Spyware damage

Intel / D915pbl
November 8, 2009 at 13:31:46
Specs: Microsoft Windows XP Professional, 3.4 GHz / 2045 MB
Folks,

I need some help. I have been fighting with what I believe is a spyware

infection from a bogus antivirus program that goes by the name "system protector" or something like that. I think I've gotten rid of the program
itself (which is why I'm not sure of the exact name) but it's after effects seem to be ingering. Currently I cannot access any antivirus sites, my
browser runs painfully slow, and it's constantly locking up and/or crashing to the desktop. I also cannot access safemode. It locks up right after it
lloads MUP.SYS.

HHere's the history. I have done a repair reinstall from the XP install disk, and did full updates to SP 3, which seemed to work for a while. It didn't last. I get occasional redirects from IE and it runs slow and locks up
frequently. When I thought I had fixed the problem, I decided to replace the free copy of Avast I was using with the Mcafee suite offered by Cox, my cable provider. I downloaded the install file from Cox, and did an uninstall of
Avast to avoid any conflicys of A/V's. That's when I discovered that I couldn't access any antivirus sites. Now. on top of everything else, I have no A/V installed.
For the record, I also recently replaced my power supply with a Corsair 700 watt one. I have not tested it with a multimeter, but I see no indications of problems. I can test it if you think that's needed.
I have access to another computer that is working fine so I can D/L whatever is needed. Please let me know what me to do.
Thank you


See More: Spyware damage

Report •


#1
November 8, 2009 at 13:36:53
this seems to be a spyware --- please scan your system with ad/adware
http://www.lavasoft.com

please note that you should use ad/adware plus some antimalware software ( kis 2010 for example )...


Report •

#2
November 8, 2009 at 16:46:29
As much as I like Ad-aware I do not believe it will resolve this issue, the pro version may but I think you buy that one.

Please save this file to your desktop.

Win32kDiag.exe

Please double click on the Win32kDiag file and post the log it produces. This log might be quite lengthy and may take more than one post to get all of it posted.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized.

Please post the contents of both logs (in separate post) in your next reply.


Report •

#3
November 9, 2009 at 11:21:56
jabuck,

Here's the files you requested. The wim32kdiag file was very short, but the RSIT ones are huge.I'll post those separately from each other

Running from: C:\Documents and Settings\bob_pc\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\bob_pc\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Cannot access: C:\WINDOWS\pchealth\ERRORREP\UserDumps\svchost.exe.20091102-185308-00.hdmp

[1] 2009-11-02 12:53:11 3608888 C:\WINDOWS\pchealth\ERRORREP\UserDumps\svchost.exe.20091102-185308-00.hdmp ()

Cannot access: C:\WINDOWS\pchealth\ERRORREP\UserDumps\svchost.exe.20091102-185338-00.hdmp

[1] 2009-11-02 12:53:40 3608904 C:\WINDOWS\pchealth\ERRORREP\UserDumps\svchost.exe.20091102-185338-00.hdmp ()

Finished!

RSIT Info file:

info.txt logfile of random's system information tool 1.06 2009-11-09 10:52:36

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
APC PowerChute Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bubble Town-->"C:\WINDOWS\Bubble Town\uninstall.exe" "/U:C:\Program Files\Bubble Town\Uninstall\uninstall.xml"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Clive Barker's Jericho-->"C:\Program Files\InstallShield Installation Information\{BE9A67F1-BDD3-4259-9F5C-2EFCE6B3A6C5}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Cooliris for Internet Explorer-->MsiExec.exe /I{2D622A15-11C6-489D-84A3-78C7D7EA2789}
CrossLoop 2.41-->"C:\Program Files\CrossLoop\unins000.exe"
Dassault Systemes Software Prerequisites x86-->MsiExec.exe /X{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}
DB CIF Cam-->C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\setup.exe -runfromtemp -l0x0009 -removeonly
DeductionPro 2008-->"C:\Program Files\InstallShield Installation Information\{61100673-2546-42E1-BF92-467B5CB2AC6D}\setup.exe" -runfromtemp -l0x0009 -removeonly
Disney Pix Micro Downloader-->MsiExec.exe /X{183135A3-2CE8-43B5-BA5A-757EBAECB413}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Duplicate Music Files Finder 1.5.5-->"C:\Program Files\Duplicate Music Files Finder\unins000.exe"
EzTune-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4955758-B754-471D-9091-7CE2C3D9E9AA}\setup.exe" -l0x9 -removeonly
Folder Size for Windows-->MsiExec.exe /I{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}
Free CD Ripper 3.1-->"E:\Program Files\FreeCDRipper\unins000.exe"
Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
FrostWire 4.18.0-->E:\Program Files\FrostWire\Uninstall.exe
Google Earth-->MsiExec.exe /X{3A05B900-A3E7-11DE-A9B7-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Documents and Settings\bob_pc\Desktop\Spyware_Antivirus\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Driver Diagnostics-->MsiExec.exe /X{624D19C3-D55D-4368-BC10-9B53036D8358}
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0 Software-->C:\Program Files\HP\Digital Imaging\{76BEC1D7-8A9F-472D-84C7-014BB155E4B2}\setup\hpzscr01.exe -datfile hphscr11.dat -showdisconnect -forcereboot
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\Setup.exe" -l0409 -INTELUNINST
Intel(R) Desktop Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBFE5FBD-A7D9-4F74-88A1-2B042722F2DB}\setup.exe"
Intel(R) PRO Network Connections 11.2.0.69-->MsiExec.exe /i{2222B364-0854-4265-B32E-A142DB9DC7BB} ARPREMOVE=1
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Magic ISO Maker v5.3 (build 0221)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.106-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Theme Nunavut-->MsiExec.exe /X{047815FB-4E38-42D5-95CB-8A131DDD8668}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Modern Age Books -->C:\WINDOWS\uninst.exe -f"C:\Program Files\Modern Age Books\DeIsL1.isu"
Mozilla Firefox (3.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Ultra Edition-->MsiExec.exe /I{692854CC-97EF-4307-B787-8C6787B91033}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Picasa 3-->"E:\Program Files\Google\Picasa3\Uninstall.exe"
Pivot Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}\setup.exe" -l0x9 -removeonly
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
SDK-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -l0x9
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TaxCut Premium + Efile 2008-->MsiExec.exe /X{79207BEE-6CD3-483C-824C-944663BACAC4}
TightVNC 1.3.9-->"C:\Program Files\TightVNC\unins000.exe"
Tomb Raider: Underworld 1.1-->E:\Program Files\Eidos\Tomb Raider - Underworld\uninst.exe
TUGZip 3.5-->"C:\Program Files\TUGZip\unins000.exe"
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Earth 3D (Beta)-->MsiExec.exe /I{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Vuze-->C:\Program Files\Vuze\uninstall.exe
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XMLinst-->MsiExec.exe /I{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0}

=====HijackThis Backups=====

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2009-10-09]
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-10-09]
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2009-10-09]
O20 - AppInit_DLLs: [2009-10-09]
O15 - Trusted Zone: http://*.mcafee.com [2009-10-09]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-10-09]
O4 - HKLM\..\RunOnce: [DeleteDir[CD8] Search Guard Plus] cmd.exe /C RD /S /Q C:\PROGRA~1\SEARCH~1 [2009-10-12]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2009-10-12]
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2009-10-12]
O4 - HKLM\..\RunOnce: [DeleteDir[CD8] Search Guard Plus1] cmd.exe /C RD /S /Q C:\ARCHIV~1\SEARCH~1 [2009-10-12]
O4 - HKLM\..\RunOnce: [DeleteDir[CD8] Search Guard Plus Updater2] cmd.exe /C RD /S /Q C:\ARQUIV~1\SEARCH~2 [2009-10-12]
O4 - HKLM\..\RunOnce: [DeleteDir[CD8] Search Guard Plus Updater1] cmd.exe /C RD /S /Q C:\ARCHIV~1\SEARCH~2 [2009-10-12]
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll [2009-10-12]
O4 - HKLM\..\RunOnce: [DeleteDir[CD8] Search Guard Plus2] cmd.exe /C RD /S /Q C:\ARQUIV~1\SEARCH~1 [2009-10-12]
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2009-10-12]
O4 - HKLM\..\RunOnce: [DeleteDir[CD8] Search Guard Plus Updater] cmd.exe /C RD /S /Q C:\PROGRA~1\SEARCH~2 [2009-10-12]
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe [2009-10-12]
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe [2009-10-12]
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res... [2009-11-03]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL [2009-11-03]
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2009-11-03]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/BINGAME/POPCAPL... [2009-11-03]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-11-03]
O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINDOWS\system32\FastNetSrv.exe [2009-11-08]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-11-08]

======Hosts File======

192.168.97.102 HP000D9D00A4BF

======System event log======

Computer Name: BOB-PC
Event Code: 59
Message: Generate Activation Context failed for C:\Program Files\Microsoft Office\OFFICE11\msohev.dll.
Reference error message: The operation completed successfully.
.

