:\WINDOWS\System32\ils.dll
2008-10-27 13:36:10 ----D---- C:\Program Files\NetMeeting
2008-10-27 13:36:10 ----A---- C:\WINDOWS\System32\msoert2.dll
2008-10-27 13:36:09 ----A---- C:\WINDOWS\System32\msoeacct.dll
2008-10-27 13:36:09 ----A---- C:\WINDOWS\System32\inetcomm.dll
2008-10-27 13:36:08 ----D---- C:\Program Files\Outlook Express
2008-10-27 13:36:08 ----A---- C:\WINDOWS\System32\schedsvc.dll
2008-10-27 13:36:08 ----A---- C:\WINDOWS\System32\mstinit.exe
2008-10-27 13:36:08 ----A---- C:\WINDOWS\System32\mstask.dll
2008-10-27 13:36:06 ----D---- C:\Program Files\Common Files\System
2008-10-27 13:36:05 ----D---- C:\Program Files\Internet Explorer
2008-10-27 13:36:01 ----A---- C:\WINDOWS\vbaddin.ini
2008-10-27 13:36:01 ----A---- C:\WINDOWS\vb.ini
2008-10-27 13:36:00 ----D---- C:\WINDOWS\Registration
2008-10-27 13:35:48 ----HD---- C:\Program Files\WindowsUpdate
2008-10-27 13:35:47 ----D---- C:\Program Files\Windows Media Player
2008-10-27 13:35:41 ----D---- C:\Program Files\MSN Gaming Zone
2008-10-27 13:35:41 ----A---- C:\WINDOWS\System32\write.exe
2008-10-27 13:35:34 ----A---- C:\WINDOWS\System32\sndvol32.exe
2008-10-27 13:35:34 ----A---- C:\WINDOWS\System32\sndrec32.exe
2008-10-27 13:35:34 ----A---- C:\WINDOWS\System32\accwiz.exe
2008-10-27 13:35:33 ----A---- C:\WINDOWS\System32\hypertrm.dll
2008-10-27 13:35:33 ----A---- C:\WINDOWS\System32\hticons.dll
2008-10-27 13:35:33 ----A---- C:\WINDOWS\System32\avwav.dll
2008-10-27 13:35:33 ----A---- C:\WINDOWS\System32\avtapi.dll
2008-10-27 13:35:33 ----A---- C:\WINDOWS\System32\avmeter.dll
2008-10-27 13:35:32 ----A---- C:\WINDOWS\System32\winchat.exe
2008-10-27 13:35:27 ----A---- C:\WINDOWS\System32\getuname.dll
2008-10-27 13:35:27 ----A---- C:\WINDOWS\System32\charmap.exe
2008-10-27 13:35:27 ----A---- C:\WINDOWS\System32\calc.exe
2008-10-27 13:35:26 ----A---- C:\WINDOWS\System32\winmine.exe
2008-10-27 13:35:26 ----A---- C:\WINDOWS\System32\sol.exe
2008-10-27 13:35:26 ----A---- C:\WINDOWS\System32\reset.exe
2008-10-27 13:35:26 ----A---- C:\WINDOWS\System32\rdshost.exe
2008-10-27 13:35:26 ----A---- C:\WINDOWS\System32\mshearts.exe
2008-10-27 13:35:26 ----A---- C:\WINDOWS\System32\freecell.exe
2008-10-27 13:35:25 ----A---- C:\WINDOWS\System32\usrlogon.cmd
2008-10-27 13:35:25 ----A---- C:\WINDOWS\System32\tsshutdn.exe
2008-10-27 13:35:25 ----A---- C:\WINDOWS\System32\tslabels.ini
2008-10-27 13:35:25 ----A---- C:\WINDOWS\System32\tskill.exe
2008-10-27 13:35:25 ----A---- C:\WINDOWS\System32\tsdiscon.exe
2008-10-27 13:35:25 ----A---- C:\WINDOWS\System32\tscon.exe
2008-10-27 13:35:25 ----A---- C:\WINDOWS\System32\shadow.exe
2008-10-27 13:35:25 ----A---- C:\WINDOWS\System32\rwinsta.exe
2008-10-27 13:35:25 ----A---- C:\WINDOWS\System32\regini.exe
2008-10-27 13:35:25 ----A---- C:\WINDOWS\System32\rdpcfgex.dll
2008-10-27 13:35:25 ----A---- C:\WINDOWS\System32\qwinsta.exe
2008-10-27 13:35:25 ----A---- C:\WINDOWS\System32\qprocess.exe
2008-10-27 13:35:25 ----A---- C:\WINDOWS\System32\qappsrv.exe
2008-10-27 13:35:25 ----A---- C:\WINDOWS\System32\msg.exe
2008-10-27 13:35:25 ----A---- C:\WINDOWS\System32\logoff.exe
2008-10-27 13:35:25 ----A---- C:\WINDOWS\System32\cdmodem.dll
2008-10-27 13:35:24 ----A---- C:\WINDOWS\System32\xolehlp.dll
2008-10-27 13:35:24 ----A---- C:\WINDOWS\System32\mtxoci.dll
2008-10-27 13:35:24 ----A---- C:\WINDOWS\System32\msdtcuiu.dll
2008-10-27 13:35:24 ----A---- C:\WINDOWS\System32\msdtctm.dll
2008-10-27 13:35:24 ----A---- C:\WINDOWS\System32\msdtcprf.ini
2008-10-27 13:35:24 ----A---- C:\WINDOWS\System32\msdtclog.dll
2008-10-27 13:35:24 ----A---- C:\WINDOWS\System32\msdtc.exe
2008-10-27 13:35:23 ----A---- C:\WINDOWS\System32\mtxlegih.dll
2008-10-27 13:35:23 ----A---- C:\WINDOWS\System32\mtxex.dll
