Google redirect virus

Microsoft / Silverlight
November 8, 2009 at 08:27:04
Specs: Windows Vista, 2 gbt
Can't seem to get rid of the Google redirect virus - Spyware Doctor & Malawarebytes don't find any virus, even with a full scan yet I still get redirected, Its IE & Vista, Any new ideas please

See More: Google redirect virus

Report •


#1
November 8, 2009 at 08:40:38
Please save this file to your desktop.

Win32kDiag.exe

Please double click on the Win32kDiag file and post the log it produces. This log might be quite lengthy and may take more than one post to get all of it posted.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized.

Please post the contents of both logs (in separate post) in your next reply.


Report •

#2
November 8, 2009 at 09:24:03
I ran Win32kDiag.exe & got this response

Running from: C:\Users\John\Downloads\Win32kDiag.exe

Log file at : C:\Users\John\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...

Cannot access: C:\Windows\System32\drivers\etc\Hosts.bak

[1] 2008-08-28 14:19:39 262111 C:\Windows\System32\drivers\etc\Hosts.bak ()


I did run as system administrator


Report •

#3
November 8, 2009 at 10:00:13
And the rsit.exe report?

Report •

Related Solutions

#4
November 8, 2009 at 12:39:59
Logfile of random's system information tool 1.06 (written by random/random)
Run by John at 2009-11-08 20:08:26
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 248 GB (84%) free of 297 GB
Total RAM: 2047 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:09:07, on 08/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Thomson\ST330\service\st330service.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\msinfo32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
C:\Program Files\RegCure\RegCure.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NortonAntiBot.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\JD Design\Space Patrol\SPMonitor.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Windows\system32\lxczcoms.exe
C:\Windows\system32\lxdicoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
C:\Windows\System32\TUProgSt.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABMonitor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBSRPAZ4\RSIT[1].exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\John.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<<
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P0.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P0.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - (no file)
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P0.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [NortonAntiBot] "C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: Space Patrol Disk Monitor.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - (no file)
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.hsboys.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.oldermansex.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite...
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PC...
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (Egg Money Manager Digital Safe) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/get...
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/opti...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C40DB28C-08A7-44E6-A538-FFC59A968045}: NameServer = 193.36.79.100 80.10.246.1
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: SymantecAntiBotAgent - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 16217 bytes

======Scheduled tasks folder======

C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job
C:\Windows\tasks\ParetoLogic Privacy Controls_{665F927C-E4E2-11DD-BFAD-9DB7B32AC4CE}.job
C:\Windows\tasks\ParetoLogic Registration.job
C:\Windows\tasks\ParetoLogic Update Version2.job
C:\Windows\tasks\RegCure Program Check.job
C:\Windows\tasks\RegCure Startup.job
C:\Windows\tasks\RegCure.job
C:\Windows\tasks\User_Feed_Synchronization-{964D7B24-97CA-4CB9-B9F0-457EB64E67EC}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
P2P Energy Toolbar - C:\Program Files\P2P_Energy\tbP2P0.dll [2009-08-02 2215960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-10-24 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-22 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-10-05 203536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-28 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2bae58c2-79f9-45d1-a286-81f911301c3a} - P2P Energy Toolbar - C:\Program Files\P2P_Energy\tbP2P0.dll [2009-08-02 2215960]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-10-05 203536]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-08-24 1181064]
"NortonAntiBot"=C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe [2008-09-08 1378840]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-09-17 645328]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2008-01-10 92704]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-01-10 8530464]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-01-10 88608]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-10-24 198160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-19 68856]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Space Patrol Disk Monitor.lnk - C:\Windows\Installer\{886A3753-BB6F-4499-8B81-BB20ADF136A3}\_CC6B04725BA35417BA63B6.exe