Record Number: 869
Source Name: SideBySide
Time Written: 20091101231956.000000-300
Event Type: error
User:

Computer Name: BOB-PC
Event Code: 59
Message: Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference error message: The manifest file contains one or more syntax errors.
.

Record Number: 868
Source Name: SideBySide
Time Written: 20091101231956.000000-300
Event Type: error
User:

Computer Name: BOB-PC
Event Code: 33
Message: The application failed to launch because of an invalid manifest.

Record Number: 867
Source Name: SideBySide
Time Written: 20091101231956.000000-300
Event Type: error
User:

Computer Name: BOB-PC
Event Code: 58
Message: Syntax error in manifest or policy file "C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.5512.Policy" on line 9.

Record Number: 866
Source Name: SideBySide
Time Written: 20091101231956.000000-300
Event Type: error
User:

Computer Name: BOB-PC
Event Code: 64
Message: Syntax error in manifest or policy file "C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.5512.Policy" on line 9.
The root or application manifest contains the noInherit element but the dependent assembly manifest does not
contain the noInheritable element. Application manifests which contain the noInherit element may only
depend on assemblies which are noInheritable.

Record Number: 865
Source Name: SideBySide
Time Written: 20091101231956.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: BOB-PC
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: 0x8ca

Record Number: 5
Source Name: crypt32
Time Written: 20091101220701.000000-300
Event Type: error
User:

Computer Name: BOB-PC
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: 0x8ca

Record Number: 4
Source Name: crypt32
Time Written: 20091101220701.000000-300
Event Type: error
User:

Computer Name: BOB-PC
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: 0x8ca

Record Number: 3
Source Name: crypt32
Time Written: 20091101220700.000000-300
Event Type: error
User:

Computer Name: BOB-PC
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: 0x8ca

Record Number: 2
Source Name: crypt32
Time Written: 20091101220700.000000-300
Event Type: error
User:

Computer Name: BOB-PC
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: 0x2ee7

Record Number: 1
Source Name: crypt32
Time Written: 20091101220700.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files\Common Files\DivX Shared\;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Intel\DMIX
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------



Report •

Related Solutions

#4
November 9, 2009 at 12:13:39
jabuck,

I'm sending the last file in 2 parts, since it seems to be too big to post by itself.

I look forward to hearing what you have to say:

Logfile of random's system information tool 1.06 (written by random/random)
Run by bob_pc at 2009-11-09 10:52:25
Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (40%) free of 51 GB
Total RAM: 2046 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:32 AM, on 11/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\bob_pc\Desktop\Win32kDiag.exe
C:\Documents and Settings\bob_pc\Desktop\Advice files\RSIT.exe
C:\Documents and Settings\bob_pc\Desktop\Spyware_Antivirus\bob_pc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Policies\Explorer\Run: [msdriver32] C:\Documents and Settings\bob_pc\Local Settings\Application Data\Microsoft\Internet Explorer\msdriver32.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirem...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/get...
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr0...
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 5846 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1844823847-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1844823847-725345543-1003UA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{BBB4DD75-370A-47BD-9B78-753AE1C3A2BF}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-10 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-01 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-10 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]
C:\Program Files\PicLensIE\cooliris.dll [2009-10-06 4683744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-10 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 189952]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2009-11-08 35328]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-07 68856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"msdriver32"=C:\Documents and Settings\bob_pc\Local Settings\Application Data\Microsoft\Internet Explorer\msdriver32.exe [2009-11-08 124936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\24499129]
C:\DOCUME~1\ALLUSE~1\APPLIC~1\24499129\24499129.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
C:\WINDOWS\ALCWZRD.EXE [2006-05-04 2830848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-06-01 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2009-11-08 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DACSMiniApp]
C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 507904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT GWY]
C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe [2008-06-25 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\bob_pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe [2004-03-23 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsdefrag]
C:\DOCUME~1\bob_pc\LOCALS~1\Temp\moascwrnxe.tmp []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1715200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\net]
C:\WINDOWS\system32\net.net []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
C:\Program Files\Octoshape Streaming Services\bob_pc\OctoshapeClient.exe [2008-05-22 156944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Reminder]
C:\Program Files\PCPitstop\Optimize2\Reminder.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
E:\Program Files\Picasa2\PicasaMediaDetector.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe [2007-02-09 694008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Protection System]
C:\Program Files\Protection System\psystem.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2009-03-15 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-09-05 438272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-02-26 16147968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Security Center]
C:\WINDOWS\sc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2006-07-21 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2280448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2009-10-08 1217784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-07 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TurboNet]
C:\DOCUME~1\bob_pc\LOCALS~1\Temp\a.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-01 35840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk]
C:\PROGRA~1\APC\APCPOW~1\Display.exe [2005-12-12 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2006-02-10 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^bob_pc^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2009-02-23 599552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^bob_pc^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^bob_pc^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
C:\PROGRA~1\Yahoo!\Widgets\YAHOOW~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"fastnetsrv"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Program Files\FrostWire\FrostWire.exe"="E:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Octoshape Streaming Services\bob_pc\OctoshapeClient.exe"="C:\Program Files\Octoshape Streaming Services\bob_pc\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
"C:\Temp\HP_WebRelease\Setup\HPZnet01.exe"="C:\Temp\HP_WebRelease\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in"
"C:\Program Files\Joost\xulrunner\tvprunner.exe"="C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"E:\Program Files\Steam\SteamApps\common\fear2\FEAR2.exe"="E:\Program Files\Steam\SteamApps\common\fear2\FEAR2.exe:*:Enabled:F.E.A.R. 2: Project Origin"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
"C:\WINDOWS\TEMP\VRT7.tmp"="C:\WINDOWS\TEMP\VRT7.tmp:*:Enabled:installer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77f60244-17bd-11de-babe-00111147733e}]
shell\AutoRun\command - H:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc7f6f33-4572-11de-badf-00111147733e}]
shell\AutoRun\command - H:\Autorun.exe


Report •

#5
November 9, 2009 at 12:15:52
and part 2:

======List of files/folders created in the last 1 months======

2009-11-09 10:52:25 ----D---- C:\rsit
2009-11-09 10:26:27 ----A---- C:\WINDOWS\system32\13.tmp
2009-11-09 10:26:12 ----A---- C:\WINDOWS\system32\11.tmp
2009-11-09 09:53:37 ----D---- C:\!KillBox
2009-11-09 09:52:38 ----A---- C:\WINDOWS\system32\6.tmp
2009-11-09 09:52:34 ----A---- C:\WINDOWS\system32\3.tmp
2009-11-09 08:58:38 ----A---- C:\WINDOWS\system32\7.tmp
2009-11-09 08:58:30 ----A---- C:\WINDOWS\system32\5.tmp
2009-11-08 19:05:50 ----A---- C:\WINDOWS\system32\flags.ini
2009-11-08 18:41:17 ----A---- C:\WINDOWS\system32\F.tmp
2009-11-08 17:58:58 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-11-08 16:25:02 ----A---- C:\WINDOWS\system32\A.tmp
2009-11-08 16:20:39 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-08 16:20:29 ----D---- C:\Program Files\Lavasoft
2009-11-08 16:20:29 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-11-07 09:53:00 ----A---- C:\WINDOWS\system32\D.tmp
2009-11-07 09:52:57 ----A---- C:\WINDOWS\system32\B.tmp
2009-11-03 12:58:32 ----D---- C:\Program Files\SystemRequirementsLab
2009-11-03 08:09:12 ----D---- C:\WINDOWS\Prefetch
2009-11-03 07:33:48 ----D---- C:\WINDOWS\SoftwareDistribution
2009-11-02 23:03:36 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-11-02 22:44:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2009-11-02 22:44:46 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-11-02 22:44:37 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-11-02 22:44:28 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-11-02 22:44:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-11-02 22:44:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-11-02 22:44:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-11-02 22:43:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-11-02 22:43:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-11-02 22:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$
2009-11-02 22:43:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-11-02 22:43:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-11-02 22:39:26 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-11-02 22:39:18 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-11-02 22:39:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-11-02 22:39:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-11-02 22:38:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-11-02 22:38:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-11-02 22:38:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-11-02 22:38:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-11-02 22:38:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-11-02 22:38:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-11-02 22:38:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-11-02 22:37:51 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-11-02 22:37:43 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-11-02 22:37:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-11-02 22:37:26 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-11-02 22:37:18 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-11-02 22:37:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-11-02 22:36:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-11-02 22:36:47 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-11-02 22:36:39 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-11-02 22:36:24 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-11-02 22:36:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-11-02 22:36:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-11-02 22:35:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-11-02 22:34:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-11-02 22:34:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-11-02 22:33:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-11-02 22:33:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-11-02 22:33:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-11-02 22:33:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-11-02 22:33:09 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-11-02 22:33:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-11-02 22:32:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-11-02 22:32:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-11-02 22:32:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-11-02 22:32:28 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-11-02 22:31:58 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-11-02 22:31:57 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-11-02 22:08:27 ----N---- C:\WINDOWS\system32\ieencode.dll
2009-11-02 21:23:28 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-11-02 21:14:56 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-11-02 20:57:59 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-11-02 20:57:58 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-11-02 20:57:49 ----A---- C:\WINDOWS\003627_.tmp
2009-11-02 19:30:58 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-11-02 18:33:14 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-11-02 18:33:14 ----A---- C:\WINDOWS\system32\irclass.dll
2009-11-02 18:32:58 ----RA---- C:\WINDOWS\SETC8.tmp
2009-11-02 18:32:55 ----RA---- C:\WINDOWS\SETBC.tmp
2009-11-02 18:32:53 ----RA---- C:\WINDOWS\SETB9.tmp
2009-11-02 11:36:18 ----D---- C:\WINDOWS\ServicePackFiles
2009-11-02 06:24:52 ----RA---- C:\WINDOWS\SET106.tmp
2009-11-02 06:24:50 ----RA---- C:\WINDOWS\SETF9.tmp
2009-11-02 06:24:48 ----RA---- C:\WINDOWS\SETF7.tmp
2009-11-01 21:17:53 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-11-01 21:17:53 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-11-01 21:17:48 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-11-01 21:17:48 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-11-01 21:17:48 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-11-01 21:17:48 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-11-01 21:17:44 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-11-01 21:17:44 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-11-01 21:17:44 ----A---- C:\WINDOWS\system32\srclient.dll
2009-11-01 21:17:43 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-11-01 21:17:43 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-11-01 21:17:43 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-11-01 21:17:43 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-11-01 21:17:43 ----A---- C:\WINDOWS\system32\ils.dll
2009-11-01 21:17:42 ----A---- C:\WINDOWS\system32\msconf.dll
2009-11-01 21:17:39 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-11-01 21:17:39 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-11-01 21:17:39 ----A---- C:\WINDOWS\system32\inetres.dll
2009-11-01 21:17:37 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-11-01 21:17:37 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-11-01 21:17:37 ----A---- C:\WINDOWS\system32\mstask.dll
2009-11-01 21:17:37 ----A---- C:\WINDOWS\system32\isign32.dll
2009-11-01 21:17:37 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-11-01 21:17:37 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-11-01 21:17:37 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-11-01 21:16:38 ----D---- C:\Program Files\Online Services
2009-11-01 21:16:31 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-11-01 21:16:30 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-11-01 21:16:30 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-11-01 21:16:30 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-11-01 21:16:29 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-11-01 21:16:29 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-11-01 21:16:29 ----A---- C:\WINDOWS\system32\spider.exe
2009-11-01 21:16:29 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-11-01 21:16:29 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-11-01 21:16:28 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-11-01 21:16:28 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-11-01 21:16:28 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-11-01 21:16:28 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-11-01 21:16:28 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-11-01 21:16:28 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-11-01 21:16:28 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-11-01 21:16:28 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-11-01 21:16:27 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-11-01 21:16:27 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-11-01 21:16:27 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-11-01 21:16:27 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-11-01 21:16:27 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-11-01 21:16:27 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-11-01 21:16:27 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-11-01 21:16:27 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-11-01 21:16:27 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-11-01 21:16:26 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-11-01 21:16:26 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-11-01 21:16:26 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-11-01 21:16:26 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-11-01 21:16:26 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-11-01 21:16:25 ----A---- C:\WINDOWS\system32\stclient.dll
2009-11-01 21:16:25 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-11-01 21:16:25 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-11-01 21:16:25 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-11-01 21:16:25 ----A---- C:\WINDOWS\system32\colbact.dll
2009-11-01 21:16:25 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-11-01 21:16:25 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-11-01 21:16:25 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-11-01 21:16:25 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-11-01 21:16:24 ----A---- C:\WINDOWS\system32\comuid.dll
2009-11-01 21:16:24 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-11-01 21:16:24 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-11-01 21:16:17 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-11-01 21:16:17 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-11-01 21:16:16 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-11-01 21:16:16 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-11-01 21:04:24 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-11-01 20:58:15 ----RA---- C:\WINDOWS\SET102.tmp
2009-11-01 20:58:13 ----RA---- C:\WINDOWS\SETF6.tmp
2009-11-01 20:49:32 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-11-01 20:46:48 ----A---- C:\WINDOWS\system32\storprop.dll
2009-11-01 20:46:27 ----RA---- C:\WINDOWS\SET104.tmp
2009-11-01 20:46:25 ----RA---- C:\WINDOWS\SETF8.tmp
2009-10-24 12:46:03 ----D---- C:\Documents and Settings\bob_pc\Application Data\Bioshock
2009-10-24 09:43:33 ----D---- C:\Program Files\Rioshock
2009-10-21 18:40:49 ----D---- C:\WINDOWS\65F1CF6331E0450B96F34A88BE7361A6.TMP
2009-10-19 16:35:54 ----D---- C:\Program Files\iPod
2009-10-19 16:35:51 ----D---- C:\Program Files\iTunes
2009-10-19 16:13:03 ----D---- C:\Program Files\Safari
2009-10-18 13:43:59 ----D---- C:\Program Files\PicLensIE
2009-10-14 20:24:19 ----A---- C:\WINDOWS\wininit.ini
2009-10-14 17:39:00 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-10-14 17:39:00 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-11 16:02:18 ----D---- C:\Program Files\Search Guard PlusU
2009-10-11 16:02:18 ----D---- C:\Program Files\Search Guard Plus
2009-10-11 16:02:16 ----D---- C:\Program Files\SGPSA
2009-10-11 16:01:35 ----D---- C:\users