2008-10-27 13:35:23 ----A---- C:\WINDOWS\System32\mtxdm.dll
2008-10-27 13:35:23 ----A---- C:\WINDOWS\System32\dcomcnfg.exe
2008-10-27 13:35:22 ----A---- C:\WINDOWS\System32\stclient.dll
2008-10-27 13:35:22 ----A---- C:\WINDOWS\System32\comuid.dll
2008-10-27 13:35:22 ----A---- C:\WINDOWS\System32\comsnap.dll
2008-10-27 13:35:22 ----A---- C:\WINDOWS\System32\comrepl.dll
2008-10-27 13:35:22 ----A---- C:\WINDOWS\System32\comaddin.dll
2008-10-27 13:35:22 ----A---- C:\WINDOWS\System32\colbact.dll
2008-10-27 13:35:22 ----A---- C:\WINDOWS\System32\clbcatex.dll
2008-10-27 13:35:22 ----A---- C:\WINDOWS\System32\catsrvps.dll
2008-10-27 13:35:22 ----A---- C:\WINDOWS\System32\catsrv.dll
2008-10-27 13:35:21 ----A---- C:\WINDOWS\System32\clbcatq.dll
2008-10-27 13:35:16 ----A---- C:\WINDOWS\System32\wmimgmt.msc
2008-10-27 13:35:16 ----A---- C:\WINDOWS\System32\servdeps.dll
2008-10-27 13:35:16 ----A---- C:\WINDOWS\System32\mmfutil.dll
2008-10-27 13:35:16 ----A---- C:\WINDOWS\System32\cmprops.dll
2008-10-27 13:35:11 ----D---- C:\Program Files\Windows NT
2008-10-27 13:35:11 ----A---- C:\WINDOWS\System32\spider.exe
2008-10-27 13:35:11 ----A---- C:\WINDOWS\System32\mspaint.exe
2008-10-27 13:35:11 ----A---- C:\WINDOWS\System32\mplay32.exe
2008-10-27 13:35:11 ----A---- C:\WINDOWS\System32\clipbrd.exe
2008-10-27 13:35:10 ----A---- C:\WINDOWS\System32\wuauserv.dll
2008-10-27 13:35:10 ----A---- C:\WINDOWS\System32\wuaueng.dll
2008-10-27 13:35:10 ----A---- C:\WINDOWS\System32\wuauclt.exe
2008-10-27 13:35:10 ----A---- C:\WINDOWS\System32\tscfgwmi.dll
2008-10-27 13:35:10 ----A---- C:\WINDOWS\System32\mstscax.dll
2008-10-27 13:35:10 ----A---- C:\WINDOWS\System32\mstsc.exe
2008-10-27 13:35:09 ----A---- C:\WINDOWS\System32\tscupgrd.exe
2008-10-27 13:35:09 ----A---- C:\WINDOWS\System32\termsrv.dll
2008-10-27 13:35:09 ----A---- C:\WINDOWS\System32\sessmgr.exe
2008-10-27 13:35:09 ----A---- C:\WINDOWS\System32\remotepg.dll
2008-10-27 13:35:09 ----A---- C:\WINDOWS\System32\rdsaddin.exe
2008-10-27 13:35:09 ----A---- C:\WINDOWS\System32\rdpwsx.dll
2008-10-27 13:35:09 ----A---- C:\WINDOWS\System32\rdpsnd.dll
2008-10-27 13:35:09 ----A---- C:\WINDOWS\System32\rdpclip.exe
2008-10-27 13:35:09 ----A---- C:\WINDOWS\System32\rdchost.dll
2008-10-27 13:35:09 ----A---- C:\WINDOWS\System32\icaapi.dll
2008-10-27 13:35:09 ----A---- C:\WINDOWS\System32\cfgbkend.dll
2008-10-27 13:35:08 ----D---- C:\WINDOWS\System32\MsDtc
2008-10-27 13:35:08 ----D---- C:\WINDOWS\System32\Com
2008-10-27 13:35:08 ----A---- C:\WINDOWS\System32\msdtcprx.dll
2008-10-27 13:35:08 ----A---- C:\WINDOWS\System32\comsvcs.dll
2008-10-27 13:35:08 ----A---- C:\WINDOWS\System32\catsrvut.dll
2008-10-27 13:35:05 ----A---- C:\WINDOWS\System32\licwmi.dll
2008-10-27 08:34:39 ----A---- C:\WINDOWS\System32\h323log.txt
2008-10-27 08:28:12 ----D---- C:\Program Files\Common Files\ODBC
2008-10-27 08:28:12 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI
2008-10-27 08:28:12 ----A---- C:\WINDOWS\ODBCINST.INI
2008-10-27 08:28:10 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-10-27 08:28:09 ----RD---- C:\Program Files
2008-10-27 08:28:09 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-27 08:28:09 ----D---- C:\Program Files\Common Files
2008-10-27 08:28:07 ----RA---- C:\WINDOWS\System32\kbdtuq.dll
2008-10-27 08:28:07 ----RA---- C:\WINDOWS\System32\kbdtuf.dll
2008-10-27 08:28:07 ----RA---- C:\WINDOWS\System32\kbdazel.dll
2008-10-27 08:28:06 ----RA---- C:\WINDOWS\System32\kbduzb.dll
2008-10-27 08:28:06 ----RA---- C:\WINDOWS\System32\kbdtat.dll
2008-10-27 08:28:06 ----RA---- C:\WINDOWS\System32\kbdmon.dll
2008-10-27 08:28:06 ----RA---- C:\WINDOWS\System32\kbdkyr.dll
2008-10-27 08:28:06 ----RA---- C:\WINDOWS\System32\kbdaze.dll
2008-10-27 08:28:05 ----RA---- C:\WINDOWS\System32\kbdycc.dll
