I cant connect to Microsoft any antivirus on line scans

Started by Deb, July 08, 2010, 06:50:50 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2
User actions

Deb

#15
July 24, 2010, 06:44:35 AM
Logfile of random's system information tool 1.08 (written by random/random)
Run by Owner at 2010-07-24 18:37:24
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 53 GB (69%) free of 76 GB
Total RAM: 1022 MB (45% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{50A9C00E-06C1-442E-8161-44D674D61CD3}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43C6D902-A1C5-45c9-91F6-FD9E90337E18}]
TSToolbarBHO - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll [2009-07-27 148816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-03-07 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-07-06 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-02 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-03-07 279664]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]
{CCAC5586-44D7-4c43-B64A-F042461A97D2} - Trend Micro Toolbar - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll [2009-07-27 148816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"JMB36X Configure"=C:\WINDOWS\system32\JMRaidTool.exe [2006-07-12 352256]
"XeroxScannerDaemon"=C:\Program Files\Xerox\NWWia\XrxFTPLt.exe [2001-08-17 27648]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-13 8429568]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-13 81920]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2009-07-30 1020248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-07-06 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2009-07-30 492808]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
lnk_disabled
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
lnk_disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\wlsetup-web.exe"="C:\Program Files\wlsetup-web.exe:*:Enabled:wlsetup-web"
"C:\Program Files\Microsoft Silverlight\sllauncher.exe"="C:\Program Files\Microsoft Silverlight\sllauncher.exe:*:Enabled:sllauncher"
"C:\Program Files\EPSON\Creativity Suite\Attach To Email\AttachToEmail.exe"="C:\Program Files\EPSON\Creativity Suite\Attach To Email\AttachToEmail.exe:*:Enabled:EPSON Attach To Email"
"C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EEasyPhotoPrint.exe"="C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EEasyPhotoPrint.exe:*:Enabled:EPSON Easy Photo Print"
"C:\Program Files\EPSON\Creativity Suite\File Manager\EFileManager.exe"="C:\Program Files\EPSON\Creativity Suite\File Manager\EFileManager.exe:*:Enabled:EPSON File Manager"
"C:\Program Files\EPSON Print CD\EPSONCD.exe"="C:\Program Files\EPSON Print CD\EPSONCD.exe:*:Enabled:EPSON Print CD"
"C:\Program Files\InterActual\InterActual Player\iPlayer.exe"="C:\Program Files\InterActual\InterActual Player\iPlayer.exe:*:Enabled:InterActual Player"
"C:\Program Files\InterActual\InterActual Player\inuninst.exe"="C:\Program Files\InterActual\InterActual Player\inuninst.exe:*:Enabled:InterActual Player Uninstall"
"C:\Program Files\Straighthold Trader\MetaEditor.exe"="C:\Program Files\Straighthold Trader\MetaEditor.exe:*:Enabled:MetaEditor"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\Outlook Express\msimn.exe"="C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express"
"C:\Program Files\EPSON\PIF DESIGNER\PIF DESIGNER.exe"="C:\Program Files\EPSON\PIF DESIGNER\PIF DESIGNER.exe:*:Enabled:PIF DESIGNER"
"C:\Program Files\EPSON\Creativity Suite\Scan Assistant\EScanAssist.exe"="C:\Program Files\EPSON\Creativity Suite\Scan Assistant\EScanAssist.exe:*:Enabled:Scan Assistant"
"C:\Program Files\CoreFTP\UNWISE.EXE"="C:\Program Files\CoreFTP\UNWISE.EXE:*:Enabled:Uninstall Core FTP"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Movie Maker\moviemk.exe"="C:\Program Files\Movie Maker\moviemk.exe:*:Enabled:Windows Movie Maker"
"C:\Program Files\xerox\nwwia\XrxFTPLt.exe"="C:\Program Files\xerox\nwwia\XrxFTPLt.exe:*:Enabled:XrxFTPLt"
"C:\Program Files\CoreFTP\coreftp.exe"="C:\Program Files\CoreFTP\coreftp.exe:*:Enabled:Core FTP Lite"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2010-07-24 18:37:24 ----D---- C:\rsit
2010-07-22 11:43:54 ----SD---- C:\ComboFix.exe13256C
2010-07-16 22:47:59 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-07-16 22:47:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-14 23:38:55 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2010-07-12 22:57:35 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-07-12 22:57:20 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-07-12 14:20:46 ----A---- C:\WINDOWS\system32\drivers\tmevtmgr.sys
2010-07-12 14:20:46 ----A---- C:\WINDOWS\system32\drivers\tmactmon.sys
2010-07-12 14:19:47 ----D---- C:\Documents and Settings\All Users\Application Data\Trend Micro
2010-07-12 14:17:19 ----D---- C:\Program Files\Trend Micro
2010-07-11 21:28:11 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-07-11 21:28:03 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-07-11 10:30:08 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-07-11 10:30:03 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-07-11 10:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-07-11 10:29:46 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-07-11 10:29:41 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-07-11 10:29:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-07-11 07:34:19 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2010-07-11 07:33:48 ----A---- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys
2010-07-11 07:33:14 ----D---- C:\Program Files\Microsoft Sync Framework
2010-07-11 07:32:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954708$
2010-07-11 07:31:04 ----D---- C:\Program Files\Microsoft
2010-07-11 07:30:47 ----D---- C:\Program Files\Windows Live SkyDrive
2010-07-11 07:30:24 ----D---- C:\Program Files\Windows Live
2010-07-10 23:55:51 ----A---- C:\Program Files\threatfoundlist.txt
2010-07-10 19:16:03 ----D---- C:\Program Files\ESET
2010-07-10 16:31:02 ----SHD---- C:\RECYCLER
2010-07-10 16:22:32 ----A---- C:\ComboFix.txt
2010-07-10 16:08:59 ----D---- C:\ComboFix.exe22928C
2010-07-10 15:57:26 ----A---- C:\CFScript.txt
2010-07-10 15:35:55 ----D---- C:\Documents and Settings\Owner\Application Data\Download Manager
2010-07-09 13:10:19 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-09 13:10:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-09 13:10:18 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-07-09 01:12:56 ----A---- C:\Boot.bak
2010-07-09 01:12:52 ----RASHD---- C:\cmdcons
2010-07-09 00:04:34 ----D---- C:\ComboFix.exe
2010-07-08 22:16:03 ----D---- C:\WINDOWS\ERDNT
2010-07-08 21:26:58 ----D---- C:\Qoobox
2010-07-05 23:06:10 ----A---- C:\$$WebReg.txt
2010-07-04 21:50:28 ----D---- C:\WINDOWS\system32\URTTEMP
2010-07-04 21:47:40 ----A---- C:\WINDOWS\UPGRADE.TXT
2010-07-02 21:07:21 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2010-06-30 18:27:49 ----A---- C:\WINDOWS\WAVEMIX.INI
2010-06-30 18:27:49 ----A---- C:\WINDOWS\MSBSOLAR.INI