======List of files/folders modified in the last 1 months======

2009-11-09 10:50:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-09 10:40:02 ----D---- C:\WINDOWS\Temp
2009-11-09 10:36:29 ----D---- C:\WINDOWS
2009-11-09 10:26:28 ----D---- C:\WINDOWS\system32
2009-11-09 10:19:29 ----D---- C:\WINDOWS\system32\wbem
2009-11-09 10:18:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-09 10:06:47 ----D---- C:\Program Files\Mozilla Firefox
2009-11-09 09:54:57 ----SD---- C:\WINDOWS\Tasks
2009-11-09 09:52:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-09 09:52:55 ----HD---- C:\WINDOWS\inf
2009-11-08 22:17:39 ----SH---- C:\boot.ini
2009-11-08 22:17:39 ----A---- C:\WINDOWS\win.ini
2009-11-08 22:17:39 ----A---- C:\WINDOWS\system.ini
2009-11-08 22:16:52 ----D---- C:\Documents and Settings\bob_pc\Application Data\FreshDiagnose
2009-11-08 19:13:59 ----RD---- C:\Program Files
2009-11-08 19:09:35 ----D---- C:\Documents and Settings\bob_pc\Application Data\Azureus
2009-11-08 19:08:58 ----D---- C:\WINDOWS\Debug
2009-11-08 19:08:35 ----D---- C:\WINDOWS\Minidump
2009-11-08 18:32:24 ----D---- C:\WINDOWS\system32\drivers
2009-11-08 18:32:14 ----A---- C:\WINDOWS\system32\ctfmon.exe
2009-11-08 18:32:09 ----A---- C:\WINDOWS\system32\alg.exe
2009-11-08 18:32:00 ----A---- C:\WINDOWS\system32\spoolsv.exe
2009-11-08 18:31:16 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-11-08 16:22:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-08 16:20:39 ----HD---- C:\Config.Msi
2009-11-08 16:20:38 ----SHD---- C:\WINDOWS\Installer
2009-11-08 16:20:25 ----D---- C:\WINDOWS\WinSxS
2009-11-08 08:28:04 ----D---- C:\Program Files\Adobe
2009-11-08 08:27:28 ----D---- C:\Program Files\Yahoo!
2009-11-06 12:57:50 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-06 11:07:09 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-04 21:15:45 ----D---- C:\Documents and Settings\bob_pc\Application Data\FrostWire
2009-11-04 08:11:02 ----D---- C:\WINDOWS\Help
2009-11-03 12:58:31 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-03 08:43:52 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2009-11-03 06:54:30 ----D---- C:\WINDOWS\Registration
2009-11-03 06:51:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-02 23:25:27 ----D---- C:\WINDOWS\security
2009-11-02 23:05:12 ----D---- C:\WINDOWS\ie8updates
2009-11-02 23:05:10 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-02 22:48:57 ----D---- C:\Program Files\Internet Explorer
2009-11-02 22:42:45 ----HDC---- C:\WINDOWS\ie8
2009-11-02 22:41:22 ----D---- C:\WINDOWS\system32\en-us
2009-11-02 22:38:41 ----D---- C:\Program Files\Outlook Express
2009-11-02 22:36:33 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-02 22:33:11 ----D---- C:\Program Files\Messenger
2009-11-02 22:31:55 ----D---- C:\Program Files\Windows Media Player
2009-11-02 22:05:15 ----D---- C:\WINDOWS\system32\Setup
2009-11-02 22:05:15 ----D---- C:\WINDOWS\ime
2009-11-02 22:05:15 ----D---- C:\WINDOWS\AppPatch
2009-11-02 22:05:14 ----RSD---- C:\WINDOWS\Fonts
2009-11-02 21:21:45 ----D---- C:\WINDOWS\system32\inetsrv
2009-11-02 21:21:39 ----D---- C:\WINDOWS\PeerNet
2009-11-02 21:21:39 ----D---- C:\Program Files\Movie Maker
2009-11-02 21:20:10 ----D---- C:\WINDOWS\system32\Restore
2009-11-02 21:20:10 ----D---- C:\WINDOWS\system32\npp
2009-11-02 21:20:10 ----D---- C:\WINDOWS\mui
2009-11-02 21:20:09 ----D---- C:\WINDOWS\msagent
2009-11-02 21:20:08 ----D---- C:\WINDOWS\srchasst
2009-11-02 21:20:07 ----D---- C:\Program Files\NetMeeting
2009-11-02 21:20:06 ----D---- C:\WINDOWS\system32\Com
2009-11-02 21:20:03 ----D---- C:\Program Files\Windows NT
2009-11-02 21:20:01 ----D---- C:\Program Files\Common Files\System
2009-11-02 21:19:47 ----D---- C:\WINDOWS\system32\oobe
2009-11-02 21:19:46 ----D---- C:\WINDOWS\system32\usmt
2009-11-02 21:19:45 ----D---- C:\WINDOWS\system
2009-11-02 21:18:26 ----RD---- C:\WINDOWS\Web
2009-11-02 21:14:55 ----D---- C:\WINDOWS\ehome
2009-11-02 20:53:25 ----D---- C:\WINDOWS\SD_OLD
2009-11-02 20:50:35 ----D---- C:\WINDOWS\pss
2009-11-02 20:42:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-11-02 20:04:13 ----D---- C:\Program Files\Steam
2009-11-02 19:38:05 ----SHD---- C:\System Volume Information
2009-11-02 19:37:21 ----D---- C:\WINDOWS\system32\config
2009-11-02 19:31:40 ----AC---- C:\WINDOWS\ODBCINST.INI
2009-11-02 19:30:52 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-11-02 18:39:45 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-11-02 18:33:07 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-11-02 12:28:35 ----D---- C:\WINDOWS\Media
2009-11-02 12:25:09 ----D---- C:\WINDOWS\twain_32
2009-11-02 12:24:23 ----D---- C:\WINDOWS\system32\icsxml
2009-11-02 12:23:53 ----D---- C:\WINDOWS\system32\ias
2009-11-02 12:23:48 ----D---- C:\WINDOWS\system32\1033
2009-11-02 12:22:49 ----D---- C:\WINDOWS\OemDir
2009-11-02 12:22:34 ----D---- C:\WINDOWS\Driver Cache
2009-11-02 06:41:45 ----HD---- C:\Program Files\WindowsUpdate
2009-11-01 21:16:38 ----D---- C:\Program Files\MSN
2009-10-28 19:57:17 ----D---- C:\Documents and Settings\bob_pc\Application Data\Apple Computer
2009-10-24 19:20:08 ----D---- C:\Program Files\Google
2009-10-22 03:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-21 18:40:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-10-19 16:35:53 ----D---- C:\Program Files\Common Files\Apple
2009-10-16 05:39:33 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-15 14:45:32 ----D---- C:\Program Files\Common Files\Adobe
2009-10-15 13:31:42 ----RSD---- C:\WINDOWS\assembly
2009-10-15 13:25:30 ----D---- C:\WINDOWS\Microsoft.NET