2008-10-27 08:28:05 ----RA---- C:\WINDOWS\System32\kbdur.dll
2008-10-27 08:28:05 ----RA---- C:\WINDOWS\System32\kbdru1.dll
2008-10-27 08:28:05 ----RA---- C:\WINDOWS\System32\kbdru.dll
2008-10-27 08:28:05 ----RA---- C:\WINDOWS\System32\kbdkaz.dll
2008-10-27 08:28:05 ----RA---- C:\WINDOWS\System32\kbdbu.dll
2008-10-27 08:28:05 ----RA---- C:\WINDOWS\System32\kbdblr.dll
2008-10-27 08:28:04 ----RA---- C:\WINDOWS\System32\kbdhept.dll
2008-10-27 08:28:04 ----RA---- C:\WINDOWS\System32\kbdhela3.dll
2008-10-27 08:28:04 ----RA---- C:\WINDOWS\System32\kbdhela2.dll
2008-10-27 08:28:04 ----RA---- C:\WINDOWS\System32\kbdhe319.dll
2008-10-27 08:28:04 ----RA---- C:\WINDOWS\System32\kbdhe220.dll
2008-10-27 08:28:04 ----RA---- C:\WINDOWS\System32\kbdhe.dll
2008-10-27 08:28:04 ----RA---- C:\WINDOWS\System32\kbdgkl.dll
2008-10-27 08:28:03 ----RA---- C:\WINDOWS\System32\kbdlt1.dll
2008-10-27 08:28:02 ----RA---- C:\WINDOWS\System32\kbdlv1.dll
2008-10-27 08:28:02 ----RA---- C:\WINDOWS\System32\kbdlv.dll
2008-10-27 08:28:02 ----RA---- C:\WINDOWS\System32\kbdlt.dll
2008-10-27 08:28:02 ----RA---- C:\WINDOWS\System32\kbdest.dll
2008-10-27 08:28:01 ----RA---- C:\WINDOWS\System32\kbdycl.dll
2008-10-27 08:28:01 ----RA---- C:\WINDOWS\System32\kbdsl1.dll
2008-10-27 08:28:01 ----RA---- C:\WINDOWS\System32\kbdsl.dll
2008-10-27 08:28:01 ----RA---- C:\WINDOWS\System32\kbdro.dll
2008-10-27 08:28:01 ----RA---- C:\WINDOWS\System32\kbdpl1.dll
2008-10-27 08:28:01 ----RA---- C:\WINDOWS\System32\kbdpl.dll
2008-10-27 08:28:01 ----RA---- C:\WINDOWS\System32\kbdhu1.dll
2008-10-27 08:28:01 ----RA---- C:\WINDOWS\System32\kbdhu.dll
2008-10-27 08:28:01 ----RA---- C:\WINDOWS\System32\kbdcz2.dll
2008-10-27 08:28:01 ----RA---- C:\WINDOWS\System32\kbdcz1.dll
2008-10-27 08:28:01 ----RA---- C:\WINDOWS\System32\kbdcz.dll
2008-10-27 08:28:01 ----RA---- C:\WINDOWS\System32\kbdcr.dll
2008-10-27 08:28:01 ----RA---- C:\WINDOWS\System32\KBDAL.DLL
2008-10-27 08:27:59 ----A---- C:\WINDOWS\System32\irclass.dll
2008-10-27 08:27:59 ----A---- C:\WINDOWS\System32\dgsetup.dll
2008-10-27 08:27:59 ----A---- C:\WINDOWS\System32\dgrpsetu.dll
2008-10-27 08:27:58 ----A---- C:\WINDOWS\System32\spxcoins.dll
2008-10-27 08:27:58 ----A---- C:\WINDOWS\System32\EqnClass.Dll
2008-10-27 08:27:57 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-10-27 08:27:56 ----N---- C:\WINDOWS\System32\CONFIG.TMP
2008-10-27 08:27:56 ----A---- C:\WINDOWS\System32\storprop.dll
2008-10-27 08:27:56 ----A---- C:\WINDOWS\System32\batt.dll
2008-10-27 08:27:56 ----A---- C:\WINDOWS\NOTEPAD.EXE
2008-10-27 08:27:53 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-10-27 08:27:52 ----RA---- C:\WINDOWS\SET7.tmp
2008-10-27 08:27:48 ----RA---- C:\WINDOWS\SET3.tmp
2008-10-27 08:27:43 ----D---- C:\WINDOWS\System32\CatRoot2
2008-10-27 08:27:43 ----D---- C:\WINDOWS\System32\CatRoot
2008-10-27 08:27:37 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-27 08:27:22 ----A---- C:\WINDOWS\setuplog.txt
2008-10-27 08:27:20 ----D---- C:\Documents and Settings
2008-10-27 08:26:33 ----SH---- C:\boot.ini
2008-10-27 08:23:28 ----RSHDC---- C:\WINDOWS\System32\dllcache
2008-10-27 08:23:28 ----RSD---- C:\WINDOWS\Fonts
2008-10-27 08:23:28 ----RD---- C:\WINDOWS\Web
2008-10-27 08:23:28 ----HD---- C:\WINDOWS\inf
2008-10-27 08:23:28 ----D---- C:\WINDOWS\WinSxS
2008-10-27 08:23:28 ----D---- C:\WINDOWS\twain_32
2008-10-27 08:23:28 ----D---- C:\WINDOWS\Temp
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\wins
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\wbem
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\usmt
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\spool
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\ShellExt