======List of files/folders modified in the last 1 months======

2010-07-24 18:39:17 ----AC---- C:\WINDOWS\ModemLog_Agere Systems PCI-SV92PP Soft Modem.txt
2010-07-24 18:37:30 ----D---- C:\Program Files\Mozilla Firefox
2010-07-24 18:37:25 ----D---- C:\WINDOWS\Prefetch
2010-07-24 17:25:47 ----D---- C:\WINDOWS\Temp
2010-07-24 15:28:17 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-24 15:27:01 ----D---- C:\WINDOWS\system32\ias
2010-07-23 23:45:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-23 16:20:54 ----D---- C:\Program Files
2010-07-22 16:15:39 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-22 12:59:17 ----AC---- C:\WINDOWS\win.ini
2010-07-22 11:44:22 ----D---- C:\WINDOWS
2010-07-21 23:52:45 ----D---- C:\Config.Msi
2010-07-21 23:32:27 ----SHD---- C:\WINDOWS\Installer
2010-07-21 16:59:24 ----AC---- C:\WINDOWS\NeroDigital.ini
2010-07-20 15:54:53 ----D---- C:\WINDOWS\inf
2010-07-18 20:00:06 ----RSD---- C:\WINDOWS\assembly
2010-07-17 18:23:52 ----AC---- C:\WINDOWS\iPlayer.INI
2010-07-17 11:11:48 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-07-16 22:48:10 ----DC---- C:\WINDOWS\system32\dllcache
2010-07-16 22:48:06 ----D---- C:\WINDOWS\system32
2010-07-16 22:47:49 ----D---- C:\WINDOWS\$hf_mig$
2010-07-16 22:47:46 ----A---- C:\WINDOWS\imsins.BAK
2010-07-15 17:40:26 ----D---- C:\WINDOWS\network diagnostic
2010-07-12 16:55:14 ----D---- C:\WINDOWS\Help
2010-07-12 16:50:01 ----D---- C:\Documents and Settings\Owner\Application Data\Microsoft
2010-07-12 14:20:54 ----D---- C:\WINDOWS\system32\drivers
2010-07-12 13:28:01 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-11 21:28:14 ----D---- C:\Program Files\Outlook Express
2010-07-11 21:26:25 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-11 21:26:01 ----D---- C:\WINDOWS\WinSxS
2010-07-11 10:29:59 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-11 07:33:48 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-11 07:32:36 ----D---- C:\WINDOWS\system32\DirectX
2010-07-11 07:30:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-10 19:16:06 ----D---- C:\WINDOWS\Downloaded Program Files
2010-07-10 16:16:57 ----N---- C:\WINDOWS\system.ini
2010-07-10 16:15:04 ----D---- C:\WINDOWS\system32\config
2010-07-10 16:13:43 ----D---- C:\WINDOWS\AppPatch
2010-07-10 16:13:40 ----D---- C:\Program Files\Common Files
2010-07-10 15:38:18 ----D---- C:\PUB
2010-07-09 19:26:06 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-07-09 01:12:56 ----RASH---- C:\boot.ini
2010-07-08 21:38:24 ----D---- C:\WINDOWS\Registration
2010-07-08 18:59:53 ----D---- C:\Program Files\Free Window Registry Repair
2010-07-06 21:19:41 ----D---- C:\Program Files\EPSON
2010-07-06 14:01:50 ----D---- C:\WINDOWS\Tasks
2010-07-06 14:00:41 ----D---- C:\Program Files\Google
2010-07-05 23:06:38 ----D---- C:\Program Files\yWriter2
2010-07-05 23:06:38 ----D---- C:\Program Files\Windows Media Player
2010-07-05 23:06:21 ----D---- C:\Program Files\CoreFTP
2010-07-04 21:07:06 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-07-04 13:31:57 ----D---- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2010-06-30 18:27:49 ----D---- C:\WINDOWS\system
2010-06-30 17:48:24 ----D---- C:\Program Files\Microsoft Kids
2010-06-26 19:05:01 ----D---- C:\WINDOWS\system32\wbem

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\system32\DRIVERS\JGOGO.sys [2006-02-07 6912]
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2006-07-21 41728]
R0 uagp35;Microsoft AGPv3.5 Filter; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver; C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11264]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2007-02-14 11136]
R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2007-05-23 38968]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-12 226880]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2009-07-30 89872]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2010-04-28 54760]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2009-07-30 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2009-07-30 225808]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2009-07-30 1223832]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2009-06-05 380416]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-25 1149888]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 KeyMaestro;KeyMaestro; \??\C:\WINDOWS\system32\drivers\Maestro1.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2009-07-30 339984]
R3 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2006-09-29 10752]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 catchme;catchme; \??\C:\ComboFix.exe22928C\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-10-18 42496]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-18 27165]
S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-07-18 990592]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2006-07-18 256128]
S3 mohfilt;mohfilt; C:\WINDOWS\system32\drivers\mohfilt.sys [2006-03-21 35944]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-12 393088]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-07-18 728192]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-01 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 AEADIFilters;Andrea ADI Filters Service; C:\WINDOWS\system32\AEADISRV.EXE [2008-07-15 90112]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-11-15 258560]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-02 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe [2007-06-14 63024]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2009-07-30 715368]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
R3 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2009-07-30 345352]
R3 TmPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2009-07-30 497008]
R3 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-07-30 689416]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-06 135664]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-13 163908]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-06 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.08 2010-07-24 18:39:28

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
ASUS Gamer OSD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9  -removeonly
ASUSDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall
Classic PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" ControlPanel
Core FTP LE 2.1-->C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
D-Link DSL-302G USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22C0B7CF-4BAD-4FD6-9085-FC2E1A6D5861}\setup.exe"
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1DF4AC80-F76B-42AE-A263-15D2313D4472}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Print CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x9 -SYSTEM
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
ESPR230 User's Guide-->C:\Program Files\EPSON\TPMANUAL\ESPR230\REF_G\DOCUNINS.EXE
ExpertScan plug-in 1.0.18-->MsiExec.exe /X{C6559607-C849-4E64-AA8C-26116E294967}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9  -removeonly
Junk Mail filter update-->MsiExec.exe /I{8E5233E1-7495-44FB-8DEB-4BE906D59619}
KeyMaestro Input Device Driver V2.1.1-126A6 MUL-->C:\WINDOWS\system32\KmRemove.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! for Kids-->C:\Program Files\Microsoft Kids\Common Files\Setup\setup.exe /L kidsplus.lst /W kidsplus.stf
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.6.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Encarta Right-Click Dictionary-->MsiExec.exe /I{39A7E646-D7D1-4855-833A-2DEAC9ABD5ED}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nero 7 Essentials-->MsiExec.exe /X{1C00A3F1-6DA0-49F8-94E4-01AB6FC01033}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PIF DESIGNER-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x9 anything
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165-v2)-->"C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sound Blaster AWE64-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Creative\CTSND\DeIsL2.isu"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9  -removeonly
Straighthold Trader 4.00-->"C:\Program Files\Straighthold Trader\Uninstall.exe" "C:\Program Files\Straighthold Trader\install.log"
Trend Micro Internet Security Pro-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security Pro-->MsiExec.exe /X{9D2B0322-44AE-460E-9283-4D2D7A9205AE}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{E6158D07-2637-4ECF-B576-37C489669174}
Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}
Windows Live Family Safety-->MsiExec.exe /X{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}
Windows Live Photo Gallery-->MsiExec.exe /X{EE39FFBD-544E-49E4-A999-6819828EAE91}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{B10914FD-8812-47A4-85A1-50FCDE7F1F33}
Windows Live Toolbar-->MsiExec.exe /X{1BD07DF4-FB06-41BA-B896-B2DA59000C96}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XviD MPEG-4 Video Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf
yWriter2-->"C:\Program Files\yWriter2\unins000.exe"

======Security center information======

AV: eScan for Windows (outdated)
AV: Trend Micro Internet Security Pro
FW: Trend Micro Personal Firewall

======System event log======

Computer Name: DEBRA-BC2E65A8B
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Record Number: 5285
Source Name: DCOM
Time Written: 20100709101524.000000+720
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: DEBRA-BC2E65A8B
Event Code: 7023
Message: The HID Input Service service terminated with the following error:
The system cannot find the file specified.