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 Pivot;Pivot; C:\WINDOWS\System32\drivers\pivot.sys [2007-02-09 17465]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-06-08 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-06-08 25416]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-10-31 165760]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-01 4484608]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-16 7729568]
R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2008-06-21 17064]
R3 SMBios;Intel (R) System Management BIOS Service; C:\WINDOWS\system32\DRIVERS\SMBios.sys [2004-06-07 36484]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dump_wmimmc;dump_wmimmc; \??\C:\AeriaGames\Shaiya\GameGuard\dump_wmimmc.sys []
S3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2006-10-24 170392]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-03-29 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-03-29 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-03-29 21568]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 pivotmou;Pivot Mouse/Pointers Filter Driver; \??\C:\WINDOWS\system32\drivers\pivotmou.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 smbusp;Intel(R) SMBus 2.0 Driver; C:\WINDOWS\system32\DRIVERS\intelsmb.sys [2004-10-12 21120]
S3 SQTECH905C;DB CIF Cam; C:\WINDOWS\System32\Drivers\Capt905c.sys [2007-05-18 37760]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 34304]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 FolderSize;Folder Size; C:\Program Files\FolderSize\FolderSizeSvc.exe [2009-11-08 151552]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-11-08 1179232]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 459776]
S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2009-01-07 26144]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2008-06-25 90112]
S4 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S4 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-24 133104]
S4 IAANTMon;IAA Event Monitor; C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [2004-03-23 94208]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-08 229376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 188416]
S4 PdiService;Portrait Displays SDK Service; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2008-06-21 110592]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 94208]
S4 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 34304]
S4 winvnc;VNC Server; C:\Program Files\TightVNC\WinVNC.exe [2007-05-07 610304]
S4 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 933376]
S4 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 34304]

-----------------EOF-----------------


Report •

#6
November 9, 2009 at 15:21:28
Before running combofix uninstall Ad-aware, Spybot and Windows Defender if they are not pay versions. If they are pay versions disable them as they will interfere with the fix.

You do not have an antivirus program running(other than a bogus one). Once you run combofix install this antivirus program immediately.

You can download the free version of AVG antivirus at this link:
AVG Free Antivirus

Update it once you get it installed.

Then Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to toolb.exe> click save.

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

In your case to run Combofix do the following:
1. Go offline turn off your AVG antivirus, and any other antispyware that you may have. (to completely turnoff AVG click the systray AVG icon then click exit. Next click the desktop AVG icon> resident shield> uncheck the box to the left of resident shield active> save changes.) Restart the computer and recheck the box you unchecked before getting back online.
2. Run Combofix by double clicking the toolb.exe icon on your desktop and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.


Remember to re-enable the protection again afterwards before connecting to the Internet.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#7
November 9, 2009 at 21:03:15
jabuck,
I can't do any of the things you asked me to do. When I try to run combofix, it tells me it can't run because I may have the Virut virus. I also cannot put AVG on my computer because as I said in my original post, I can't reach any AV sites. I tried downloading the install file from my laptop and transferring it to the infected pc, but that didn't work either.

From whay I've read so far about Virut, I'm just about ready to redo my hard drive.Please let me knbow if you know of anything less drastic I can do

Thanks for all the help


Report •

#8
November 10, 2009 at 14:56:13
Dr. Web is probably your best chance at getting rid of Virut.

Run it, then run it in safe mode, run it again in normal mode then run Combofix again.

Download Dr.Web CureIt to the desktop from the following link.

Drweb-Cureit

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode at the top, on the screen that appears. Sign in with your normal user account.

Run Dr.Web CureIt as follows:


1. Doubleclick the drweb-cureit.exe file and 2. Allow to run the express scan
3. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
4. Once the short scan has finished, mark the drives that you want to scan.
5. Select all drives. A red dot shows which drives have been chosen.
6. Click the green arrow at the right, and the scan will start.
7. Click 'Yes to all' if it asks if you want to cure/move the file.
8. When the scan has finished, look if you can click next icon next to the files found:
9. If so, click it and then click the next icon right below and select Move incurable.
10. This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
11. After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list.
Save the report to your desktop. The report will be called DrWeb.csv
12. Close Dr.Web Cureit.
13. Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
14. After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.


Report •

#9
November 11, 2009 at 07:20:33
1. Download Process Explorer and save it in C:\ folder.
Download link: http://live.sysinternals.com/procex...

2. Rename procexp.exe to explorer.exe and double-click to run it.
3. Select System Protector process from the list. Should be lsascs.exe.exe or similar and press "Delete" button to end the process.
4. Close Process Explorer and download MalwareBytes anti-malware:
http://www.filehippo.com/download_m...

5. Rename mbam-setup.exe to explorer.exe and double-click to run it. Install, update and run MalwareBytes anti-malware. Then perform full computer scan and remove all found infections.

More information about Systerm Protector removal:
http://www.bleepingcomputer.com/vir...
http://www.2-spyware.com/remove-sys...

Good luck!


Report •

#10
November 13, 2009 at 15:04:24
jabuck,
Sorry it took me so long to reply to you. For one thing I live in Pensacola and we just had a hurricane through here. For another thing, my computer was ALMOST completely trashed. I was judy on the verge of wiping it and reloading when I finally got Dr Web to work. I ran it a few times and removed a ton of crap. I had numerous spywre programs, and it seemed like evert dll and .exe had the virut infection. Dr Web reported over 1000 infected files. It helped but I still had some issues. System protector came back, and I kept having "proquota" popping up teling me my profile was too big, even though I stripped it down to minimum. I couldn't stop it so I ended up deleting my profile and creating a new one. Problem is that I deleted the DrWeb.cvs file with it.

I still have a few issues. I still can't boot to safemode and Internet explorer keeps crashing on me. Fortunately I have Firefox which works fine at this point.
I have since ran combofix per your previous instructions, and I am attaching that log file below.
I'm ready to try fixboot from the install CD, or maybe a repair, but I'll wait until I hear back from you. Please let me know what else you'd like me to do:
ComboFix 09-11-13.06 - Bob 11/13/2009 14:32.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1169 [GMT -6:00]
Running from: c:\documents and settings\Bob\Desktop\Toolb.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-4284435001-1023679811-2740395675-1000
c:\program files\SGPSA
c:\windows\ALCMTR.EXE
c:\windows\Install.txt
c:\windows\system32\349148.exe
c:\windows\system32\5786554.exe
c:\windows\system32\9.tmp
c:\windows\system32\Install.txt

c:\windows\system32\svchost.exe . . . is infected!!

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

c:\windows\system32\ie4uinit.exe . . . is infected!!

c:\windows\system32\wuauclt1.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))))))
.