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\Setup
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\ras
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\oobe
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\npp
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\mui
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\inetsrv
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\IME
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\icsxml
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\ias
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\export
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\drivers
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\dhcp
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\config
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\3com_dmi
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\3076
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\2052
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\1054
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\1042
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\1041
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\1037
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\1033
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\1031
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\1028
2008-10-27 08:23:28 ----D---- C:\WINDOWS\System32\1025
2008-10-27 08:23:28 ----D---- C:\WINDOWS\system32
2008-10-27 08:23:28 ----D---- C:\WINDOWS\system
2008-10-27 08:23:28 ----D---- C:\WINDOWS\security
2008-10-27 08:23:28 ----D---- C:\WINDOWS\Resources
2008-10-27 08:23:28 ----D---- C:\WINDOWS\repair
2008-10-27 08:23:28 ----D---- C:\WINDOWS\mui
2008-10-27 08:23:28 ----D---- C:\WINDOWS\msapps
2008-10-27 08:23:28 ----D---- C:\WINDOWS\msagent
2008-10-27 08:23:28 ----D---- C:\WINDOWS\Media
2008-10-27 08:23:28 ----D---- C:\WINDOWS\java
2008-10-27 08:23:28 ----D---- C:\WINDOWS\ime
2008-10-27 08:23:28 ----D---- C:\WINDOWS\Help
2008-10-27 08:23:28 ----D---- C:\WINDOWS\Driver Cache
2008-10-27 08:23:28 ----D---- C:\WINDOWS\Debug
2008-10-27 08:23:28 ----D---- C:\WINDOWS\Cursors
2008-10-27 08:23:28 ----D---- C:\WINDOWS\Connection Wizard
2008-10-27 08:23:28 ----D---- C:\WINDOWS\Config
2008-10-27 08:23:28 ----D---- C:\WINDOWS\AppPatch
2008-10-27 08:23:28 ----D---- C:\WINDOWS\addins
2008-10-27 08:23:28 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2008-10-27 13:37:47 ----A---- C:\WINDOWS\win.ini
2008-10-27 08:28:09 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-09-23 3331072]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-03-31 9600]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2003-03-31 28160]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29 19328]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-28 24960]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2003-03-31 21760]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]
S2 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSfilter.sys []
S2 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSgk.sys []
S2 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSrec.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-10-28 85969]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-05-12 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2008-09-23 581632]
R2 FSMA;F-Secure Management Agent; C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE [2008-04-23 113304]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-28 152984]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-23 593920]
S3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe [2008-04-23 461408]
S3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe [2008-04-23 453216]