C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote Table Of Contents.onetoc2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-11-08 20:08:27 ----D---- C:\Program Files\trend micro
2009-11-08 20:08:26 ----D---- C:\rsit
2009-11-06 11:44:14 ----D---- C:\!KillBox
2009-11-04 19:51:37 ----A---- C:\Windows\system32\mshtml.dll
2009-11-01 11:10:13 ----A---- C:\Windows\RegGenie.ini
2009-11-01 10:47:29 ----A---- C:\Windows\RegGenieOnUninstall.exe
2009-11-01 10:47:26 ----D---- C:\Program Files\RegGenie
2009-10-31 12:14:18 ----A---- C:\Windows\system32\TURegOpt.exe
2009-10-31 12:13:17 ----D---- C:\Program Files\TuneUp Utilities 2010
2009-10-31 12:12:36 ----SHD---- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-10-31 11:24:31 ----D---- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2009-10-31 00:05:28 ----A---- C:\Windows\system32\wmp.dll
2009-10-31 00:05:22 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-31 00:05:14 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-30 23:21:53 ----HD---- C:\Windows\msdownld.tmp
2009-10-30 23:21:12 ----D---- C:\Program Files\Orange
2009-10-29 08:06:56 ----A---- C:\Windows\system32\WindowsCodecs(683).dll
2009-10-29 08:04:40 ----A---- C:\Windows\system32\oleaccrc(653).dll
2009-10-29 08:04:38 ----A---- C:\Windows\system32\oleacc(652).dll
2009-10-28 16:20:08 ----D---- C:\Windows\system32\rddrv_9034752
2009-10-28 16:20:07 ----A---- C:\Windows\system32\RDAccess.dll
2009-10-28 16:19:46 ----A---- C:\Windows\system32\EEGenFn1.dll
2009-10-28 16:19:44 ----A---- C:\Windows\system32\eetransx.exe
2009-10-28 16:19:44 ----A---- C:\Windows\system32\Eeshellx.dll
2009-10-28 16:19:34 ----D---- C:\Program Files\Evidence Eliminator
2009-10-28 11:59:23 ----A---- C:\Windows\system32\javaws.exe
2009-10-28 11:59:23 ----A---- C:\Windows\system32\javaw.exe
2009-10-28 11:59:23 ----A---- C:\Windows\system32\deploytk.dll
2009-10-28 11:59:22 ----A---- C:\Windows\system32\java.exe
2009-10-24 14:00:31 ----D---- C:\ProgramData\Real
2009-10-23 19:57:44 ----D---- C:\Users\John\AppData\Roaming\VistaCodecs
2009-10-23 19:57:39 ----D---- C:\Program Files\VistaCodecPack
2009-10-23 07:22:53 ----D---- C:\ProgramData\VistaCodecs
2009-10-22 07:59:23 ----D---- C:\Program Files\Alwil Software
2009-10-20 16:52:22 ----D---- C:\Program Files\3ivx
2009-10-20 14:07:05 ----A---- C:\Windows\system32\wups2.dll
2009-10-20 14:07:05 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-20 14:07:04 ----A---- C:\Windows\system32\wucltux.dll
2009-10-20 14:05:18 ----A---- C:\Windows\system32\wups.dll
2009-10-20 14:05:18 ----A---- C:\Windows\system32\wudriver.dll
2009-10-20 14:05:17 ----A---- C:\Windows\system32\wuapi.dll
2009-10-20 14:04:31 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-20 14:04:31 ----A---- C:\Windows\system32\wuapp.exe
2009-10-20 08:52:48 ----D---- C:\ProgramData\LogiShrd
2009-10-20 08:52:43 ----D---- C:\Users\John\AppData\Roaming\Logitech
2009-10-20 08:49:33 ----D---- C:\ProgramData\Logitech
2009-10-20 08:49:27 ----D---- C:\Program Files\Common Files\Logishrd
2009-10-20 08:49:25 ----D---- C:\Program Files\Logitech
2009-10-20 06:33:26 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-20 06:33:26 ----A---- C:\Windows\system32\wuaueng(738).dll
2009-10-17 13:42:12 ----A---- C:\Windows\system32\unrar.dll
2009-10-17 13:25:35 ----D---- C:\Users\John\AppData\Roaming\Media Player Classic
2009-10-16 11:03:36 ----A---- C:\Windows\system32\MPFServiceFailureCount.txt
2009-10-14 08:10:19 ----A---- C:\Windows\system32\iertutil.dll
2009-10-14 08:10:19 ----A---- C:\Windows\system32\ieframe.dll
2009-10-14 08:10:18 ----A---- C:\Windows\system32\wininet.dll
2009-10-14 08:10:18 ----A---- C:\Windows\system32\urlmon.dll
2009-10-14 08:10:17 ----A---- C:\Windows\system32\occache.dll
2009-10-14 08:10:17 ----A---- C:\Windows\system32\msfeeds.dll
2009-10-14 08:10:17 ----A---- C:\Windows\system32\iedkcs32.dll
2009-10-14 08:10:14 ----A---- C:\Windows\system32\ieui.dll
2009-10-14 08:10:13 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-10-14 08:10:13 ----A---- C:\Windows\system32\ieUnatt.exe
2009-10-14 08:10:13 ----A---- C:\Windows\system32\iepeers.dll
2009-10-14 08:10:12 ----A---- C:\Windows\system32\jsproxy.dll
2009-10-14 08:10:12 ----A---- C:\Windows\system32\iesysprep.dll
2009-10-14 08:10:11 ----A---- C:\Windows\system32\msfeedssync.exe
2009-10-14 08:10:11 ----A---- C:\Windows\system32\ie4uinit.exe
2009-10-14 08:10:10 ----A---- C:\Windows\system32\iesetup.dll
2009-10-14 08:10:10 ----A---- C:\Windows\system32\iernonce.dll
2009-10-14 07:50:28 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-14 07:50:20 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-14 07:50:19 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-14 07:26:50 ----A---- C:\Windows\system32\msasn1.dll
2009-10-14 07:21:58 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-13 09:36:04 ----A---- C:\Windows\system32\VSFilter.dll