2009-11-13 05:00 . 2009-11-13 05:00 -------- d-----w- c:\documents and settings\Bob\Local Settings\Application Data\Apple
2009-11-13 04:35 . 2009-11-13 04:35 73408 ----a-w- c:\documents and settings\Bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-13 04:35 . 2009-11-13 05:01 -------- d-----w- c:\documents and settings\Bob\Local Settings\Application Data\Apple Computer
2009-11-13 04:35 . 2009-11-13 05:04 -------- d-----w- c:\documents and settings\Bob\Application Data\Apple Computer
2009-11-13 04:18 . 2009-11-13 04:18 -------- d-----w- c:\documents and settings\Bob\Local Settings\Application Data\Cooliris
2009-11-13 04:18 . 2009-11-13 05:04 -------- d-----w- c:\documents and settings\Bob\Local Settings\Application Data\Google
2009-11-12 23:59 . 2009-11-13 00:00 -------- d-----w- c:\program files\Common Files\HP
2009-11-12 23:57 . 2009-11-12 23:57 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-12 23:55 . 2004-10-01 14:01 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2009-11-12 23:53 . 2009-11-12 23:55 -------- d-----w- c:\windows\LastGood
2009-11-12 23:51 . 2009-11-13 00:11 68957 ----a-w- c:\windows\hpoins05.dat
2009-11-12 23:51 . 2004-12-15 06:39 19696 ------w- c:\windows\hpomdl05.dat
2009-11-12 23:51 . 2004-10-01 13:45 229376 ----a-w- c:\windows\system32\hpovst08.dll
2009-11-12 23:51 . 2004-10-01 13:44 581632 ----a-w- c:\windows\system32\hpotscl.dll
2009-11-12 22:39 . 2009-11-12 22:39 -------- d-----w- c:\documents and settings\Bob\Local Settings\Application Data\Mozilla
2009-11-12 22:37 . 2009-11-12 22:37 -------- d-----w- c:\documents and settings\Bob\Application Data\Windows Search
2009-11-12 22:35 . 2009-11-12 22:35 -------- d-----w- c:\documents and settings\bob_pc
2009-11-12 22:34 . 2009-11-13 04:22 -------- d-----w- c:\documents and settings\Bob\Local Settings\Application Data\Adobe
2009-11-12 22:28 . 2009-11-12 22:28 -------- d-----w- c:\documents and settings\Bob\Application Data\Malwarebytes
2009-11-12 20:33 . 2001-08-17 19:52 14720 -c--a-w- c:\windows\system32\dllcache\dac960nt.sys
2009-11-12 20:32 . 2001-08-17 18:19 96256 -c--a-w- c:\windows\system32\dllcache\ctlsb16.sys
2009-11-12 20:31 . 2001-08-18 04:36 119296 -c--a-w- c:\windows\system32\dllcache\camext30.dll
2009-11-12 20:30 . 2001-08-17 18:19 36992 -c--a-w- c:\windows\system32\dllcache\aztw2320.sys
2009-11-12 20:29 . 2001-08-17 18:20 297728 -c--a-w- c:\windows\system32\dllcache\ac97sis.sys
2009-11-12 20:21 . 2009-09-16 16:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-12 20:21 . 2009-09-16 16:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-12 20:21 . 2009-09-16 16:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-12 20:21 . 2009-07-16 18:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-11-12 19:53 . 2009-11-12 20:21 -------- d-----w- c:\program files\Common Files\McAfee
2009-11-12 19:53 . 2009-11-12 20:20 -------- d-----w- c:\program files\McAfee.com
2009-11-12 19:53 . 2009-11-12 21:51 -------- d-----w- c:\program files\McAfee
2009-11-11 23:57 . 2008-11-06 08:03 -------- d-----w- C:\SDFix
2009-11-11 23:42 . 2004-08-04 06:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-11-11 23:42 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-11 23:42 . 2004-08-04 04:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-11 18:47 . 2004-08-04 12:00 30208 -c--a-w- c:\windows\system32\dllcache\sm87w.dll
2009-11-11 18:46 . 2004-08-04 12:00 36864 -c--a-w- c:\windows\system32\dllcache\hanjadic.dll
2009-11-11 18:45 . 2004-08-04 12:00 43520 -c--a-w- c:\windows\system32\dllcache\admwprox.dll
2009-11-11 18:45 . 2004-08-04 12:00 290816 -c--a-w- c:\windows\system32\dllcache\adsiis51.dll
2009-11-11 18:44 . 2009-11-12 00:35 20480 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-11-11 18:42 . 2009-11-12 00:39 19456 ----a-w- c:\windows\system32\wbem\unsecapp.exe
2009-11-11 18:42 . 2009-11-12 00:37 19456 -c--a-w- c:\windows\system32\dllcache\unsecapp.exe
2009-11-11 17:55 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-11-11 17:55 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-11-11 17:55 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-11-11 17:55 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-11-09 16:52 . 2009-11-09 16:52 -------- d-----w- C:\rsit
2009-11-09 15:53 . 2009-11-09 15:53 -------- d-----w- C:\!KillBox
2009-11-09 01:05 . 2009-11-11 19:07 348 ----a-w- c:\windows\system32\uses32.dat
2009-11-09 00:31 . 2009-09-16 16:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-11-08 22:22 . 2009-11-08 22:22 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-08 22:20 . 2009-11-10 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-03 18:58 . 2009-11-03 18:58 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-03 02:57 . 2004-08-04 12:00 189440 -c--a-w- c:\windows\system32\dllcache\smtpadm.dll
2009-11-03 02:57 . 2004-08-04 12:00 10752 -c--a-w- c:\windows\system32\dllcache\smtpapi.dll
2009-11-03 02:57 . 2004-08-04 12:00 10752 ----a-w- c:\windows\system32\smtpapi.dll
2009-11-03 02:57 . 2004-08-04 12:00 9728 -c--a-w- c:\windows\system32\dllcache\rwnh.dll
2009-11-03 02:57 . 2004-08-04 12:00 9728 ----a-w- c:\windows\system32\rwnh.dll
2009-11-03 02:57 . 2004-08-04 12:00 221696 -c--a-w- c:\windows\system32\dllcache\seo.dll
2009-11-02 17:36 . 2009-11-03 03:20 -------- d-----w- c:\windows\ServicePackFiles
2009-11-02 03:21 . 2009-11-02 03:21 -------- d-----w- c:\documents and settings\Default User\Application Data\DivX
2009-11-02 03:09 . 2004-08-04 05:07 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-11-02 03:09 . 2004-08-04 05:07 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2009-11-02 03:08 . 2004-08-04 04:59 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-11-02 03:04 . 2004-08-04 06:56 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-11-02 02:49 . 2004-08-04 07:01 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2009-11-02 02:49 . 2004-08-04 05:01 196864 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2009-11-02 02:46 . 2004-08-04 12:00 741376 -c--a-w- c:\windows\system32\dllcache\sapi.dll
2009-11-02 02:46 . 2004-08-04 12:00 22016 -c--a-w- c:\windows\system32\dllcache\agt0408.dll
2009-11-02 02:46 . 2004-08-04 12:00 19968 -c--a-w- c:\windows\system32\dllcache\agt040e.dll
2009-11-02 02:46 . 2004-08-04 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt041f.dll
2009-11-02 02:46 . 2004-08-04 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0419.dll
2009-11-02 02:46 . 2004-08-04 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0415.dll
2009-11-02 02:46 . 2004-08-04 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0405.dll
2009-11-02 02:46 . 2004-08-04 12:00 146432 ----a-w- c:\windows\system\WINSPOOL.DRV
2009-11-02 02:46 . 2004-08-04 12:00 11264 -c--a-w- c:\windows\system32\dllcache\irenum.sys
2009-11-02 02:46 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2009-11-02 02:46 . 2004-08-04 06:56 74752 ----a-w- c:\windows\system32\storprop.dll
2009-10-25 14:47 . 2009-10-25 14:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-10-24 15:43 . 2009-10-24 15:43 -------- d-----w- c:\program files\Rioshock
2009-10-22 00:40 . 2009-10-22 00:40 -------- d-----w- c:\windows\65F1CF6331E0450B96F34A88BE7361A6.TMP
2009-10-19 22:35 . 2009-10-19 22:35 -------- d-----w- c:\program files\iPod
2009-10-19 22:35 . 2009-10-19 22:36 -------- d-----w- c:\program files\iTunes
2009-10-19 22:26 . 2009-10-19 22:26 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-19 22:13 . 2009-10-19 22:13 -------- d-----w- c:\program files\Safari
2009-10-18 19:43 . 2009-10-18 19:43 -------- d-----w- c:\program files\PicLensIE
2009-10-14 23:39 . 2009-11-10 04:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-14 23:39 . 2009-11-10 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 00:01 . 2008-06-14 23:41 -------- d-----w- c:\program files\HP
2009-11-12 23:31 . 2009-11-12 23:31 -------- d-----w- c:\documents and settings\bob_pc.BOB-PC\Application Data\Malwarebytes
2009-11-12 20:24 . 2009-04-12 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-12 06:25 . 2009-11-02 03:17 153088 ----a-w- c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
2009-11-12 06:24 . 2008-06-08 03:18 37888 ----a-w- c:\windows\pchealth\helpctr\binaries\notiflag.exe
2009-11-12 06:24 . 2008-06-08 03:17 21504 ----a-w- c:\windows\pchealth\helpctr\binaries\HscUpd.exe