-----------------EOF-----------------

mtn5.goole.ws

I am also getting ad's from the above site now :(

I have run super anti spyware, and spyware blaster along with my virus scan. They are not picking up anything. I am still unable to update my computer as well.
Attached Files
File Type: txt gmer.txt (4.2 KB, 23 views)
File Type: txt info.txt (3.7 KB, 12 views)
Kirsta is offline  
Sponsored Links
Advertisement
 
Old 10-29-2008, 11:59 AM   #2
Guest
 
Join Date: Oct 2008
Posts: 5
OS:



Hi, I noticed my post was edited :( I was wondering if maybe someone was able to help? I am having no luck. I think I have downloaded every removal tool known to man. Zlob trojan is what I have. Nothing seems to be working for me :(

Spybot search and destroy says it removes it, when I restart my PC it is back again. ANY help would be greatly appreciated.

I even tried the steps listed here
https://www.bleepingcomputer.com/forums/topic17258.html

No luck :(

Thanks in advance,
Kirsta
Kirsta is offline  
Old 11-02-2008, 09:29 AM   #3
TSF Security Team
Emeritus
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,363
OS: N/A



Please visit this webpage for instructions for downloading and running ComboFix:

https://www.bleepingcomputer.com/comb...o-use-combofix

Post the log from ComboFix when you've accomplished that.
sUBs is offline  
Sponsored Links
Advertisement
 
Old 11-04-2008, 06:29 AM   #4
Guest
 
Join Date: Oct 2008
Posts: 5
OS:



ComboFix 08-11-03.06 - Cathy 2008-11-04 9:15:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1198 [GMT -5:00]
Running from: c:\documents and settings\Cathy\My Documents\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-10-04 to 2008-11-04 )))))))))))))))))))))))))))))))
.