Record Number: 5268
Source Name: Service Control Manager
Time Written: 20100709015531.000000+720
Event Type: error
User:

Computer Name: DEBRA-BC2E65A8B
Event Code: 7023
Message: The Image Windows service terminated with the following error:
A dynamic link library (DLL) initialization routine failed.


Record Number: 5267
Source Name: Service Control Manager
Time Written: 20100709015531.000000+720
Event Type: error
User:

Computer Name: DEBRA-BC2E65A8B
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Record Number: 5266
Source Name: DCOM
Time Written: 20100709015529.000000+720
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: DEBRA-BC2E65A8B
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Record Number: 5265
Source Name: DCOM
Time Written: 20100709015529.000000+720
Event Type: error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: DEBRA-BC2E65A8B
Event Code: 1517
Message: Windows saved user DEBRA-BC2E65A8B\samp registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 23
Source Name: Userenv
Time Written: 20100624135426.000000+720
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DEBRA-BC2E65A8B
Event Code: 4618
Message: The COM+ Event System raised an unexpected access violation at address 0x7C910A73, attempting to access address 0x0403A0D2.  Please contact Microsoft Product Support Services to report this error.
ntdll!wcsncpy+0x4f4
ntdll!wcsncpy+0x2cd
ole32!ComPs_NdrDllCanUnloadNow+0xdb
ole32!CoTaskMemFree+0x13
es!+0x13aa6
es!+0x13b5d
es!+0x13bac
es!+0x13be6
ole32!FreePropVariantArray+0xf8
ole32!FreePropVariantArray+0xa0
sens!+0x2cb1
sens!+0x1a45
ntdll!RtlSetEnvironmentVariable+0x30a
ntdll!RtlSetEnvironmentVariable+0x34b
ntdll!RtlSetEnvironmentVariable+0x40d
ntdll!RtlSetEnvironmentVariable+0x3e4
kernel32!GetModuleFileNameA+0x1ba

Record Number: 22
Source Name: EventSystem
Time Written: 20100624135254.000000+720
Event Type: error
User:

Computer Name: DEBRA-BC2E65A8B
Event Code: 4128
Message: Error 2147943792 detected in content index on c:\system volume information\catalog.wci.

Record Number: 16
Source Name: Ci
Time Written: 20100624113630.000000+720
Event Type: error
User:

Computer Name: DEBRA-BC2E65A8B
Event Code: 4128
Message: Error 2147943792 detected in content index on c:\system volume information\catalog.wci.

Record Number: 10
Source Name: Ci
Time Written: 20100624102740.000000+720
Event Type: error
User:

Computer Name: DEBRA-BC2E65A8B
Event Code: 4126
Message: Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will
be automatically restored by refiltering all documents.

Record Number: 6
Source Name: Ci
Time Written: 20100624050713.000000+720
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
Sorry to have taken so long
Deb

Corrine

#16
July 24, 2010, 07:09:39 PM
Hi, Deb. 

I removed the 2 duplicate posts to avoid confusion.

Additional information is still needed, since you did not allow the download of HijackThis.  However, let's first start with dealing with the vulnerable Java on your computer.

Please go to add/remove programs and uninstall the following:

Java(TM) 6 Update 17
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7

Next, please download JavaRa and unzip it to your desktop.


  • Double-click on JavaRa.exe to start the program.  (Windows Vista users Right-click JavaRa.exe > Select Run as Administrator)
  • Click on Remove Older Versions to remove older versions of Java.
  • A logfile will pop up. Please save it to a convenient location.
Then download and install Java SE Runtime Environment (JRE) 6 Update 21.   

Download Link: Java SE Runtime Environment 6u21

Note:  UNCHECK any pre-checked toolbar and/or software options presented with the update.  They are not part of the software update and are completely optional.   

After that, please download DDS.scr by sUBs from one of the following links and save it to your desktop.
Link 1
Link 2
  • Double-Click dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Deb

#17
July 25, 2010, 12:36:51 PM
JavaRa 1.15 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Sun Jul 25 13:29:42 2010

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
------------------------------------
Finished reporting.



DDS (Ver_10-03-17.01) - NTFSx86 
Run by Owner at  0:21:17.45 on Mon 26/07/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.362 [GMT 12:00]

AV: eScan for Windows *On-access scanning enabled* (Outdated)   {E25EE26A-7512-411E-BAF6-D9AFA504A475}
AV: Trend Micro Internet Security Pro *On-access scanning enabled* (Updated)   {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled*   {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\AEADISRV.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\javaws.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mStart Page = hxxp://msn.co.nz/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [OE] "c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe"
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [JMB36X Configure] c:\windows\system32\JMRaidTool.exe boot
mRun: [XeroxScannerDaemon] c:\program files\xerox\nwwia\XrxFTPLt.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: {799DE80C-ADB9-41C3-8026-7FAF905F1A7A} = 202.27.158.40 202.27.156.72
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\d2wlnfy9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\trend micro\trendsecure\tisprotoolbar\firefoxextension\components\FFTMUFEHelper.dll
FF - component: c:\program files\trend micro\trendsecure\tisprotoolbar\firefoxextension\components\FFToolbarComm.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-8-6 11264]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2009-8-28 38968]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-7-11 54760]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2009-8-28 178872]
R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda software\pavshld\PavPrSrv.exe [2009-8-28 63024]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-7-30 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-7-30 339984]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-7-12 50704]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-7-12 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-7-12 689416]
S2 exwklhtf;Image Windows;c:\windows\system32\svchost.exe -k netsvcs [2006-3-1 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-6 135664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

=============== Created Last 30 ================

2010-07-25 12:19:52   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2010-07-25 12:19:51   423656   ----a-w-   c:\windows\system32\deployJava1.dll
2010-07-21 23:43:54   0   d-s---w-   C:\ComboFix.exe13256C
2010-07-12 02:20:46   59920   ----a-w-   c:\windows\system32\drivers\tmactmon.sys
2010-07-12 02:20:46   50704   ----a-w-   c:\windows\system32\drivers\tmevtmgr.sys
2010-07-12 02:19:47   0   d-----w-   c:\docume~1\alluse~1\applic~1\Trend Micro
2010-07-12 02:17:19   0   d-----w-   c:\program files\Trend Micro
2010-07-10 20:49:33   0   d-----w-   c:\documents and settings\owner\Tracing
2010-07-10 19:34:19   0   d-----w-   c:\program files\Microsoft Office Outlook Connector
2010-07-10 19:33:48   54760   ----a-w-   c:\windows\system32\drivers\fssfltr_tdi.sys
2010-07-10 19:31:04   0   d-----w-   c:\program files\Microsoft
2010-07-10 19:30:47   0   d-----w-   c:\program files\Windows Live SkyDrive
2010-07-10 07:16:03   0   d-----w-   c:\program files\ESET
2010-07-10 04:08:59   0   d-----w-   C:\ComboFix.exe22928C
2010-07-10 03:38:26   6203745   ----a-w-   c:\windows\REGBK10.ZIP
2010-07-09 01:10:19   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-09 01:10:18   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-07-09 01:10:18   0   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-07-08 13:12:52   0   d-sha-r-   C:\cmdcons
2010-07-08 12:04:34   0   d-----w-   C:\ComboFix.exe
2010-07-05 11:06:38   0   ----a-w-   c:\windows\system32\MsiExec.lst
2010-07-05 11:06:37   0   ----a-w-   c:\windows\UNRecode.lst
2010-07-05 11:06:37   0   ----a-w-   c:\windows\UNNeroVision.lst
2010-07-05 11:06:37   0   ----a-w-   c:\windows\UNNeroShowTime.lst
2010-07-05 11:06:37   0   ----a-w-   c:\windows\UNNeroMediaHome.lst
2010-07-05 11:06:37   0   ----a-w-   c:\windows\UNNeroBackItUp.lst
2010-07-05 11:06:37   0   ----a-w-   c:\windows\uninst.lst
2010-07-05 11:06:37   0   ----a-w-   c:\windows\system32\rundll32.lst
2010-07-05 11:06:37   0   ----a-w-   c:\windows\system32\nvudisp.lst
2010-07-05 11:06:21   0   ----a-w-   c:\windows\system32\KmRemove.lst
2010-07-04 09:50:28   0   d-----w-   c:\windows\system32\URTTEMP
2010-06-30 06:27:49   92208   ----a-w-   c:\windows\system\WING.DLL
2010-06-30 06:27:49   6736   ----a-w-   c:\windows\system\WINGDIB.DRV
2010-06-30 06:27:49   5024   ----a-w-   c:\windows\system\WINGPAL.PAL
2010-06-30 06:27:49   27648   ----a-w-   c:\windows\system\WAVMIX16.DLL
2010-06-30 06:27:49   2552   ----a-w-   c:\windows\WAVEMIX.INI
2010-06-30 06:27:49   188960   ----a-w-   c:\windows\system\WINGDE.DLL
2010-06-30 06:27:49   1285   ----a-w-   c:\windows\MSBSOLAR.INI
2010-06-30 06:27:49   12800   ----a-w-   c:\windows\system\WING32.DLL
2010-06-26 07:05:01   3255   ----a-w-   c:\windows\system32\wbem\Outlook_01cb14fde4e507cc.mof