2009-11-12 06:24 . 2009-11-02 03:17 746496 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2009-11-12 06:24 . 2008-06-08 03:18 102400 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpHost.exe
2009-11-12 06:24 . 2009-11-02 03:17 771072 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
2009-11-12 05:37 . 2004-08-04 12:00 286208 ----a-w- c:\windows\winhlp32.exe
2009-11-12 05:37 . 2005-09-12 21:13 237568 ----a-w- c:\windows\UNRecode.exe
2009-11-12 05:37 . 2005-09-12 21:13 237568 ----a-w- c:\windows\UNNeroShowTime.exe
2009-11-12 05:37 . 2005-09-12 21:13 237568 ----a-w- c:\windows\UNNeroMediaHome.exe
2009-11-12 05:37 . 2005-09-12 21:13 237568 ----a-w- c:\windows\UNNeroBackItUp.exe
2009-11-12 05:37 . 2008-06-10 23:04 286208 ----a-w- c:\windows\uninst.exe
2009-11-12 05:37 . 2008-06-08 12:52 36864 ----a-w- c:\windows\slrundll.exe
2009-11-12 05:37 . 2004-08-04 12:00 17920 ----a-w- c:\windows\taskman.exe
2009-11-12 05:37 . 2009-04-29 16:09 2885120 ----a-w- c:\windows\SkyTel.exe
2009-11-12 05:36 . 2009-04-29 16:08 16130560 ----a-w- c:\windows\SET132.tmp
2009-11-12 05:36 . 2004-08-04 12:00 71680 ----a-w- c:\windows\notepad.exe
2009-11-12 05:36 . 2004-08-04 12:00 148992 ----a-w- c:\windows\regedit.exe
2009-11-12 05:36 . 2009-04-29 16:08 319488 ----a-w- c:\windows\HideWin.exe
2009-11-12 05:36 . 2004-08-04 12:00 13312 ----a-w- c:\windows\hh.exe
2009-11-12 05:36 . 2009-01-05 20:44 61440 ----a-w- c:\windows\bdoscandel.exe
2009-11-12 05:36 . 2009-06-20 19:39 86016 ----a-w- c:\windows\ALCFDRTM.EXE
2009-11-12 05:11 . 2009-10-09 00:06 -------- d-----w- c:\program files\Steam
2009-11-12 05:09 . 2008-06-08 03:36 90112 ----a-w- c:\windows\SOUNDMAN.EXE
2009-11-12 05:09 . 2005-09-21 21:29 1196032 ----a-w- c:\windows\RtlUpd.exe
2009-11-12 05:09 . 2008-06-08 03:36 9714176 ----a-w- c:\windows\RTLCPL.EXE
2009-11-12 05:09 . 2005-09-22 18:36 16130560 ----a-w- c:\windows\RTHDCPL.EXE
2009-11-12 05:09 . 2005-09-07 15:40 2161152 ----a-w- c:\windows\MicCal.exe
2009-11-12 05:09 . 2008-06-08 03:36 2813440 ----a-w- c:\windows\ALCWZRD.EXE
2009-11-12 02:12 . 2008-06-09 01:36 81920 ----a-w- c:\program files\removepatch.exe
2009-11-12 01:44 . 2009-07-11 18:50 90112 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-11-12 00:57 . 2009-11-02 03:17 160768 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-11-12 00:57 . 2004-08-04 12:00 1052160 ----a-w- c:\windows\explorer.exe
2009-11-12 00:39 . 2008-06-08 03:15 220672 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2009-11-12 00:39 . 2009-11-02 03:16 361472 ----a-w- c:\windows\system32\wbem\wmic.exe
2009-11-12 00:39 . 2009-11-02 03:16 129024 ----a-w- c:\windows\system32\wbem\wmiapsrv.exe
2009-11-12 00:39 . 2009-11-02 03:16 199168 ----a-w- c:\windows\system32\wbem\wmiadap.exe
2009-11-12 00:39 . 2008-06-08 03:16 15872 ----a-w- c:\windows\system32\wbem\winmgmt.exe
2009-11-12 00:39 . 2009-11-02 03:16 118784 ----a-w- c:\windows\system32\wbem\wbemtest.exe
2009-11-12 00:39 . 2009-11-02 03:16 39424 ----a-w- c:\windows\system32\wbem\scrcons.exe
2009-11-12 00:39 . 2009-11-02 03:16 18944 ----a-w- c:\windows\system32\wbem\mofcomp.exe
2009-11-12 00:32 . 2009-11-02 03:16 541184 ----a-w- c:\windows\system32\spider.exe
2009-11-12 00:31 . 2009-11-02 03:17 14848 ----a-w- c:\windows\system32\mstinit.exe
2009-11-12 00:30 . 2004-08-04 12:00 48128 ----a-w- c:\windows\system32\drwtsn32.exe
2009-11-12 00:21 . 2009-11-12 00:21 44 ----a-w- c:\windows\system32\10.tmp
2009-11-12 00:00 . 2009-11-12 00:00 44 ----a-w- c:\windows\system32\2.tmp
2009-11-11 23:42 . 2008-06-28 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-11 19:28 . 2009-11-11 19:28 44 ----a-w- c:\windows\system32\E.tmp
2009-11-11 19:05 . 2009-11-11 19:05 44 ----a-w- c:\windows\system32\6.tmp
2009-11-11 18:43 . 2008-06-08 03:17 23372 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-11 04:32 . 2009-01-03 22:48 -------- d-----w- c:\program files\TightVNC
2009-11-11 02:37 . 2006-09-28 23:56 148992 ----a-w- c:\windows\system32\WudfHost.exe
2009-11-11 02:37 . 2006-10-19 01:00 19968 ----a-w- c:\windows\system32\wpdshextautoplay.exe
2009-11-11 02:37 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\wmpstub.exe
2009-11-11 02:37 . 2002-08-21 11:13 192512 ----a-w- c:\windows\system32\WISPTIS.EXE
2009-11-11 02:37 . 2006-10-19 02:58 11264 ----a-w- c:\windows\system32\wdfmgr.exe
2009-11-11 02:37 . 2008-06-08 12:52 31232 ----a-w- c:\windows\system32\verclsid.exe
2009-11-11 02:37 . 2006-10-19 02:58 11264 ----a-w- c:\windows\system32\uwdf.exe
2009-11-11 02:36 . 2008-06-08 12:52 23552 ----a-w- c:\windows\system32\spupdwxp.exe
2009-11-11 02:36 . 2008-06-08 12:52 10240 ----a-w- c:\windows\system32\spdwnwxp.exe
2009-11-11 02:36 . 2008-06-08 12:52 36864 ----a-w- c:\windows\system32\slrundll.exe
2009-11-11 02:36 . 2008-06-08 12:52 36864 ----a-w- c:\windows\system32\setupn.exe
2009-11-11 02:36 . 2008-05-27 04:18 187392 ----a-w- c:\windows\system32\searchprotocolhost.exe
2009-11-11 02:36 . 2008-05-27 04:18 459776 ----a-w- c:\windows\system32\searchindexer.exe
2009-11-11 02:36 . 2008-05-27 04:17 90112 ----a-w- c:\windows\system32\searchfilterhost.exe
2009-11-11 02:36 . 2005-10-29 04:49 87040 ----a-w- c:\windows\system32\pintool.exe
2009-11-11 02:35 . 2008-06-08 12:52 179200 ----a-w- c:\windows\system32\napstat.exe
2009-11-11 02:35 . 2008-06-08 12:52 36352 ----a-w- c:\windows\system32\mmcperf.exe
2009-11-11 02:34 . 2008-06-14 23:42 77824 ------w- c:\windows\system32\HPZipm12.exe
2009-11-11 02:34 . 2008-06-14 23:42 69632 ------w- c:\windows\system32\HPZinw12.exe
2009-11-11 02:34 . 2004-03-17 20:10 64512 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe
2009-11-11 02:34 . 2009-05-01 18:30 3371008 ----a-w- c:\windows\system32\GPhotos.scr
2009-11-11 02:34 . 2008-06-08 12:52 23552 ----a-w- c:\windows\system32\faxpatch.exe
2009-11-11 02:34 . 2006-10-19 01:00 252416 ----a-w- c:\windows\system32\drmupgds.exe
2009-11-11 02:34 . 2008-06-08 12:52 12288 ----a-w- c:\windows\system32\comsdupd.exe
2009-11-11 02:34 . 2009-04-29 16:09 53248 ----a-w- c:\windows\system32\ChCfg.exe
2009-11-10 14:51 . 2009-11-10 14:51 1 ----a-w- c:\windows\system32\12.tmp
2009-11-10 14:51 . 2009-11-10 14:51 176 ----a-w- c:\windows\system32\8.tmp
2009-11-10 05:09 . 2009-11-10 05:09 88 ----a-w- c:\windows\system32\4.tmp
2009-11-10 04:31 . 2009-11-10 04:31 88 ----a-w- c:\windows\system32\C.tmp
2009-11-09 16:26 . 2009-11-09 16:26 88 ----a-w- c:\windows\system32\11.tmp
2009-11-09 15:52 . 2009-11-09 15:52 88 ----a-w- c:\windows\system32\3.tmp
2009-11-09 14:58 . 2009-11-09 14:58 88 ----a-w- c:\windows\system32\5.tmp
2009-11-09 00:41 . 2009-11-09 00:41 44 ----a-w- c:\windows\system32\F.tmp
2009-11-08 22:25 . 2009-11-08 22:25 44 ----a-w- c:\windows\system32\A.tmp
2009-11-08 14:27 . 2009-10-03 19:19 -------- d-----w- c:\program files\Yahoo!
2009-11-07 15:53 . 2009-11-07 15:53 0 ----a-w- c:\windows\system32\D.tmp
2009-11-07 15:52 . 2009-11-07 15:52 52 ----a-w- c:\windows\system32\B.tmp
2009-11-06 18:57 . 2008-06-08 03:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-03 14:43 . 2009-02-01 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Corporation
2009-11-03 02:42 . 2009-10-05 16:29 195456 ----a-w- c:\windows\system32\MpSigStub.exe
2009-11-02 03:21 . 2009-11-12 23:31 -------- d-----w- c:\documents and settings\bob_pc.BOB-PC\Application Data\DivX
2009-11-02 03:21 . 2009-11-12 22:27 -------- d-----w- c:\documents and settings\Bob\Application Data\DivX
2009-11-02 03:21 . 2009-11-02 03:18 86665 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-25 01:20 . 2008-06-08 04:14 -------- d-----w- c:\program files\Google
2009-10-22 00:40 . 2008-06-28 21:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-19 22:35 . 2008-06-28 03:34 -------- d-----w- c:\program files\Common Files\Apple
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2009-11-12 . BF685C0BB3559576E65923E8D171818F . 60416 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
[-] 2009-11-12 . 00B567080713C9A17679F015206A2761 . 60416 . . [5.1.2600.2696] . . c:\windows\SD_OLD\Download\0fd33c77398fa2b50df56456525ef5c3\sp2qfe\spoolsv.exe
[-] 2009-11-12 . D5361266C34067B3C357AE2955D40612 . 60416 . . [5.1.2600.2696] . . c:\windows\SD_OLD\Download\0fd33c77398fa2b50df56456525ef5c3\sp2gdr\spoolsv.exe
[-] 2009-11-12 . 6F89BBDF56781B28A6EDADD29ECF147E . 60416 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2009-11-12 . F6C1F03EFED304B4DA92DC260F0217FF . 77824 . . [5.1.2600.2180] . . c:\windows\system32\spoolsv.exe