2008-11-04 09:02 . 2008-11-04 09:02 <DIR> d-------- C:\rsit
2008-10-31 14:00 . 2007-07-30 19:19 271,224 --a------ c:\windows\system32\mucltui.dll
2008-10-31 14:00 . 2007-07-30 19:19 207,736 --a------ c:\windows\system32\muweb.dll
2008-10-31 14:00 . 2007-07-30 19:19 30,072 --a------ c:\windows\system32\mucltui.dll.mui
2008-10-30 23:19 . 2008-10-30 23:20 <DIR> d-------- c:\documents and settings\Cathy\Contacts
2008-10-30 23:18 . 2008-10-30 23:18 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-10-30 23:12 . 2008-10-30 23:18 <DIR> d-------- c:\program files\Windows Live
2008-10-30 23:12 . 2008-10-30 23:18 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-10-30 23:12 . 2008-10-30 23:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-30 21:01 . 2008-10-30 21:01 <DIR> d-------- c:\windows\system32\scripting
2008-10-30 21:01 . 2008-10-30 21:01 <DIR> d-------- c:\windows\system32\en
2008-10-30 21:01 . 2008-10-30 21:01 <DIR> d-------- c:\windows\l2schemas
2008-10-30 20:47 . 2008-04-13 19:12 695,808 -----c--- c:\windows\system32\dllcache\drmv2clt.dll
2008-10-30 20:14 . 2008-10-03 12:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-10-30 20:14 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-10-30 20:14 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-10-30 20:14 . 2008-08-26 02:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-10-30 20:14 . 2008-08-26 02:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-10-30 20:14 . 2008-08-26 02:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-10-30 20:14 . 2008-08-26 02:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-10-30 20:14 . 2008-08-26 02:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-10-30 20:14 . 2008-08-25 03:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-10-30 20:11 . 2007-08-13 18:54 33,792 --a--c--- c:\windows\system32\dllcache\custsat.dll
2008-10-30 20:02 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-30 20:00 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-30 20:00 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-30 20:00 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-30 20:00 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-30 20:00 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-30 19:59 . 2008-08-14 05:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-10-30 19:58 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-30 19:57 . 2008-05-01 09:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-10-30 19:56 . 2008-04-11 14:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-10-30 19:54 . 2008-06-13 06:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-10-30 19:54 . 2008-05-08 09:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-10-30 18:12 . 2008-10-30 21:10 316,640 --a------ c:\windows\WMSysPr9.prx
2008-10-30 18:12 . 2008-04-13 19:12 221,184 --a------ c:\windows\system32\wmpns.dll
2008-10-30 18:11 . 2008-10-30 18:11 <DIR> d-------- c:\windows\provisioning
2008-10-30 18:11 . 2008-10-30 21:01 <DIR> d-------- c:\windows\peernet
2008-10-30 18:10 . 2008-10-30 18:10 <DIR> d-------- c:\windows\ServicePackFiles
2008-10-30 18:04 . 2008-10-30 20:51 <DIR> d-------- c:\windows\EHome
2008-10-30 18:01 . 2002-04-15 21:11 67,866 --------- c:\windows\system32\drivers\netwlan5.img
2008-10-30 18:01 . 2008-04-14 05:42 11,264 --------- c:\windows\system32\spnpinst.exe
2008-10-30 18:01 . 2004-08-02 14:20 7,208 --------- c:\windows\system32\secupd.sig
2008-10-30 18:01 . 2004-08-02 14:20 4,569 --------- c:\windows\system32\secupd.dat
2008-10-30 16:34 . 2008-10-30 21:01 <DIR> d-------- c:\windows\system32\bits
2008-10-30 16:34 . 2008-10-31 10:48 <DIR> d--h----- c:\windows\$hf_mig$
2008-10-30 16:34 . 2007-08-10 20:46 26,488 --a------ c:\windows\system32\spupdsvc.exe
2008-10-30 16:33 . 2008-04-13 12:39 438,784 --------- c:\windows\system32\xpob2res.dll
2008-10-30 16:33 . 2008-04-13 19:12 354,304 --a------ c:\windows\system32\winhttp.dll
2008-10-30 16:33 . 2008-04-13 19:12 18,944 --a------ c:\windows\system32\qmgrprxy.dll
2008-10-30 16:33 . 2008-04-13 19:11 8,192 --------- c:\windows\system32\bitsprx2.dll
2008-10-30 16:33 . 2008-04-13 19:11 7,168 --------- c:\windows\system32\bitsprx3.dll
2008-10-30 16:30 . 2007-07-30 19:19 549,720 --a------ c:\windows\system32\wuapi.dll
2008-10-30 16:30 . 2007-07-30 19:19 325,976 --a------ c:\windows\system32\wucltui.dll
2008-10-30 16:30 . 2007-07-30 19:19 216,408 --a------ c:\windows\system32\wuaucpl.cpl
2008-10-30 16:30 . 2007-07-30 19:19 43,352 --a------ c:\windows\system32\wups2.dll