Report •

#5
November 8, 2009 at 12:44:19
2nd part of logfile

===List of files/folders modified in the last 1 months======

2009-11-08 20:09:08 ----D---- C:\Windows\Temp
2009-11-08 20:08:53 ----D---- C:\Windows\Prefetch
2009-11-08 20:08:27 ----RD---- C:\Program Files
2009-11-08 20:06:53 ----D---- C:\Windows\inf
2009-11-08 20:05:08 ----AD---- C:\ProgramData\TEMP
2009-11-08 20:04:35 ----D---- C:\Windows\system32\drivers
2009-11-08 18:35:24 ----SHD---- C:\System Volume Information
2009-11-08 18:29:43 ----D---- C:\Windows\system32\Tasks
2009-11-08 18:12:56 ----D---- C:\Windows\tracing
2009-11-08 17:44:10 ----D---- C:\Program Files\AVS4YOU
2009-11-08 17:43:46 ----D---- C:\Program Files\Common Files\AVSMedia
2009-11-08 16:17:33 ----SHD---- C:\Windows\Installer
2009-11-08 16:15:45 ----D---- C:\Windows\system32\catroot2
2009-11-08 15:59:39 ----A---- C:\Windows\NeroDigital.ini
2009-11-08 14:36:31 ----SHD---- C:\$Recycle.Bin
2009-11-08 14:18:40 ----D---- C:\Users\John\AppData\Roaming\LimeWire
2009-11-06 22:55:41 ----AD---- C:\Windows\System32
2009-11-06 20:54:48 ----D---- C:\Program Files\Spyware Doctor
2009-11-06 20:47:03 ----D---- C:\WINDOWS
2009-11-06 15:12:49 ----D---- C:\Users\John\AppData\Roaming\Any DVD Converter Professional
2009-11-06 13:05:42 ----D---- C:\Windows\system32\wbem
2009-11-06 13:03:42 ----D---- C:\Windows\winsxs
2009-11-06 13:03:42 ----D---- C:\Windows\Tasks
2009-11-06 13:03:42 ----D---- C:\Windows\system32\spool
2009-11-06 13:03:38 ----D---- C:\Users\John\AppData\Roaming\Winamp
2009-11-06 13:03:37 ----D---- C:\Windows\registration
2009-11-06 13:03:37 ----D---- C:\Program Files\Any DVD Converter Professional
2009-11-05 08:14:10 ----D---- C:\Program Files\McAfee
2009-11-04 19:47:29 ----D---- C:\Windows\system32\catroot
2009-11-02 07:49:20 ----ASH---- C:\Program Files\desktop.ini
2009-11-01 22:27:05 ----SD---- C:\Windows\Downloaded Program Files
2009-11-01 10:47:34 ----RSD---- C:\Windows\Fonts
2009-10-31 12:21:34 ----D---- C:\Program Files\Mozilla Firefox
2009-10-31 12:14:35 ----D---- C:\Program Files\Windows Sidebar
2009-10-31 12:12:41 ----D---- C:\ProgramData\TuneUp Software
2009-10-31 12:12:36 ----HD---- C:\ProgramData
2009-10-31 07:23:45 ----D---- C:\Windows\rescache
2009-10-31 06:56:33 ----D---- C:\Windows\system32\en-US
2009-10-31 06:56:32 ----D---- C:\Program Files\Windows Media Player
2009-10-30 23:33:03 ----D---- C:\Windows\system32\config
2009-10-30 23:32:30 ----D---- C:\Windows\system32\Msdtc
2009-10-30 23:32:30 ----D---- C:\Windows\system32\CodeIntegrity
2009-10-30 23:32:22 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-10-30 23:32:22 ----D---- C:\Program Files\Common Files\Adobe
2009-10-30 23:21:53 ----D---- C:\Program Files\Internet Explorer
2009-10-30 15:01:12 ----A---- C:\Windows\system32\authuitu.dll
2009-10-30 15:01:00 ----A---- C:\Windows\system32\uxtuneup.dll
2009-10-29 11:54:09 ----D---- C:\ProgramData\Adobe
2009-10-29 08:42:54 ----D---- C:\Windows\system32\uk-UA
2009-10-29 08:42:54 ----D---- C:\Windows\system32\sl-SI
2009-10-29 08:42:54 ----D---- C:\Windows\system32\pt-PT
2009-10-29 08:42:54 ----D---- C:\Windows\system32\pt-BR
2009-10-29 08:42:54 ----D---- C:\Windows\system32\pl-PL
2009-10-29 08:42:54 ----D---- C:\Windows\system32\ko-KR
2009-10-29 08:42:54 ----D---- C:\Windows\system32\it-IT
2009-10-29 08:42:54 ----D---- C:\Windows\system32\hu-HU
2009-10-29 08:42:54 ----D---- C:\Windows\system32\hr-HR
2009-10-29 08:42:54 ----D---- C:\Windows\system32\he-IL
2009-10-29 08:42:54 ----D---- C:\Windows\system32\bg-BG
2009-10-29 08:42:53 ----D---- C:\Windows\system32\zh-HK
2009-10-29 08:42:53 ----D---- C:\Windows\system32\tr-TR
2009-10-29 08:42:53 ----D---- C:\Windows\system32\th-TH
2009-10-29 08:42:53 ----D---- C:\Windows\system32\sr-Latn-CS
2009-10-29 08:42:53 ----D---- C:\Windows\system32\nl-NL
2009-10-29 08:42:53 ----D---- C:\Windows\system32\fr-FR
2009-10-29 08:42:53 ----D---- C:\Windows\system32\fi-FI
2009-10-29 08:42:53 ----D---- C:\Windows\system32\el-GR
2009-10-29 08:42:52 ----D---- C:\Windows\system32\zh-TW
2009-10-29 08:42:52 ----D---- C:\Windows\system32\sv-SE
2009-10-29 08:42:52 ----D---- C:\Windows\system32\lv-LV
2009-10-29 08:42:52 ----D---- C:\Windows\system32\lt-LT
2009-10-29 08:42:52 ----D---- C:\Windows\system32\es-ES
2009-10-29 08:42:51 ----D---- C:\Windows\system32\zh-CN
2009-10-29 08:42:51 ----D---- C:\Windows\system32\sk-SK
2009-10-29 08:42:51 ----D---- C:\Windows\system32\ja-JP
2009-10-29 08:42:51 ----D---- C:\Windows\system32\et-EE
2009-10-29 08:42:51 ----D---- C:\Windows\system32\de-DE
2009-10-29 08:42:51 ----D---- C:\Windows\system32\cs-CZ
2009-10-29 08:42:51 ----D---- C:\Windows\system32\ar-SA
2009-10-29 08:42:50 ----D---- C:\Windows\system32\ru-RU
2009-10-29 08:42:50 ----D---- C:\Windows\system32\ro-RO
2009-10-29 08:42:50 ----D---- C:\Windows\system32\nb-NO
2009-10-29 08:42:50 ----D---- C:\Windows\system32\da-DK
2009-10-28 13:01:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-28 11:58:19 ----D---- C:\Program Files\Java
2009-10-24 14:02:07 ----D---- C:\Program Files\Common Files\Real
2009-10-24 14:02:02 ----A---- C:\Windows\system32\rmoc3260.dll
2009-10-24 14:01:34 ----A---- C:\Windows\system32\pndx5032.dll
2009-10-24 14:01:33 ----A---- C:\Windows\system32\pndx5016.dll
2009-10-24 14:01:21 ----D---- C:\Users\John\AppData\Roaming\Real
2009-10-24 14:00:49 ----A---- C:\Windows\system32\pncrt.dll
2009-10-23 19:31:13 ----D---- C:\Users\John\AppData\Roaming\AVS4YOU
2009-10-23 11:46:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-23 10:16:38 ----D---- C:\Windows\system
2009-10-22 08:12:56 ----D---- C:\Program Files\Your Uninstaller 2008
2009-10-22 07:51:45 ----D---- C:\Users\John\AppData\Roaming\Vso
2009-10-22 07:51:44 ----A---- C:\Users\John\AppData\Roaming\inst.exe
2009-10-21 16:41:36 ----D---- C:\Windows\Debug
2009-10-21 06:57:47 ----D---- C:\Program Files\RegCure
2009-10-20 13:50:18 ----D---- C:\Program Files\Intel
2009-10-20 13:50:18 ----D---- C:\Program Files\DivX
2009-10-20 13:50:18 ----D---- C:\Program Files\Common Files\DivX Shared
2009-10-20 13:17:21 ----D---- C:\ProgramData\NVIDIA
2009-10-20 13:16:42 ----D---- C:\ProgramData\NOS
2009-10-20 08:49:29 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-20 08:49:27 ----D---- C:\Program Files\Common Files
2009-10-20 08:22:44 ----D---- C:\NVIDIA
2009-10-18 20:43:35 ----D---- C:\Program Files\Privacy Guardian
2009-10-18 14:44:30 ----D---- C:\Program Files\K-Lite Codec Pack
2009-10-18 13:37:29 ----D---- C:\Windows\Minidump
2009-10-17 18:26:14 ----A---- C:\Windows\ErrRegDoc.txt
2009-10-17 13:40:21 ----D---- C:\Users\John\AppData\Roaming\DivX
2009-10-15 14:07:17 ----A---- C:\Windows\vuepro32.ini
2009-10-15 08:46:32 ----D---- C:\Windows\Microsoft.NET
2009-10-15 08:46:02 ----RSD---- C:\Windows\assembly
2009-10-15 07:34:30 ----D---- C:\Windows\ehome
2009-10-15 07:34:30 ----D---- C:\Program Files\Windows Mail
2009-10-15 07:34:28 ----D---- C:\Windows\system32\migration
2009-10-15 07:23:02 ----D---- C:\ProgramData\Microsoft Help
2009-10-15 07:17:18 ----D---- C:\Program Files\Microsoft Works
2009-10-13 19:57:17 ----A---- C:\Windows\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\elrawdsk.sys [2007-03-22 20560]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424]
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\System32\drivers\pctgntdi.sys [2008-12-11 159600]
R2 BCMNTIO;BCMNTIO; \??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 3744]
R2 MAPMEM;MAPMEM; \??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 3904]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-14 218752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-11 2324512]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-09-16 40552]
R3 NCHSSVAD;SoundTap Recorder; C:\Windows\system32\drivers\nchssvad.sys [2009-08-29 27136]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-01-10 8237120]
R3 pctplsg;pctplsg; \??\C:\WINDOWS\System32\drivers\pctplsg.sys [2008-12-10 64392]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-04-08 64000]
R3 ST330;ST330; C:\Windows\system32\drivers\st330.sys [2008-06-12 30464]
R3 STBUS;STBUS; C:\Windows\system32\drivers\stbus.sys [2008-06-12 12672]
R3 stppp;Speedtouch PPP Adapter Adapter; C:\Windows\system32\DRIVERS\stppp.sys [2008-06-12 35328]
R3 SymantecAntiBotDriver;SymantecAntiBotDriver; \??\C:\Program Files\Symantec\Norton AntiBot\agent\driver\platform_VISTA\AntiBotDriver.sys [2008-09-08 161304]
R3 SymantecAntiBotFilter;SymantecAntiBotFilter; \??\C:\Program Files\Symantec\Norton AntiBot\agent\driver\platform_VISTA\AntiBotFilter.sys [2008-09-08 29720]
R3 SymantecAntiBotShim;SymantecAntiBotShim; \??\C:\Program Files\Symantec\Norton AntiBot\agent\driver\platform_VISTA\AntiBotShim.sys [2008-09-08 29152]
R3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [2009-04-20 33056]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-09-26 47360]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WipeFile;WipeFile; C:\Windows\system32\DRIVERS\WipeFile.sys [2007-03-03 57472]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2008-04-04 1123608]
R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-18 168432]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2008-05-07 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe [2008-01-29 583048]
R2 lxcz_device;lxcz_device; C:\Windows\system32\lxczcoms.exe [2007-04-19 537520]
R2 lxdi_device;lxdi_device; C:\Windows\system32\lxdicoms.exe [2007-06-11 517040]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-10-19 92296]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-09-15 894136]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-01-15 207392]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-08-24 1097096]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 st330service;SpeedTouch 330 Manager; C:\Program Files/Thomson/ST330/service/st330service.exe [2008-06-12 581632]
R2 SymantecAntiBotAgent;SymantecAntiBotAgent; C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe [2008-09-08 4910104]
R2 SymantecAntiBotWatcher;SymantecAntiBotWatcher; C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe [2008-09-08 539160]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-06-22 603904]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
R3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2009-04-20 70944]
S2 IntelDHSvcConf;Intel DH Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
S3 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-09-11 188416]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-09-11 75264]
S3 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-09-01 26624]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112]
S3 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-09-11 167936]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-09-11 544256]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-03-26 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-03-09 74656]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [2008-01-29 394704]
S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2009-10-31 435016]

-----------------EOF-----------------


Report •

#6
November 8, 2009 at 12:46:35
Info log file

===List of files/folders modified in the last 1 months======

2009-11-08 20:09:08 ----D---- C:\Windows\Temp
2009-11-08 20:08:53 ----D---- C:\Windows\Prefetch
2009-11-08 20:08:27 ----RD---- C:\Program Files
2009-11-08 20:06:53 ----D---- C:\Windows\inf
2009-11-08 20:05:08 ----AD---- C:\ProgramData\TEMP
2009-11-08 20:04:35 ----D---- C:\Windows\system32\drivers
2009-11-08 18:35:24 ----SHD---- C:\System Volume Information
2009-11-08 18:29:43 ----D---- C:\Windows\system32\Tasks
2009-11-08 18:12:56 ----D---- C:\Windows\tracing
2009-11-08 17:44:10 ----D---- C:\Program Files\AVS4YOU
2009-11-08 17:43:46 ----D---- C:\Program Files\Common Files\AVSMedia
2009-11-08 16:17:33 ----SHD---- C:\Windows\Installer
2009-11-08 16:15:45 ----D---- C:\Windows\system32\catroot2
2009-11-08 15:59:39 ----A---- C:\Windows\NeroDigital.ini
2009-11-08 14:36:31 ----SHD---- C:\$Recycle.Bin
2009-11-08 14:18:40 ----D---- C:\Users\John\AppData\Roaming\LimeWire
2009-11-06 22:55:41 ----AD---- C:\Windows\System32
2009-11-06 20:54:48 ----D---- C:\Program Files\Spyware Doctor
2009-11-06 20:47:03 ----D---- C:\WINDOWS
2009-11-06 15:12:49 ----D---- C:\Users\John\AppData\Roaming\Any DVD Converter Professional
2009-11-06 13:05:42 ----D---- C:\Windows\system32\wbem
2009-11-06 13:03:42 ----D---- C:\Windows\winsxs
2009-11-06 13:03:42 ----D---- C:\Windows\Tasks
2009-11-06 13:03:42 ----D---- C:\Windows\system32\spool
2009-11-06 13:03:38 ----D---- C:\Users\John\AppData\Roaming\Winamp
2009-11-06 13:03:37 ----D---- C:\Windows\registration
2009-11-06 13:03:37 ----D---- C:\Program Files\Any DVD Converter Professional
2009-11-05 08:14:10 ----D---- C:\Program Files\McAfee
2009-11-04 19:47:29 ----D---- C:\Windows\system32\catroot
2009-11-02 07:49:20 ----ASH---- C:\Program Files\desktop.ini
2009-11-01 22:27:05 ----SD---- C:\Windows\Downloaded Program Files
2009-11-01 10:47:34 ----RSD---- C:\Windows\Fonts
2009-10-31 12:21:34 ----D---- C:\Program Files\Mozilla Firefox
2009-10-31 12:14:35 ----D---- C:\Program Files\Windows Sidebar
2009-10-31 12:12:41 ----D---- C:\ProgramData\TuneUp Software
2009-10-31 12:12:36 ----HD---- C:\ProgramData
2009-10-31 07:23:45 ----D---- C:\Windows\rescache
2009-10-31 06:56:33 ----D---- C:\Windows\system32\en-US
2009-10-31 06:56:32 ----D---- C:\Program Files\Windows Media Player
2009-10-30 23:33:03 ----D---- C:\Windows\system32\config
2009-10-30 23:32:30 ----D---- C:\Windows\system32\Msdtc
2009-10-30 23:32:30 ----D---- C:\Windows\system32\CodeIntegrity
2009-10-30 23:32:22 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-10-30 23:32:22 ----D---- C:\Program Files\Common Files\Adobe
2009-10-30 23:21:53 ----D---- C:\Program Files\Internet Explorer
2009-10-30 15:01:12 ----A---- C:\Windows\system32\authuitu.dll
2009-10-30 15:01:00 ----A---- C:\Windows\system32\uxtuneup.dll
2009-10-29 11:54:09 ----D---- C:\ProgramData\Adobe
2009-10-29 08:42:54 ----D---- C:\Windows\system32\uk-UA
2009-10-29 08:42:54 ----D---- C:\Windows\system32\sl-SI
2009-10-29 08:42:54 ----D---- C:\Windows\system32\pt-PT
2009-10-29 08:42:54 ----D---- C:\Windows\system32\pt-BR
2009-10-29 08:42:54 ----D---- C:\Windows\system32\pl-PL
2009-10-29 08:42:54 ----D---- C:\Windows\system32\ko-KR
2009-10-29 08:42:54 ----D---- C:\Windows\system32\it-IT
2009-10-29 08:42:54 ----D---- C:\Windows\system32\hu-HU
2009-10-29 08:42:54 ----D---- C:\Windows\system32\hr-HR
2009-10-29 08:42:54 ----D---- C:\Windows\system32\he-IL
2009-10-29 08:42:54 ----D---- C:\Windows\system32\bg-BG
2009-10-29 08:42:53 ----D---- C:\Windows\system32\zh-HK
2009-10-29 08:42:53 ----D---- C:\Windows\system32\tr-TR
2009-10-29 08:42:53 ----D---- C:\Windows\system32\th-TH
2009-10-29 08:42:53 ----D---- C:\Windows\system32\sr-Latn-CS
2009-10-29 08:42:53 ----D---- C:\Windows\system32\nl-NL
2009-10-29 08:42:53 ----D---- C:\Windows\system32\fr-FR
2009-10-29 08:42:53 ----D---- C:\Windows\system32\fi-FI
2009-10-29 08:42:53 ----D---- C:\Windows\system32\el-GR
2009-10-29 08:42:52 ----D---- C:\Windows\system32\zh-TW
2009-10-29 08:42:52 ----D---- C:\Windows\system32\sv-SE
2009-10-29 08:42:52 ----D---- C:\Windows\system32\lv-LV
2009-10-29 08:42:52 ----D---- C:\Windows\system32\lt-LT
2009-10-29 08:42:52 ----D---- C:\Windows\system32\es-ES
2009-10-29 08:42:51 ----D---- C:\Windows\system32\zh-CN
2009-10-29 08:42:51 ----D---- C:\Windows\system32\sk-SK
2009-10-29 08:42:51 ----D---- C:\Windows\system32\ja-JP
2009-10-29 08:42:51 ----D---- C:\Windows\system32\et-EE
2009-10-29 08:42:51 ----D---- C:\Windows\system32\de-DE
2009-10-29 08:42:51 ----D---- C:\Windows\system32\cs-CZ
2009-10-29 08:42:51 ----D---- C:\Windows\system32\ar-SA
2009-10-29 08:42:50 ----D---- C:\Windows\system32\ru-RU
2009-10-29 08:42:50 ----D---- C:\Windows\system32\ro-RO
2009-10-29 08:42:50 ----D---- C:\Windows\system32\nb-NO
2009-10-29 08:42:50 ----D---- C:\Windows\system32\da-DK
2009-10-28 13:01:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-28 11:58:19 ----D---- C:\Program Files\Java
2009-10-24 14:02:07 ----D---- C:\Program Files\Common Files\Real
2009-10-24 14:02:02 ----A---- C:\Windows\system32\rmoc3260.dll
2009-10-24 14:01:34 ----A---- C:\Windows\system32\pndx5032.dll
2009-10-24 14:01:33 ----A---- C:\Windows\system32\pndx5016.dll
2009-10-24 14:01:21 ----D---- C:\Users\John\AppData\Roaming\Real
2009-10-24 14:00:49 ----A---- C:\Windows\system32\pncrt.dll
2009-10-23 19:31:13 ----D---- C:\Users\John\AppData\Roaming\AVS4YOU
2009-10-23 11:46:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-23 10:16:38 ----D---- C:\Windows\system
2009-10-22 08:12:56 ----D---- C:\Program Files\Your Uninstaller 2008
2009-10-22 07:51:45 ----D---- C:\Users\John\AppData\Roaming\Vso
2009-10-22 07:51:44 ----A---- C:\Users\John\AppData\Roaming\inst.exe
2009-10-21 16:41:36 ----D---- C:\Windows\Debug
2009-10-21 06:57:47 ----D---- C:\Program Files\RegCure
2009-10-20 13:50:18 ----D---- C:\Program Files\Intel
2009-10-20 13:50:18 ----D---- C:\Program Files\DivX
2009-10-20 13:50:18 ----D---- C:\Program Files\Common Files\DivX Shared
2009-10-20 13:17:21 ----D---- C:\ProgramData\NVIDIA
2009-10-20 13:16:42 ----D---- C:\ProgramData\NOS
2009-10-20 08:49:29 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-20 08:49:27 ----D---- C:\Program Files\Common Files
2009-10-20 08:22:44 ----D---- C:\NVIDIA
2009-10-18 20:43:35 ----D---- C:\Program Files\Privacy Guardian
2009-10-18 14:44:30 ----D---- C:\Program Files\K-Lite Codec Pack
2009-10-18 13:37:29 ----D---- C:\Windows\Minidump
2009-10-17 18:26:14 ----A---- C:\Windows\ErrRegDoc.txt
2009-10-17 13:40:21 ----D---- C:\Users\John\AppData\Roaming\DivX
2009-10-15 14:07:17 ----A---- C:\Windows\vuepro32.ini
2009-10-15 08:46:32 ----D---- C:\Windows\Microsoft.NET
2009-10-15 08:46:02 ----RSD---- C:\Windows\assembly
2009-10-15 07:34:30 ----D---- C:\Windows\ehome
2009-10-15 07:34:30 ----D---- C:\Program Files\Windows Mail
2009-10-15 07:34:28 ----D---- C:\Windows\system32\migration
2009-10-15 07:23:02 ----D---- C:\ProgramData\Microsoft Help
2009-10-15 07:17:18 ----D---- C:\Program Files\Microsoft Works
2009-10-13 19:57:17 ----A---- C:\Windows\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\elrawdsk.sys [2007-03-22 20560]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424]
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\System32\drivers\pctgntdi.sys [2008-12-11 159600]
R2 BCMNTIO;BCMNTIO; \??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 3744]
R2 MAPMEM;MAPMEM; \??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 3904]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-14 218752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-11 2324512]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-09-16 40552]
R3 NCHSSVAD;SoundTap Recorder; C:\Windows\system32\drivers\nchssvad.sys [2009-08-29 27136]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-01-10 8237120]
R3 pctplsg;pctplsg; \??\C:\WINDOWS\System32\drivers\pctplsg.sys [2008-12-10 64392]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-04-08 64000]
R3 ST330;ST330; C:\Windows\system32\drivers\st330.sys [2008-06-12 30464]
R3 STBUS;STBUS; C:\Windows\system32\drivers\stbus.sys [2008-06-12 12672]
R3 stppp;Speedtouch PPP Adapter Adapter; C:\Windows\system32\DRIVERS\stppp.sys [2008-06-12 35328]
R3 SymantecAntiBotDriver;SymantecAntiBotDriver; \??\C:\Program Files\Symantec\Norton AntiBot\agent\driver\platform_VISTA\AntiBotDriver.sys [2008-09-08 161304]
R3 SymantecAntiBotFilter;SymantecAntiBotFilter; \??\C:\Program Files\Symantec\Norton AntiBot\agent\driver\platform_VISTA\AntiBotFilter.sys [2008-09-08 29720]
R3 SymantecAntiBotShim;SymantecAntiBotShim; \??\C:\Program Files\Symantec\Norton AntiBot\agent\driver\platform_VISTA\AntiBotShim.sys [2008-09-08 29152]
R3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [2009-04-20 33056]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-09-26 47360]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WipeFile;WipeFile; C:\Windows\system32\DRIVERS\WipeFile.sys [2007-03-03 57472]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2008-04-04 1123608]
R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-18 168432]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2008-05-07 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe [2008-01-29 583048]
R2 lxcz_device;lxcz_device; C:\Windows\system32\lxczcoms.exe [2007-04-19 537520]
R2 lxdi_device;lxdi_device; C:\Windows\system32\lxdicoms.exe [2007-06-11 517040]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-10-19 92296]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-09-15 894136]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-01-15 207392]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-08-24 1097096]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 st330service;SpeedTouch 330 Manager; C:\Program Files/Thomson/ST330/service/st330service.exe [2008-06-12 581632]
R2 SymantecAntiBotAgent;SymantecAntiBotAgent; C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe [2008-09-08 4910104]
R2 SymantecAntiBotWatcher;SymantecAntiBotWatcher; C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe [2008-09-08 539160]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-06-22 603904]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
R3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2009-04-20 70944]
S2 IntelDHSvcConf;Intel DH Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
S3 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-09-11 188416]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-09-11 75264]
S3 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-09-01 26624]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112]
S3 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-09-11 167936]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-09-11 544256]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-03-26 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-03-09 74656]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [2008-01-29 394704]
S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2009-10-31 435016]

-----------------EOF-----------------


Report •

#7
November 8, 2009 at 13:23:47
Looks like you have McAfee antivirus running right now but have Trind Micro and Norton partially installed. If you have the option to unintall Trind Micro and Norton's in add/remove programs uninstall these unless they are firewalls.

Also uninstall LimeWire as it is known to harbor spyware.

Spybot and Spyware Doctor need to be temporarily disabled while we remove the baddies or they will interfere with the removal process. There is a clickable link (This Link) in the combofix spill that will help disable these. And when you run combofix McAfee must be temporarily disabled.

Once you get Combofix downloaded boot into Safe mode with networking to run it. To do that restart the computer and as it is booting tab F8 about every second as it boots and you will get an option screen, choose safe mode with networking.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#8
November 22, 2009 at 13:07:35
My system got so slow I decided to save my files & progs & reinsatll vista - Thanks for the help.

Report •

#9
November 22, 2009 at 13:19:23
Thanks for the follow-up.

Report •


Ask Question