[-] 2009-11-12 . 1445C62BCCC457DD23DC6A26BD2A4D95 . 113664 . . [5.4.3790.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wuauclt.exe
[-] 2009-11-12 . BD99CBC8F5B3071CE6DAFEC55A7334AA . 113664 . . [5.4.3790.2180] . . c:\windows\system32\dllcache\wuauclt.exe
[-] 2009-11-12 . 7D16EB7BD3CA96310BB4062F6B2B0610 . 131072 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe

[-] 2009-11-12 . A431DFF302AEB08FE02FA775B1068634 . 16896 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[-] 2009-11-12 . FB1563E37392148D18345C71DDD87E39 . 16896 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe
[-] 2009-11-12 . 1D47D064EF577B7AFA87DC32AED150C0 . 34304 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[-] 2009-11-12 . 4A95A60F52A6BD728E3048F5EF016AFD . 28672 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[-] 2009-11-12 . D13C398F5A7B5C630FC85683173DC01E . 27136 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe
[-] 2009-11-12 . 6EFDAFD443D8F52D16F866ED36180AAA . 27136 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe

[-] 2009-11-12 . 63F45487D1BE5A7FBF2ABEA1697E7324 . 1036288 . . [6.00.2900.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[-] 2009-11-12 . 5F92B92DC6B69088E8FBEF8575322D4C . 1035776 . . [6.00.2900.3156] . . c:\windows\SD_OLD\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe
[-] 2009-11-12 . A12A5D5D475BEF1AB29BBE9B63F17B4F . 1035776 . . [6.00.2900.3156] . . c:\windows\SD_OLD\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
[-] 2009-11-12 . 144834667583B652A7E8CD01D0009FE4 . 1052160 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2009-11-12 . 4AB00573A489D84D7D16B564A3D6C49B . 1034752 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe

[-] 2009-11-12 . BB08E8F131B7E7F3CA3ECE77320DD372 . 16384 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wscntfy.exe
[-] 2009-11-12 . 1E82EF715940CF3409A547A4484B7C73 . 16384 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe
[-] 2009-11-12 . 816CB2C08CC29EC7D12C47521B5F6BDD . 16384 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2009-11-12 90112]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2009-11-12 2813440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ÑN@"="d14e4000" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
backup=c:\windows\pss\APC UPS Status.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^bob_pc^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\bob_pc\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^bob_pc^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\bob_pc\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^bob_pc^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\documents and settings\bob_pc\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"fastnetsrv"=2 (0x2)
"6to4"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Octoshape Streaming Services\\bob_pc\\OctoshapeClient.exe"=
"c:\\Temp\\HP_WebRelease\\Setup\\HPZnet01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [9/11/2007 3:24 PM 17328]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/12/2009 2:23 PM 203280]
S3 dump_wmimmc;dump_wmimmc;\??\c:\aeriagames\Shaiya\GameGuard\dump_wmimmc.sys --> c:\aeriagames\Shaiya\GameGuard\dump_wmimmc.sys [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/24/2009 7:17 PM 133104]
S4 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [4/4/2009 11:08 AM 94208]
S4 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [3/30/2009 3:28 PM 1533808]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ALERTER
*NewlyCreated* - MBR
*NewlyCreated* - MCODS
*Deregistered* - mbr
*Deregistered* - PROCEXP113

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
BtwSrv
.
Contents of the 'Scheduled Tasks' folder

2009-11-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 01:17]

2009-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 01:17]

2009-11-12 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-12 18:22]

2009-11-12 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-12 18:22]

2009-11-13 c:\windows\Tasks\User_Feed_Synchronization-{BBB4DD75-370A-47BD-9B78-753AE1C3A2BF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:35]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\f4tl8igk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={55E06B58-DCAE-D243-202D-E1B6C48C14B1}&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: e:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- File Associations -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

AddRemove-FrostWire - e:\program files\FrostWire\Uninstall.exe
AddRemove-HijackThis - c:\documents and settings\bob_pc\Desktop\Spyware_Antivirus\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-13 14:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
Completion time: 2009-11-13 14:43
ComboFix-quarantined-files.txt 2009-11-13 20:43

Pre-Run: 22,574,698,496 bytes free
Post-Run: 23,871,422,464 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Safe Mode" /noexecute=optin /fastdetect/safeboot:network

Current=6 Default=6 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - CE77835DE523719C0A453A023B5BC355


Report •


Ask Question