2008-10-30 16:30 . 2007-07-30 19:18 34,136 --a------ c:\windows\system32\wucltui.dll.mui
2008-10-30 16:30 . 2007-07-30 19:18 33,624 --a------ c:\windows\system32\wups.dll
2008-10-30 16:30 . 2007-07-30 19:19 25,944 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-10-30 16:30 . 2007-07-30 19:19 25,944 --a------ c:\windows\system32\wuapi.dll.mui
2008-10-30 16:30 . 2007-07-30 19:18 20,312 --a------ c:\windows\system32\wuaueng.dll.mui
2008-10-30 16:06 . 2008-10-30 16:06 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
2008-10-30 15:59 . 2008-10-30 15:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-10-30 15:27 . 2008-10-31 03:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-10-30 15:00 . 2008-10-30 15:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Citrix
2008-10-30 14:51 . 2008-10-30 14:51 61,224 --a------ c:\documents and settings\Cathy\GoToAssistDownloadHelper.exe
2008-10-30 14:35 . 2008-10-30 14:35 <DIR> d-------- c:\windows\Sun
2008-10-30 14:34 . 2008-10-30 14:34 <DIR> d-------- c:\program files\Java
2008-10-30 14:34 . 2008-10-30 14:34 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-30 14:34 . 2008-10-30 14:34 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-10-30 08:06 . 2008-11-04 09:06 <DIR> d-------- c:\program files\Trend Micro
2008-10-30 07:38 . 2003-03-18 16:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2008-10-30 07:38 . 2003-03-18 15:14 499,712 --a------ c:\windows\system32\MSVCP71.dll
2008-10-30 07:38 . 2003-02-20 23:42 348,160 --a------ c:\windows\system32\MSVCR71.dll
2008-10-30 07:30 . 2008-10-30 07:30 <DIR> d-------- c:\program files\Ventrilo
2008-10-30 07:30 . 2008-10-30 07:30 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-10-30 07:30 . 2008-10-30 07:31 <DIR> d-------- c:\documents and settings\Cathy\Application Data\Ventrilo
2008-10-30 06:56 . 2008-10-30 06:56 <DIR> d-------- c:\documents and settings\Cathy\Application Data\Malwarebytes
2008-10-30 06:56 . 2008-10-30 06:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-30 03:33 . 2008-10-30 03:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-10-29 16:48 . 2008-10-29 16:48 <DIR> d--hs---- c:\documents and settings\Cathy\UserData
2008-10-29 12:58 . 2008-10-29 12:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2008-10-29 12:57 . 2008-10-29 13:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2008-10-29 12:12 . 2008-10-30 23:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-04 13:53 --------- d-----w c:\program files\World of Warcraft
2008-10-29 20:43 --------- d-----w c:\program files\Intel
2008-10-29 20:43 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-29 20:42 --------- d-----w c:\program files\Analog Devices
2008-10-29 20:31 --------- d-----w c:\program files\microsoft frontpage
2008-10-29 18:40 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-29 17:57 --------- d-----w c:\program files\Common Files\iS3
2008-10-29 17:37 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-09-24 03:09 3,331,072 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-09-24 02:18 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-09-24 02:17 311,296 ----a-w c:\windows\system32\ati2dvag.dll
2008-09-24 02:09 10,772,480 ----a-w c:\windows\system32\atioglxx.dll
2008-09-24 02:07 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-09-24 02:06 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-09-24 02:06 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-09-24 02:06 143,360 ----a-w c:\windows\system32\Oemdspif.dll
2008-09-24 02:06 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-09-24 02:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2008-09-24 02:04 581,632 ----a-w c:\windows\system32\ati2evxx.exe
2008-09-24 02:03 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-09-24 01:56 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-09-24 01:54 4,008,864 ----a-w c:\windows\system32\ati3duag.dll
2008-09-24 01:38 2,399,744 ----a-w c:\windows\system32\ativvaxx.dll
2008-09-24 01:24 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-09-24 01:20 380,928 ----a-w c:\windows\system32\atikvmag.dll
2008-09-24 01:19 39,424 ----a-w c:\windows\system32\atiadlxx.dll
2008-09-24 01:18 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-09-24 01:18 253,952 ----a-w c:\windows\system32\atiok3x2.dll
2008-09-24 01:18 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-09-24 01:12 573,440 ----a-w c:\windows\system32\ati2cqag.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-30 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-10-30 152984]