==================== Find3M  ====================

2010-07-10 11:55:51   178   ----a-w-   c:\program files\threatfoundlist.txt
2010-05-29 06:35:51   196608   -c--a-w-   c:\windows\system32\drivers\nStandard.bin
2010-05-02 05:22:50   1851264   ----a-w-   c:\windows\system32\win32k.sys
2010-04-03 12:49:26   3520550   -c--a-w-   c:\program files\coreftplite.exe
2010-03-29 07:37:37   15331909   -c--a-w-   c:\program files\AVSVideoEditor.exe.part
2010-03-07 03:24:01   1666   -c--a-w-   c:\program files\SOUNDMAXINTEGRATEDDIGITALHDAUDIO6.10.1.6585f40fd54c64fbb86b9f465bee20651a0a.dmx-info
2010-03-07 02:50:39   3874552   -c--a-w-   c:\program files\drivermax.exe
2010-03-04 10:42:28   1146184   -c--a-w-   c:\program files\wlsetup-web.exe
2010-01-07 09:44:55   32768   -csha-w-   c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2010-01-07 09:44:35   32768   -csha-w-   c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010010720100108\index.dat

============= FINISH:  0:28:07.09 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/08/2007 2:51:01 p.m.
System Uptime: 25/07/2010 4:03:43 p.m. (8 hours ago)

Motherboard: ASUSTeK Computer INC. |  | P5VD2-MX
Processor: Genuine Intel(R) CPU            2140  @ 1.60GHz | Socket 775 | 1599/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 51.36 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 149 GiB total, 148.919 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA GeForce 8500 GT
Device ID: PCI\VEN_10DE&DEV_0421&SUBSYS_824F1043&REV_A1\4&204B8D4B&0&0010
Manufacturer: NVIDIA
Name: NVIDIA GeForce 8500 GT
PNP Device ID: PCI\VEN_10DE&DEV_0421&SUBSYS_824F1043&REV_A1\4&204B8D4B&0&0010
Service: nv

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA Rhine II Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_086C1043&REV_7C\3&2411E6FE&0&90
Manufacturer: VIA Technologies, Inc.
Name: VIA Rhine II Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_086C1043&REV_7C\3&2411E6FE&0&90
Service: FETND5BV

Class GUID: {6BDD1FC5-810F-11D0-BEC7-08002BE2092F}
Description: Serial Cable using IrDA Protocol
Device ID: ROOT\UNKNOWN\0001
Manufacturer: (Standard Infrared Port)
Name: Serial Cable using IrDA Protocol #2
PNP Device ID: ROOT\UNKNOWN\0001
Service: irsir

Class GUID: {6BDD1FC5-810F-11D0-BEC7-08002BE2092F}
Description: Serial Cable using IrDA Protocol
Device ID: ROOT\UNKNOWN\0002
Manufacturer: (Standard Infrared Port)
Name: Serial Cable using IrDA Protocol #3
PNP Device ID: ROOT\UNKNOWN\0002
Service: irsir

==== System Restore Points ===================

RP6: 27/04/2010 4:31:02 p.m. - System Checkpoint
RP7: 29/04/2010 10:02:26 p.m. - System Checkpoint
RP8: 30/04/2010 11:55:33 p.m. - System Checkpoint
RP9: 2/05/2010 11:35:23 a.m. - System Checkpoint
RP10: 7/05/2010 7:49:46 p.m. - System Checkpoint
RP11: 10/05/2010 5:46:37 p.m. - System Checkpoint
RP12: 12/05/2010 3:49:24 p.m. - System Checkpoint
RP13: 13/05/2010 7:47:03 p.m. - System Checkpoint
RP14: 14/05/2010 8:05:30 p.m. - System Checkpoint
RP15: 16/05/2010 9:26:09 a.m. - System Checkpoint
RP16: 20/05/2010 11:05:14 a.m. - System Checkpoint
RP17: 21/05/2010 7:52:19 p.m. - System Checkpoint
RP18: 23/05/2010 12:56:21 p.m. - System Checkpoint
RP19: 25/05/2010 6:33:13 p.m. - Configured ASUS GamerOSD AP
RP20: 26/05/2010 7:33:40 p.m. - System Checkpoint
RP21: 27/05/2010 7:57:39 p.m. - System Checkpoint
RP22: 29/05/2010 3:06:49 p.m. - System Checkpoint
RP23: 30/05/2010 3:36:13 p.m. - System Checkpoint
RP24: 31/05/2010 4:22:17 p.m. - System Checkpoint
RP25: 2/06/2010 11:28:21 a.m. - System Checkpoint
RP26: 3/06/2010 2:56:19 p.m. - System Checkpoint
RP27: 4/06/2010 5:23:00 p.m. - System Checkpoint
RP28: 5/06/2010 6:44:12 p.m. - System Checkpoint
RP29: 6/06/2010 3:51:38 p.m. - Installed SPYWAREfighter
RP30: 6/06/2010 10:47:28 p.m. - Removed SPYWAREfighter
RP31: 7/06/2010 12:19:23 a.m. - ErrorWiz Restore point
RP32: 8/06/2010 9:12:33 p.m. - Restore Operation
RP33: 8/06/2010 9:26:38 p.m. - ErrorWiz Restore point
RP34: 8/06/2010 9:41:05 p.m. - Software Distribution Service 3.0
RP35: 9/06/2010 11:18:09 p.m. - System Checkpoint
RP36: 10/06/2010 11:25:57 p.m. - System Checkpoint
RP37: 11/06/2010 12:35:19 a.m. - PC Health Advisor Restore Point
RP38: 12/06/2010 11:58:18 a.m. - System Checkpoint
RP39: 13/06/2010 7:30:37 p.m. - System Checkpoint
RP40: 14/06/2010 7:36:58 p.m. - System Checkpoint
RP41: 16/06/2010 12:15:18 p.m. - System Checkpoint
RP42: 17/06/2010 1:03:23 p.m. - System Checkpoint
RP43: 18/06/2010 2:00:25 p.m. - System Checkpoint
RP44: 19/06/2010 6:37:32 p.m. - System Checkpoint
RP45: 24/06/2010 12:28:39 p.m. - System Checkpoint
RP46: 25/06/2010 2:59:26 p.m. - System Checkpoint
RP47: 26/06/2010 8:07:33 p.m. - System Checkpoint
RP48: 29/06/2010 10:16:15 p.m. - System Checkpoint
RP49: 1/07/2010 8:29:55 p.m. - System Checkpoint
RP50: 3/07/2010 9:10:21 p.m. - System Checkpoint
RP51: 5/07/2010 3:20:41 p.m. - System Checkpoint
RP52: 5/07/2010 11:06:04 p.m. - Installed ExpertScan plug-in 1.0.18
RP53: 7/07/2010 11:57:32 a.m. - System Checkpoint
RP54: 8/07/2010 9:05:02 p.m. - System Checkpoint
RP55: 10/07/2010 3:42:21 p.m. - Removed Ask Toolbar.
RP56: 11/07/2010 7:32:23 a.m. - Installed Windows XP KB954708.
RP57: 11/07/2010 7:32:34 a.m. - Installed DirectX
RP58: 11/07/2010 10:29:03 a.m. - Software Distribution Service 3.0
RP59: 11/07/2010 9:23:53 p.m. - Software Distribution Service 3.0
RP60: 12/07/2010 2:17:16 p.m. - Installed Trend Micro Internet Security
RP61: 12/07/2010 10:56:32 p.m. - Software Distribution Service 3.0
RP62: 14/07/2010 7:30:08 p.m. - Software Distribution Service 3.0
RP63: 14/07/2010 8:29:31 p.m. - Restore point created by Trend Mico [0x00001101]
RP64: 14/07/2010 8:32:03 p.m. - Restore point created by Trend Mico [0x00001101]
RP65: 14/07/2010 11:38:16 p.m. - Software Distribution Service 3.0
RP66: 16/07/2010 5:18:58 p.m. - System Checkpoint
RP67: 16/07/2010 10:46:08 p.m. - Software Distribution Service 3.0
RP68: 17/07/2010 11:09:27 a.m. - Software Distribution Service 3.0
RP69: 18/07/2010 11:19:18 a.m. - System Checkpoint
RP70: 18/07/2010 7:59:30 p.m. - Software Distribution Service 3.0
RP71: 20/07/2010 4:33:58 p.m. - System Checkpoint
RP72: 21/07/2010 5:50:55 p.m. - System Checkpoint
RP73: 21/07/2010 11:31:17 p.m. - Software Distribution Service 3.0
RP74: 23/07/2010 9:52:10 a.m. - System Checkpoint
RP75: 24/07/2010 4:59:01 p.m. - System Checkpoint
RP76: 25/07/2010 1:22:28 p.m. - Removed Java(TM) 6 Update 17
RP77: 25/07/2010 1:23:08 p.m. - Removed Java(TM) 6 Update 4
RP78: 25/07/2010 1:24:04 p.m. - Removed Java(TM) 6 Update 5
RP79: 25/07/2010 1:25:33 p.m. - Removed Java(TM) 6 Update 7
RP80: 26/07/2010 12:19:09 a.m. - Installed Java(TM) 6 Update 21

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.3
Adobe Shockwave Player 11
ASUS Gamer OSD
ASUS nVidia Driver
ASUSDVD
Classic PhoneTools
Core FTP LE 2.1
D-Link DSL-302G USB Driver
EPSON Attach To Email
EPSON Easy Photo Print
EPSON File Manager
EPSON Print CD
EPSON Scan Assistant
EPSON Web-To-Page
ESET Online Scanner v3
ESPR230 User's Guide
ExpertScan plug-in 1.0.18
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InterActual Player
Java Auto Updater
Java(TM) 6 Update 21
JMB36X Raid Configurer
Junk Mail filter update
KeyMaestro Input Device Driver V2.1.1-126A6 MUL
LightScribe  1.4.124.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Plus! for Kids
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.6.7)
MSN
MSN Encarta Right-Click Dictionary
MSVCRT
Nero 7 Essentials
NVIDIA Drivers
OpenOffice.org Installer 1.0
PIF DESIGNER
Platform
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
Sound Blaster AWE64
SoundMAX
Straighthold Trader 4.00
Trend Micro Internet Security Pro
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
XviD MPEG-4 Video Codec
yWriter2

==== Event Viewer Messages From Past Week ========

25/07/2010 1:31:04 a.m., error: Service Control Manager [7023]  - The Image Windows service terminated with the following error:  The specified module could not be found.
25/07/2010 1:31:04 a.m., error: Service Control Manager [7023]  - The HID Input Service service terminated with the following error:  The system cannot find the file specified.
25/07/2010 1:22:38 p.m., error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
21/07/2010 11:52:51 p.m., error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8024002d: Office XP Service Pack 3.
20/07/2010 4:06:53 p.m., error: PlugPlayManager [12]  - The device 'hp deskjet 960c' (LPTENUM\HEWLETT-PACKARDDESKJET_960C\4&35fb2ad7&0&LPT1.4) disappeared from the system without first being prepared for removal.

==== End Of File ===========================

Ok here it is
Deb

Corrine

#18
July 25, 2010, 06:55:06 PM
Hi, Deb.

I'm wondering what was done on July 5 to change file extensions from .exe to .lst:

c:\windows\system32\MsiExec.lst
c:\windows\UNRecode.lst
c:\windows\UNNeroVision.lst
c:\windows\UNNeroShowTime.lst
c:\windows\UNNeroMediaHome.lst
c:\windows\UNNeroBackItUp.lst
c:\windows\uninst.lst
c:\windows\system32\rundll32.lst
c:\windows\system32\nvudisp.lst
c:\windows\system32\KmRemove.lst

You also have C:\ComboFix.exe, C:\ComboFix.exe13256C, and C:\ComboFix.exe22928C showing in your log. 

Please go here to run an on-line scan from ESET.
  • Note: It is easiest if you use Internet explorer for this scan.  (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Deb

#19
July 26, 2010, 05:27:25 AM
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=bd2c7e1e22bb5042a018b754ce1dbba6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-10 11:53:24
# local_time=2010-07-10 11:53:24 (+1200, New Zealand Standard Time)
# country="New Zealand"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=68555
# found=1
# cleaned=1
# scan_time=2267
C:\System Volume Information\_restore{24ECAB32-E39B-4E0A-A332-0A948B9D6334}\RP54\A0111992.exe   a variant of Win32/Adware.ErrorClean application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=bd2c7e1e22bb5042a018b754ce1dbba6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-26 05:15:18
# local_time=2010-07-26 05:15:18 (+1200, New Zealand Standard Time)
# country="New Zealand"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=516 16773797 100 100 0 31249617 0 0
# compatibility_mode=8192 67108863 100 0 540668 540668 0 0
# scanned=72820
# found=0
# cleaned=0
# scan_time=2888

Corrine

#20
July 26, 2010, 02:11:24 PM
Hi, Deb.

How is the computer working now?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Deb

#21
July 27, 2010, 03:01:48 AM
Hi
yes it is working ok,still slow but I feel its the updates down loading that is causing this Trend Micro also updates so I have worked out what was making it take forever. Otherwise all the issues I started with seem to have been fixed
Thank you
Deb

Corrine

#22
July 27, 2010, 03:06:17 PM
Thank you for getting back to us, Deb.  Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.


Having a firewall, anti-virus and anti-malware software are not enough.  You also need to stay current with security updates.  If you don't have your computer set to automatically install the Microsoft Security Updates, please check for updates now.  For additional information, see my blog post Understanding Microsoft Updates

To check if your system is missing security updates or has insecure applications installed, visit http://secunia.com/software_inspector/ .  The Secunia Software Inspector runs through your browser with no installation or download required and does the following:

  • Detects insecure versions of applications installed
  • Verifies that all Microsoft patches are applied
  • Assists you in updating your system and applications
Install and update SpywareBlaster to prevent the installation of spyware and other potentially unwanted software: http://www.javacoolsoftware.com/spywareblaster.html

My favorite security software is WinPatrol which includes the features described at http://www.winpatrol.com/features.html



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Deb

#23
July 28, 2010, 07:52:37 AM
Hi, coming back with cant find combofix also now have fax kicking in when receiving incoming phone calls but I dont have fax not used this in years dont know why its doing this just seems to have started two days back
Thanks
Deb

Corrine

#24
July 29, 2010, 06:28:57 PM
Hi, Deb.

Please manually locate and delete the following:  C:\ComboFix.exe, C:\ComboFix.exe13256C, and C:\ComboFix.exe22928C

Next, let's take a fresh look with an updated ComboFix.  Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

Now, please run ComboFix:

  • Note:  If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click "Yes" to continue scanning for malware.

  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Print
Go Up Pages 1 2
User actions