*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.unrelenting-guild.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-11-04 09:16:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-04 9:17:14
ComboFix-quarantined-files.txt 2008-11-04 14:17:11

Pre-Run: 135,813,791,744 bytes free
Post-Run: 136,065,880,064 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

183 --- E O F --- 2008-10-31 15:49:07
Kirsta is offline  
Old 11-04-2008, 06:42 AM   #5
TSF Security Team
Emeritus
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,363
OS: N/A



Try Windows Update now.

https://www.update.microsoft.com/wind....aspx?ln=en-us

Are you still getting redirected?
sUBs is offline  
Old 11-04-2008, 06:49 AM   #6
Guest
 
Join Date: Oct 2008
Posts: 5
OS:



No, I am sorry I did forget to add that I was reading and somewhere said to check my router settings. They were all messed up, I fixed those and I was able to update windows.
Kirsta is offline  
Old 11-04-2008, 07:03 AM   #7
TSF Security Team
Emeritus
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,363
OS: N/A



Your logs are looking clean. Do you still have other issues with the machine?
sUBs is offline  
Old 11-04-2008, 08:35 AM   #8
Guest
 
Join Date: Oct 2008
Posts: 5
OS:



No, If that fixed it then I am thrilled. I was unsure.

Thanks then :D
Kirsta is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 05:46 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts