Inactive [InActive] Possible malware?

steveo65 · 2008/11/07

It was suggested that I move this problem to this forum. Here's the other forum link,http://www.WindowsBBS.com/windows-xp/78463-no-internet-options-control-panel-new-post.html
When I'm in the control panel, I click on Internet Options and the screen flickers once and then nothing. Internet Options never opens. If I open "inetcpl.cpl" in "Windows/system32" folder I can get it to open. After running "sfc /scannow ", the problem still existed. I then downloaded and ran RSIT.exe. Here are the results. I don't know how to make a 2nd page, so I will post the other log as a reply.

info.txt logfile of random's system information tool 1.04 2008-11-07 01:31:14

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {669EB263-0AFE-4FCB-A068-DB082CA6273C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0416-0000-0000000FF1CE} /uninstall {98003BDC-1B68-4970-B28E-ACC8000D2F3E}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0101-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c "C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll "
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
Battlefield Vietnam(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E35B3C63-E958-4E31-A178-95D22024109A}\setup.exe" -l0x9
BUSHWAR-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\EA GAMES\Battlefield Vietnam\UnInst.log" "/APPNAME=BUSHWAR "
Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{26BDE7D8-93F0-4A07-AD47-1707DB417941} /l1033
Canon Camera Window for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}
Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DE286975-ACF1-45B8-9EF7-34E162B2C817}
Canon MP Navigator EX 1.0--> "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP470 series--> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon PhotoRecord-->MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}
Canon RemoteCapture Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Classic Menu 3.x for Office 2007--> "C:\Program Files\Classic Menu for Office\unins000.exe "
doPDF 6.1 printer--> "C:\Program Files\Softland\doPDF 6\unins000.exe "
Driver Detective-->C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
ExamForce Engine Installation CM 7.7-->C:\PROGRA~1\CRAMMA~1\SAVEDF~1\UNWISE.EXE C:\PROGRA~1\CRAMMA~1\SAVEDF~1\INSTALL.LOG
ffdshow [rev 1763] [2007-01-08]--> "C:\Program Files\ffdshow\unins000.exe "
FrostWire 4.17.0-->C:\Program Files\FrostWire\Uninstall.exe
Google Updater--> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)--> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe "
Hotfix for Windows Media Player 11 (KB939683)--> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB915800-v4)--> "C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB915865)--> "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) Network Connections-->MsiExec.exe /I{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
LightScribe System Software 1.14.19.1-->MsiExec.exe /X{513148E7-B7A1-48B2-B518-668701E546F5}
Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft Color Control Panel Applet for Windows XP-->MsiExec.exe /X{CE378F36-E404-4244-A33F-F50A2A6D31BD}
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007--> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {AA4F2610-5FF1-4DCD-A6FB-BCA2D09A6443}
Microsoft Office Visio 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-0054-0409-0000-0000000FF1CE} /uninstall {EA35370F-586C-45E1-AC6C-A4E275C6B762}
Microsoft Office Visio 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-0054-0416-0000-0000000FF1CE} /uninstall {154A1D4F-7042-42B4-A9E2-88CDA1712B4C}
Microsoft Office Visio 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-0055-0409-0000-0000000FF1CE} /uninstall {EA35370F-586C-45E1-AC6C-A4E275C6B762}
Microsoft Office Visio Language Pack 2007 - English--> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISMUI.EN-US /dll OSETUP.DLL
Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007--> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office VisMUI (English) 2007-->MsiExec.exe /X{90120000-0055-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office X MUI (English) 2007-->MsiExec.exe /X{90120000-0101-0409-0000-0000000FF1CE}
Microsoft Pro Photo Tools-->MsiExec.exe /I{A05CF147-BEED-4880-BF9B-4EAF22C77FFD}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Morpheus Photo Animation Suite v3.10--> "C:\Program Files\Morpheus Photo Animation Suite\unins000.exe "
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 7 Essentials-->MsiExec.exe /X{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OJOsoft MP4 to MP3 Converter--> "C:\Program Files\OJOsoft\uninstall.exe" "/U:C:\Program Files\OJOsoft\OJOsoft MP4 to MP3 Converter\Uninstall\uninstall.xml "
PC Pitstop Optimize 1.0--> "C:\Program Files\PCPitstop\Optimize\unins000.exe "
Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
Photovista Panorama-->MsiExec.exe /X{57A4F674-673A-4648-B335-3791AA9C83C0}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RegCure 1.5.0.1-->C:\Program Files\RegCure\uninst.exe
Registry Mechanic 8.0--> "C:\Program Files\Registry Mechanic\unins000.exe" /Log
ScanSoft OmniPage SE 4-->MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
SearchPerks! Perk Counter-->MsiExec.exe /X{0980C810-4CEF-465A-8064-1EC4DC6572D2}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Visio 2007 (KB947590)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {199018BD-578E-44BD-A28F-7F944931CABD}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Windows Internet Explorer 7 (KB938127-v2)--> "C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB953838)--> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB956390)--> "C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB954154)--> "C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923689)--> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950759)--> "C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954211)--> "C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956391)--> "C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956803)--> "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956841)--> "C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957095)--> "C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe "
Security Update for Windows XP (KB958644)--> "C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe "
Sorenson Squeeze 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6A143FF0-BB9A-4A9C-A318-1688BA366BAE}\setup.exe" -l0x9
Spybot - Search & Destroy--> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Starry Night Backyard 3.1-->C:\WINDOWS\unvise32.exe C:\Program Files\Starry Night Backyard\uninstal.log

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
ubCore-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9}
Update for Windows XP (KB942763)--> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe "
Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
Update for Windows XP (KB951978)--> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe "
Virtual Earth 3D (Beta)-->MsiExec.exe /I{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll ",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Connect-->msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect-->MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11--> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe "
Windows Search 4.0--> "C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe "
Windows XP Service Pack 3--> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe "
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 hi.studioaperto.net
127.0.0.1 www.webbrowser.tv
127.0.0.1 www.wazzupnet.com
127.0.0.1 gueb.com
127.0.0.1 kabex.com
127.0.0.1 www.hityou.com

======Security center information======

AV: Spyware Doctor with AntiVirus
AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\PC Connectivity Solution\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 3 Suite;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Intel\DMIX
"windir "=%SystemRoot%
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=15
"PROCESSOR_IDENTIFIER "=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION "=0304
"NUMBER_OF_PROCESSORS "=2
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"QTJAVA "=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
"CLASSPATH "=.; "C:\Program Files\Java\j2re1.4.1_07\lib\ext\QTJava.zip ";C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

steveo65 · 2008/11/07

Page 2 the other log

Logfile of random's system information tool 1.04 (written by random/random)
Run by STEVE at 2008-11-07 01:30:40
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 57 GB (49%) free of 114 GB
Total RAM: 3039 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:31:08 AM, on 11/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\FrostWire\FrostWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\STEVE\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\STEVE.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe "
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [WinColorReminder] C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8969 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\PC Pitstop Optimize.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{E2FBE838-A198-4BAA-9737-F2779651B624}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2787EA8E-8D87-48af-88AD-B30246C917AB}]
SearchPerks! Perk Counter - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll [2008-09-30 514096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-10 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
SITEguard
{2787EA8E-8D87-48af-88AD-B30246C917AB} - SearchPerks! Perk Counter - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll [2008-09-30 514096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY "=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-24 1234712]
"IntelliPoint "=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]
"itype "=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-11-21 813912]
"GrooveMonitor "=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"ISTray "=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"IgfxTray "=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"HotKeysCmds "=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
"Persistence "=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"Windows Defender "=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer "=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"RegistryMechanic "=C:\Program Files\Registry Mechanic\RegMech.exe [2008-07-08 2828184]
"WinColorReminder "=C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe [2005-10-31 101120]
"WMPNSCFG "=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
C:\Program Files\lg_fwupdate\fwupdate.exe [2007-02-26 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadMSvcmm]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-05-28 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pgsazn]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search-Exe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shsvotsx]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2008-08-19 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 2]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wdskctl]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdService]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows ControlAd]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YneCz]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Infuzer.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-09-28 123904]

C:\Documents and Settings\STEVE\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "avgrsstx.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} "=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\support.com\bin\tgcmd.exe "= "C:\Program Files\support.com\bin\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher "
"C:\WINDOWS\system32\rundll32.exe "= "C:\WINDOWS\system32\rundll32.exe:*isabled:Run a DLL as an App "
"C:\WINDOWS\system32\dpvsetup.exe "= "C:\WINDOWS\system32\dpvsetup.exe:*isabled:Microsoft DirectPlay Voice Test "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\FrostWire\FrostWire.exe "= "C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire "
"C:\Program Files\Internet Explorer\iexplore.exe "= "C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer "
"C:\Program Files\AVG\AVG8\avgupd.exe "= "C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "
"D:\CDS\Nero\Installation\SetupX.exe "= "D:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup "
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe "= "C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup "
"C:\Documents and Settings\STEVE\Local Settings\Temp\Nero Web\SetupXu.exe "= "C:\Documents and Settings\STEVE\Local Settings\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup "
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe "= "C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942 "
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE "= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook "
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE "= "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove "
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE "= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

======File associations======

.js - open -
.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1 "
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2008-11-07 01:30:41 ----D---- C:\Program Files\trend micro
2008-11-07 01:30:40 ----D---- C:\rsit
2008-11-05 02:16:05 ----D---- C:\Documents and Settings\STEVE\Application Data\Mozilla
2008-11-05 02:14:23 ----D---- C:\Program Files\Mozilla Firefox
2008-11-02 17:08:45 ----D---- C:\Program Files\Classic Menu for Office
2008-10-30 22:31:00 ----D---- C:\Program Files\Common Files\iseemedia
2008-10-30 22:30:58 ----D---- C:\Program Files\iseemedia
2008-10-30 22:30:11 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-30 22:23:18 ----D---- C:\Documents and Settings\STEVE\Application Data\Morpheus Software
2008-10-30 22:22:57 ----D---- C:\Program Files\Morpheus Photo Animation Suite
2008-10-30 21:15:15 ----A---- C:\WINDOWS\system32\dopdfmn6.dll
2008-10-30 21:15:15 ----A---- C:\WINDOWS\system32\dopdfmi6.dll
2008-10-30 21:15:08 ----D---- C:\Program Files\Softland
2008-10-25 05:19:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-24 22:58:20 ----D---- C:\Program Files\Windows Installer Clean Up
2008-10-24 22:56:04 ----D---- C:\Program Files\MSECACHE
2008-10-22 22:37:01 ----D---- C:\Program Files\Windows Defender
2008-10-21 22:19:45 ----D---- C:\Program Files\Perfect Uninstaller
2008-10-20 22:50:29 ----A---- C:\WINDOWS\ALCFDRTM.EXE
2008-10-20 15:43:01 ----A---- C:\WINDOWS\system32\igfxres.dll
2008-10-20 14:48:39 ----D---- C:\Program Files\OJOsoft
2008-10-20 14:44:36 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-19 10:24:54 ----A---- C:\WINDOWS\system32\order.txt
2008-10-18 15:50:39 ----A---- C:\WINDOWS\system32\results.txt
2008-10-17 00:14:15 ----D---- C:\Program Files\SearchPerks! Perk Counter
2008-10-16 21:55:38 ----A---- C:\WINDOWS\Autumn_Fantasy.ini
2008-10-16 19:57:58 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-10-16 19:43:26 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-10-16 19:42:38 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2008-10-16 19:40:30 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-16 19:40:14 ----D---- C:\Program Files\Windows Live
2008-10-16 19:39:55 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-15 23:07:33 ----D---- C:\Documents and Settings\STEVE\Application Data\WinRAR
2008-10-15 23:07:01 ----D---- C:\Program Files\WinRAR
2008-10-15 00:23:54 ----D---- C:\Program Files\Windows Live Safety Center
2008-10-14 22:31:38 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-10-14 20:40:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-14 20:40:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-14 20:39:52 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-14 20:38:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-14 20:38:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-13 10:45:17 ----A---- C:\WINDOWS\system32\ltclr13n.dll
2008-10-13 10:45:17 ----A---- C:\WINDOWS\system32\lftif13n.dll
2008-10-13 10:45:17 ----A---- C:\WINDOWS\system32\lffax13n.dll
2008-10-10 00:22:04 ----D---- C:\Documents and Settings\STEVE\Application Data\Trondent Development Corp
2008-10-08 21:52:57 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-10-08 21:45:07 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-10-02 15:17:55 ----A---- C:\WINDOWS\COVERE~1.INI
2008-09-29 21:02:38 ----D---- C:\Converted
2008-09-29 20:58:32 ----D---- C:\Program Files\Common Files\Download Manager
2008-09-28 08:19:43 ----D---- C:\Sierra
2008-09-27 00:08:15 ----D---- C:\Downloads
2008-09-25 21:05:40 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2008-09-25 21:05:36 ----D---- C:\Documents and Settings\STEVE\Application Data\Azureus
2008-09-23 19:42:21 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-09-23 19:40:50 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-09-21 11:04:06 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-09-20 09:40:51 ----D---- C:\Documents and Settings\STEVE\Application Data\Windows Desktop Search
2008-09-19 19:07:30 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2008-09-19 07:19:25 ----D---- C:\Program Files\Common Files\DESIGNER
2008-09-19 07:00:39 ----A---- C:\WINDOWS\system32\msonpmon.dll
2008-09-19 06:55:02 ----D---- C:\Program Files\Microsoft Visual Studio
2008-09-19 06:46:47 ----D---- C:\Program Files\Microsoft Visual Studio 8
2008-09-19 06:45:11 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-17 00:00:51 ----D---- C:\Documents and Settings\STEVE\Application Data\uTorrent
2008-09-16 06:47:41 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-15 22:57:24 ----D---- C:\Documents and Settings\STEVE\Application Data\Canon
2008-09-15 21:41:34 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-09-15 21:41:24 ----A---- C:\WINDOWS\system32\CNC470O.DLL
2008-09-15 21:41:23 ----A---- C:\WINDOWS\system32\CNC470L.DLL
2008-09-15 21:41:23 ----A---- C:\WINDOWS\system32\CNC470I.DLL
2008-09-15 21:41:23 ----A---- C:\WINDOWS\system32\CNC470C.DLL
2008-09-15 21:41:07 ----HD---- C:\Program Files\CanonBJ
2008-09-15 21:17:10 ----D---- C:\Program Files\Common Files\CANON
2008-09-15 21:01:41 ----A---- C:\WINDOWS\system32\CNMLM8U.DLL
2008-09-15 20:59:22 ----A---- C:\WINDOWS\MAXLINK.INI
2008-09-15 20:58:56 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-15 20:58:53 ----D---- C:\Documents and Settings\STEVE\Application Data\ScanSoft
2008-09-15 20:58:39 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2008-09-15 20:58:39 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-09-15 20:57:57 ----D---- C:\Program Files\ScanSoft
2008-09-10 20:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-10 20:00:07 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-08 10:08:28 ----AC---- C:\WINDOWS\system32\lfgif13n.dll
2008-09-08 10:08:27 ----AC---- C:\WINDOWS\system32\ltkrn13n.dll
2008-09-08 10:08:27 ----AC---- C:\WINDOWS\system32\ltimg13n.dll
2008-09-08 10:08:27 ----AC---- C:\WINDOWS\system32\ltfil13n.dll
2008-09-08 10:08:27 ----AC---- C:\WINDOWS\system32\ltefx13n.dll
2008-09-08 10:08:27 ----AC---- C:\WINDOWS\system32\ltdis13n.dll
2008-09-08 10:08:27 ----AC---- C:\WINDOWS\system32\lfcmp13n.dll
2008-09-08 10:08:27 ----AC---- C:\WINDOWS\system32\lfbmp13n.dll
2008-09-05 00:41:14 ----D---- C:\Program Files\Photo Story 3 for Windows
2008-09-04 22:29:57 ----RAC---- C:\WINDOWS\system32\DolbyHph.dll
2008-09-04 08:24:38 ----AC---- C:\WINDOWS\system32\ieencode.dll
2008-09-04 08:07:19 ----D---- C:\Program Files\Pro Imaging Powertoys
2008-09-03 22:37:35 ----A---- C:\WINDOWS\system32\igxprd32.dll
2008-09-03 22:37:35 ----A---- C:\WINDOWS\system32\igfxpers.exe
2008-09-03 22:37:34 ----AC---- C:\WINDOWS\system32\iglicd32.dll
2008-09-03 22:37:34 ----AC---- C:\WINDOWS\system32\igldev32.dll
2008-09-03 22:37:34 ----AC---- C:\WINDOWS\system32\igfxsrvc.exe
2008-09-03 22:37:34 ----A---- C:\WINDOWS\system32\igxpgd32.dll
2008-09-03 22:37:34 ----A---- C:\WINDOWS\system32\igxpdv32.dll
2008-09-03 22:37:33 ----AC---- C:\WINDOWS\system32\igfxCoIn_v4764.dll
2008-09-03 22:37:33 ----A---- C:\WINDOWS\system32\igxpdx32.dll
2008-09-03 22:37:27 ----AC---- C:\WINDOWS\system32\igxpun.exe
2008-09-03 22:37:27 ----AC---- C:\WINDOWS\system32\difxapi.dll
2008-09-03 21:05:06 ----AC---- C:\WINDOWS\system32\igfxext.exe
2008-09-03 21:05:06 ----AC---- C:\WINDOWS\system32\igfxexps.dll
2008-09-03 21:04:38 ----RAC---- C:\WINDOWS\system32\ialmgdev.dll
2008-09-03 21:04:38 ----RAC---- C:\WINDOWS\system32\iAlmCoIn_v3847.dll
2008-09-03 21:04:36 ----RAC---- C:\WINDOWS\system32\ialmgicd.dll
2008-09-03 21:04:35 ----RAC---- C:\WINDOWS\system32\ialmrem.dll
2008-09-03 21:04:04 ----RAC---- C:\WINDOWS\system32\igfxhk.dll
2008-09-03 21:04:04 ----AC---- C:\WINDOWS\system32\igfxress.dll
2008-09-03 21:04:04 ----A---- C:\WINDOWS\system32\hkcmd.exe
2008-09-03 21:04:03 ----AC---- C:\WINDOWS\system32\igfxzoom.exe
2008-09-03 21:04:03 ----AC---- C:\WINDOWS\system32\igfxtray.exe
2008-09-03 21:04:02 ----AC---- C:\WINDOWS\system32\igfxdo.dll
2008-09-03 21:04:02 ----AC---- C:\WINDOWS\system32\igfxdev.dll
2008-09-03 21:04:01 ----RAC---- C:\WINDOWS\system32\igfxdiag.exe
2008-09-03 21:04:01 ----RAC---- C:\WINDOWS\system32\igfxdgps.dll
2008-09-03 21:04:01 ----AC---- C:\WINDOWS\system32\igfxcfg.exe
2008-09-03 21:04:00 ----RAC---- C:\WINDOWS\system32\igfxeud.dll
2008-09-03 21:03:59 ----AC---- C:\WINDOWS\system32\igfxpph.dll
2008-09-03 21:03:59 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2008-09-03 21:03:58 ----RAC---- C:\WINDOWS\system32\ialmdd5.dll
2008-09-03 21:03:58 ----A---- C:\WINDOWS\system32\hccutils.dll
2008-09-03 21:03:57 ----RAC---- C:\WINDOWS\system32\ialmrnt5.dll
2008-09-03 21:03:57 ----RAC---- C:\WINDOWS\system32\ialmdnt5.dll
2008-09-03 21:03:57 ----RAC---- C:\WINDOWS\system32\ialmdev5.dll
2008-09-03 19:32:34 ----AC---- C:\WINDOWS\OpPrintServer.INI
2008-09-03 19:30:19 ----D---- C:\Program Files\Canon
2008-09-03 18:34:09 ----D---- C:\Program Files\RegCure
2008-09-03 16:53:35 ----D---- C:\Program Files\Registry Mechanic
2008-08-29 08:05:25 ----D---- C:\Program Files\Common Files\Ahead
2008-08-29 08:05:25 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-29 07:07:49 ----D---- C:\Documents and Settings\STEVE\Application Data\Ahead
2008-08-28 00:24:53 ----D---- C:\Program Files\Unibrain
2008-08-28 00:20:42 ----D---- C:\Program Files\MSXML 4.0
2008-08-27 16:34:11 ----AC---- C:\WINDOWS\system32\wuaueng.dll.wusetup.57397843.new
2008-08-27 01:13:16 ----D---- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-08-27 01:01:51 ----D---- C:\Program Files\Common Files\LightScribe
2008-08-27 00:58:50 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2008-08-27 00:56:37 ----D---- C:\Program Files\Nero
2008-08-27 00:55:45 ----AC---- C:\WINDOWS\system32\d3dx9_30.dll
2008-08-27 00:55:44 ----AC---- C:\WINDOWS\system32\d3dx9_28.dll
2008-08-27 00:52:45 ----AC---- C:\WINDOWS\lgfwup.ini
2008-08-27 00:52:42 ----AC---- C:\WINDOWS\system32\VB6KO.DLL
2008-08-27 00:52:42 ----AC---- C:\WINDOWS\system32\lgfwunis.exe
2008-08-27 00:52:40 ----D---- C:\Program Files\lg_fwupdate
2008-08-27 00:45:03 ----D---- C:\Program Files\CyberLink
2008-08-22 08:01:47 ----D---- C:\Program Files\Spyware Doctor
2008-08-22 08:01:47 ----D---- C:\Documents and Settings\STEVE\Application Data\PC Tools
2008-08-22 00:15:30 ----D---- C:\Program Files\Microsoft Windows Script
2008-08-22 00:01:22 ----D---- C:\Program Files\Microsoft IntelliType Pro
2008-08-20 23:05:25 ----D---- C:\Program Files\Common Files\PC Tools
2008-08-19 09:35:54 ----AC---- C:\WINDOWS\system32\CSVer.dll
2008-08-19 01:43:24 ----D---- C:\Program Files\Microsoft IntelliPoint
2008-08-19 01:39:03 ----AC---- C:\WINDOWS\SkyTel.exe
2008-08-19 01:39:02 ----AC---- C:\WINDOWS\system32\ChCfg.exe
2008-08-19 01:38:29 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2008-08-19 01:38:29 ----A---- C:\WINDOWS\RtlUpd.exe
2008-08-19 01:38:26 ----A---- C:\WINDOWS\MicCal.exe
2008-08-19 01:38:25 ----D---- C:\Program Files\Realtek
2008-08-19 01:38:25 ----A---- C:\WINDOWS\ALCWZRD.EXE
2008-08-19 01:38:25 ----A---- C:\WINDOWS\ALCMTR.EXE
2008-08-19 01:38:05 ----AC---- C:\WINDOWS\RtlExUpd.dll
2008-08-19 01:32:06 ----D---- C:\Program Files\Intel Desktop Board
2008-08-19 01:31:02 ----D---- C:\Intel
2008-08-18 19:04:18 ----D---- C:\Program Files\PC Drivers HeadQuarters
2008-08-18 19:04:18 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-08-16 07:10:53 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-08-15 06:56:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-15 06:56:05 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-15 06:55:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-15 06:53:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-15 06:53:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-15 06:51:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-15 06:49:34 ----C---- C:\WINDOWS\system32\spmsg.dll
2008-08-15 06:49:32 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-08-10 18:06:44 ----AC---- C:\WINDOWS\system32\javaws.exe
2008-08-10 18:06:44 ----AC---- C:\WINDOWS\system32\javaw.exe
2008-08-10 18:06:44 ----AC---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 3 months======

2008-11-07 01:31:08 ----D---- C:\WINDOWS\Temp
2008-11-07 01:30:47 ----D---- C:\Documents and Settings\STEVE\Application Data\FrostWire
2008-11-07 01:30:42 ----D---- C:\WINDOWS\Prefetch
2008-11-07 01:30:41 ----RD---- C:\Program Files
2008-11-07 01:28:00 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-06 23:31:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-06 19:43:42 ----D---- C:\WINDOWS
2008-11-06 19:05:59 ----SD---- C:\WINDOWS\Tasks
2008-11-06 19:04:12 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-06 19:03:47 ----D---- C:\WINDOWS\system32\drivers
2008-11-06 19:02:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-06 08:24:22 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-11-05 23:20:44 ----SHD---- C:\WINDOWS\Installer
2008-11-05 20:24:23 ----D---- C:\Documents and Settings\STEVE\Application Data\Adobe
2008-11-05 20:24:23 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-04 00:46:16 ----HD---- C:\$AVG8.VAULT$
2008-11-03 07:38:38 ----D---- C:\WINDOWS\Registration
2008-11-03 07:38:35 ----D---- C:\WINDOWS\system32
2008-11-03 07:38:35 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-02 19:03:50 ----SD---- C:\Documents and Settings\STEVE\Application Data\Microsoft
2008-11-02 16:29:52 ----RSD---- C:\WINDOWS\assembly
2008-11-02 16:29:09 ----D---- C:\WINDOWS\system32\URTTemp
2008-11-02 12:05:51 ----HD---- C:\WINDOWS\inf
2008-11-02 12:04:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-02 11:35:49 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-02 11:27:00 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-02 01:15:09 ----AC---- C:\WINDOWS\NeroDigital.ini
2008-10-30 23:23:37 ----D---- C:\Program Files\CramMaster
2008-10-30 23:23:36 ----D---- C:\Program Files\Microsoft Pro Photo Tools
2008-10-30 23:23:36 ----D---- C:\Program Files\FrostWire
2008-10-30 23:23:34 ----D---- C:\Program Files\Windows Media Connect
2008-10-30 22:31:00 ----D---- C:\Program Files\Common Files
2008-10-30 21:15:42 ----D---- C:\WINDOWS\system32\FxsTmp
2008-10-25 05:19:14 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-22 22:37:01 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-22 19:11:13 ----D---- C:\WINDOWS\system32\config
2008-10-21 22:36:15 ----D---- C:\Program Files\backups
2008-10-20 22:43:59 ----D---- C:\WINDOWS\system32\en-US
2008-10-20 14:57:39 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-19 10:31:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-19 10:30:27 ----D---- C:\WINDOWS\WinSxS
2008-10-19 09:53:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-16 19:43:29 ----D---- C:\WINDOWS\system32\DirectX
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 20:40:18 ----A---- C:\WINDOWS\imsins.BAK
2008-10-14 20:39:30 ----D---- C:\Program Files\Internet Explorer
2008-10-14 20:39:09 ----D---- C:\WINDOWS\ie7updates
2008-10-14 14:00:02 ----D---- C:\Program Files\Virtual Earth 3D
2008-10-10 23:44:28 ----D---- C:\Program Files\Adobe
2008-10-10 23:31:47 ----AC---- C:\WINDOWS\ntbtlog.txt
2008-10-10 01:32:38 ----D---- C:\WINDOWS\pss
2008-10-08 21:51:53 ----D---- C:\Program Files\Common Files\Adobe
2008-10-07 14:19:40 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-10-04 18:04:00 ----D---- C:\Program Files\Google
2008-10-04 01:49:35 ----AC---- C:\WINDOWS\ODBC.INI
2008-10-04 01:45:16 ----AC---- C:\WINDOWS\vbaddin.ini
2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-01 08:40:41 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-29 21:00:33 ----D---- C:\WINDOWS\Debug
2008-09-29 06:12:13 ----D---- C:\WINDOWS\Minidump
2008-09-24 10:52:10 ----D---- C:\Program Files\Windows Media Player
2008-09-23 01:26:13 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-21 11:06:26 ----D---- C:\WINDOWS\system32\RTCOM
2008-09-21 11:05:55 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-20 09:13:50 ----D---- C:\Program Files\Windows Desktop Search
2008-09-19 19:08:06 ----D---- C:\WINDOWS\system32\wbem
2008-09-19 19:03:42 ----AC---- C:\WINDOWS\win.ini
2008-09-19 07:19:13 ----RSD---- C:\WINDOWS\Fonts
2008-09-19 07:07:27 ----HD---- C:\WINDOWS\ShellNew
2008-09-19 07:07:03 ----D---- C:\Program Files\Common Files\System
2008-09-19 06:55:44 ----D---- C:\Program Files\MSBuild
2008-09-19 06:55:22 ----D---- C:\Program Files\Microsoft Office
2008-09-19 06:51:07 ----D---- C:\Program Files\Microsoft ActiveSync
2008-09-17 20:38:41 ----D---- C:\WINDOWS\twain_32
2008-09-15 21:01:12 ----D---- C:\WINDOWS\Media
2008-09-12 20:34:10 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-09-12 20:20:34 ----D---- C:\WINDOWS\Help
2008-09-09 17:39:24 ----A---- C:\WINDOWS\RTHDCPL.EXE
2008-09-07 23:50:22 ----D---- C:\WINDOWS\security
2008-09-04 23:57:31 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-04 23:49:57 ----D---- C:\WINDOWS\nvidia icons
2008-09-04 22:28:42 ----AC---- C:\WINDOWS\iun6002.exe
2008-09-04 08:06:58 ----D---- C:\WINDOWS\Downloaded Installations
2008-09-03 22:37:27 ----D---- C:\WINDOWS\system32\Lang
2008-09-03 22:14:01 ----AC---- C:\WINDOWS\Ascd_tmp.ini
2008-09-03 16:47:46 ----D---- C:\CtDriverInstTemp
2008-09-03 07:55:55 ----D---- C:\WINDOWS\system32\IS_F_screensaver dir
2008-09-03 07:55:10 ----D---- C:\Program Files\Creative
2008-08-29 00:48:09 ----D---- C:\WINDOWS\nview
2008-08-27 03:24:32 ----AC---- C:\WINDOWS\system32\mshtml.dll
2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-26 02:24:30 ----AC---- C:\WINDOWS\system32\pngfilt.dll
2008-08-26 02:24:30 ----AC---- C:\WINDOWS\system32\mstime.dll
2008-08-26 02:24:30 ----AC---- C:\WINDOWS\system32\msrating.dll
2008-08-26 02:24:30 ----AC---- C:\WINDOWS\system32\mshtmled.dll
2008-08-26 02:24:30 ----AC---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-26 02:24:30 ----AC---- C:\WINDOWS\system32\msfeeds.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\url.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\occache.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-26 02:24:29 ----AC---- C:\WINDOWS\system32\iernonce.dll
2008-08-26 02:24:29 ----AC---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 02:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-26 02:24:28 ----C---- C:\WINDOWS\system32\extmgr.dll
2008-08-26 02:24:28 ----AC---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 02:24:28 ----AC---- C:\WINDOWS\system32\ieaksie.dll
2008-08-26 02:24:28 ----AC---- C:\WINDOWS\system32\ieakeng.dll
2008-08-26 02:24:28 ----AC---- C:\WINDOWS\system32\icardie.dll
2008-08-26 02:24:28 ----AC---- C:\WINDOWS\system32\dxtrans.dll
2008-08-26 02:24:28 ----AC---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-26 01:03:23 ----D---- C:\Program Files\Starry Night Backyard
2008-08-25 03:38:00 ----AC---- C:\WINDOWS\system32\ieudinit.exe
2008-08-25 03:37:59 ----AC---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-23 00:54:51 ----AC---- C:\WINDOWS\system32\ieakui.dll
2008-08-22 01:36:58 ----D---- C:\Program Files\Intel
2008-08-20 23:00:25 ----D---- C:\Program Files\PCPitstop
2008-08-20 22:33:15 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-08-19 01:38:06 ----AC---- C:\WINDOWS\HideWin.exe
2008-08-14 05:09:26 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 04:33:16 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-10 18:06:44 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-10 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-12 26824]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-04 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-04 2560]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-10-26 21035]
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2008-06-02 8413]
R2 ubsbm;Unibrain 1394 SBM Driver; C:\WINDOWS\system32\DRIVERS\ubsbm.sys [2005-07-27 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver; C:\WINDOWS\system32\DRIVERS\ubumapi.sys [2005-07-27 36352]
R3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2007-11-07 171152]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\system32\drivers\gearaspiwdm.sys [2006-11-14 15664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-09-09 4813824]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 PD1030VID;Creative WebCam Pro; C:\WINDOWS\system32\DRIVERS\p1030vid.sys [2002-05-20 167673]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760]
R3 ubohci;Unibrain 1394 OHCI Driver; C:\WINDOWS\system32\DRIVERS\ubohci.sys [2005-07-27 77056]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S2 LXARScan;Lexmark X73 MFP Scanner; C:\WINDOWS\System32\Drivers\Lxarscan.sys [2001-10-12 18024]
S2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Belkin700F;Belkin Wireless G Desktop Card Service v7; C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys [2006-10-18 303616]
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS []
S3 dwanarp;dwanarp; \??\C:\DOCUME~1\ALEX\LOCALS~1\Temp\dwanarp.sys []
S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
S3 KBCAM;JamC@m USB service; C:\WINDOWS\System32\Drivers\KBCAM.sys [2001-02-06 16384]
S3 kusbport;kusbport; \??\C:\DOCUME~1\ALEX\LOCALS~1\Temp\kusbport.sys []
S3 lws2ifsl;lws2ifsl; \??\C:\DOCUME~1\ALEX\LOCALS~1\Temp\lws2ifsl.sys []
S3 MovRVDrv32;MovRVDrv32; C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2008-09-12 3768]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 mwanarp;mwanarp; \??\C:\DOCUME~1\ALEX\LOCALS~1\Temp\mwanarp.sys []
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-01-07 6016]
S3 psdbus;psdbus; \??\C:\DOCUME~1\ALEX\LOCALS~1\Temp\psdbus.sys []
S3 qserenum;qserenum; \??\C:\DOCUME~1\ALEX\LOCALS~1\Temp\qserenum.sys []
S3 RT61;Belkin RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2008-09-12 23096]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TDMusic;TDMusic; \??\C:\DOCUME~1\ALEX\LOCALS~1\Temp\TDMusic.sys []
S3 tredbook;tredbook; \??\C:\DOCUME~1\ALEX\LOCALS~1\Temp\tredbook.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-10 231704]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-04 168432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-07-30 73728]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-10 28160]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

noahdfear · 2008/11/10

Hi Steve,

Just wanted to drop you a quick note to extend my apologies for the delay, and to let you know that I'll be reviewing your logs and the original topic shortly, and I'll get something posted for you yet tonight if I've any suggestions to offer. Hang in there!

steveo65 · 2008/11/10

Thanks for your time.

noahdfear · 2008/11/10

Steve, first I want you to open msconfig, select the Startup tab, then place a check in ALL boxes. Close msconfig and click Exit without restart.

Now, download ComboFix by sUBs from here, saving the file to your desktop.

Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click ComboFix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

steveo65 · 2008/11/10

Where is msconfig?

noahdfear · 2008/11/10

Click Start then Run
Type msconfig then hit Enter

steveo65 · 2008/11/10

When I typed msconfig into the run box and hit enter, I got an error saying that it could not be found. I then searched it and found "msconfig.exe" after executing it all boxes were allready checked. Here is the logs you wanted.

ComboFix 08-11-10.01 - STEVE 2008-11-10 23:34:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2380 [GMT -5:00]
Running from: c:\documents and settings\STEVE\Desktop\ComboFix.exe
* Created a new restore point
.
The following files were disabled during the run:
c:\program files\Spyware Doctor\smumhook.dll
c:\program files\Spyware Doctor\klg.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Fonts\acrsecB.fon
c:\windows\Fonts\acrsecI.fon
c:\windows\system\oeminfo.ini

.
((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.

2008-11-07 19:40 . 2008-11-07 19:40 <DIR> d-------- c:\program files\Nice Folders
2008-11-07 01:30 . 2008-11-07 01:31 <DIR> d-------- C:\rsit
2008-11-07 01:30 . 2008-11-07 17:44 <DIR> d-------- c:\program files\trend micro
2008-11-06 18:54 . 2008-04-13 20:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2008-11-06 18:53 . 2004-08-03 22:31 154,624 --a--c--- c:\windows\system32\dllcache\wlluc48.sys
2008-11-06 18:53 . 2008-04-13 14:45 31,744 --a--c--- c:\windows\system32\dllcache\wceusbsh.sys
2008-11-06 18:53 . 2004-08-03 22:29 23,615 --a--c--- c:\windows\system32\dllcache\wch7xxnt.sys
2008-11-06 18:53 . 2004-08-03 22:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2008-11-06 18:53 . 2004-08-03 22:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2008-11-06 18:53 . 2008-04-13 14:36 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys
2008-11-06 18:53 . 2008-04-13 20:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2008-11-06 18:52 . 2008-04-13 20:12 82,944 --a--c--- c:\windows\system32\dllcache\tp4mon.exe
2008-11-06 18:52 . 2004-08-03 22:29 33,599 --a--c--- c:\windows\system32\dllcache\watv04nt.sys
2008-11-06 18:52 . 2004-08-03 22:31 32,384 --a--c--- c:\windows\system32\dllcache\usb101et.sys
2008-11-06 18:52 . 2004-08-03 22:29 29,311 --a--c--- c:\windows\system32\dllcache\watv01nt.sys
2008-11-06 18:52 . 2004-08-03 22:29 19,551 --a--c--- c:\windows\system32\dllcache\watv02nt.sys
2008-11-06 18:52 . 2008-04-13 14:45 17,152 --a--c--- c:\windows\system32\dllcache\usbohci.sys
2008-11-06 18:52 . 2004-08-03 22:29 12,415 --a--c--- c:\windows\system32\dllcache\wadv01nt.sys
2008-11-06 18:52 . 2004-08-03 22:29 12,127 --a--c--- c:\windows\system32\dllcache\wadv02nt.sys
2008-11-06 18:52 . 2004-08-03 22:29 11,775 --a--c--- c:\windows\system32\dllcache\wadv05nt.sys
2008-11-06 18:52 . 2008-04-13 14:40 5,376 --a--c--- c:\windows\system32\dllcache\viaide.sys
2008-11-06 18:51 . 2008-04-13 14:40 149,376 --a--c--- c:\windows\system32\dllcache\tffsport.sys
2008-11-06 18:51 . 2008-04-13 14:36 16,000 --a--c--- c:\windows\system32\dllcache\smbbatt.sys
2008-11-06 18:51 . 2008-04-13 14:40 7,552 --a--c--- c:\windows\system32\dllcache\sonyait.sys
2008-11-06 18:51 . 2008-04-13 14:36 6,912 --a--c--- c:\windows\system32\dllcache\smbclass.sys
2008-11-06 18:50 . 2004-08-03 22:31 63,547 --a--c--- c:\windows\system32\dllcache\sla30nd5.sys
2008-11-06 18:50 . 2008-04-13 14:40 43,904 --a--c--- c:\windows\system32\dllcache\sbp2port.sys
2008-11-06 18:50 . 2004-08-03 22:31 32,768 --a--c--- c:\windows\system32\dllcache\sisnic.sys
2008-11-06 18:49 . 2008-04-13 20:12 159,232 --a--c--- c:\windows\system32\dllcache\ptpusd.dll
2008-11-06 18:49 . 2008-04-13 14:40 79,104 --a--c--- c:\windows\system32\dllcache\rocket.sys
2008-11-06 18:49 . 2008-04-13 20:12 33,280 --a--c--- c:\windows\system32\dllcache\psisrndr.ax
2008-11-06 18:49 . 2004-08-03 22:31 20,992 --a--c--- c:\windows\system32\dllcache\rtl8139.sys
2008-11-06 18:49 . 2008-04-13 14:40 6,016 --a--c--- c:\windows\system32\dllcache\qic157.sys
2008-11-06 18:48 . 2008-04-13 20:12 363,520 --a--c--- c:\windows\system32\dllcache\psisdecd.dll
2008-11-06 18:48 . 2008-04-13 20:10 259,328 --a--c--- c:\windows\system32\dllcache\perm3dd.dll
2008-11-06 18:48 . 2008-04-13 20:10 211,584 --a--c--- c:\windows\system32\dllcache\perm2dll.dll
2008-11-06 18:48 . 2004-08-03 22:06 169,984 --a--c--- c:\windows\system32\dllcache\pcx500.sys
2008-11-06 18:48 . 2004-08-03 22:31 29,502 --a--c--- c:\windows\system32\dllcache\pca200e.sys
2008-11-06 18:48 . 2008-04-13 14:44 28,032 --a--c--- c:\windows\system32\dllcache\perm3.sys
2008-11-06 18:48 . 2008-04-13 14:44 27,904 --a--c--- c:\windows\system32\dllcache\perm2.sys
2008-11-06 18:48 . 2008-04-13 14:41 17,664 --a--c--- c:\windows\system32\dllcache\ppa3.sys
2008-11-06 18:44 . 2008-04-13 14:54 28,672 --a--c--- c:\windows\system32\dllcache\nscirda.sys
2008-11-06 18:43 . 2004-08-03 22:31 132,695 --a--c--- c:\windows\system32\dllcache\netwlan5.sys
2008-11-06 18:43 . 2008-04-13 20:12 56,832 --a--c--- c:\windows\system32\dllcache\msdvbnp.ax
2008-11-06 18:43 . 2008-04-13 14:46 51,200 --a--c--- c:\windows\system32\dllcache\msdv.sys
2008-11-06 18:43 . 2008-04-13 14:46 49,024 --a--c--- c:\windows\system32\dllcache\mstape.sys
2008-11-06 18:43 . 2008-04-13 14:54 22,016 --a--c--- c:\windows\system32\dllcache\msircomm.sys
2008-11-06 18:42 . 2004-08-03 22:41 606,684 --a--c--- c:\windows\system32\dllcache\ltmdmnt.sys
2008-11-06 18:42 . 2004-08-03 22:41 420,992 --a--c--- c:\windows\system32\dllcache\ltmdmntt.sys
2008-11-06 18:42 . 2008-04-13 14:41 26,112 --a--c--- c:\windows\system32\dllcache\memstpci.sys
2008-11-06 18:42 . 2004-08-03 22:39 20,864 --a--c--- c:\windows\system32\dllcache\lwadihid.sys
2008-11-06 18:42 . 2008-04-13 14:46 15,232 --a--c--- c:\windows\system32\dllcache\mpe.sys
2008-11-06 18:42 . 2008-04-13 14:40 7,040 --a--c--- c:\windows\system32\dllcache\ltotape.sys
2008-11-06 18:41 . 2008-04-13 20:12 151,552 --a--c--- c:\windows\system32\dllcache\irftp.exe
2008-11-06 18:41 . 2008-04-13 14:54 88,192 --a--c--- c:\windows\system32\dllcache\irda.sys
2008-11-06 18:41 . 2008-04-13 14:40 34,688 --a--c--- c:\windows\system32\dllcache\lbrtfdc.sys
2008-11-06 18:41 . 2008-04-13 20:11 28,160 --a--c--- c:\windows\system32\dllcache\irmon.dll
2008-11-06 18:41 . 2008-04-13 14:39 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2008-11-06 18:40 . 2008-04-13 20:11 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2008-11-06 18:40 . 2004-08-03 22:29 161,020 --a--c--- c:\windows\system32\dllcache\i81xnt5.sys
2008-11-06 18:40 . 2008-04-13 14:41 18,560 --a--c--- c:\windows\system32\dllcache\i2omp.sys
2008-11-06 18:40 . 2008-04-13 14:41 8,576 --a--c--- c:\windows\system32\dllcache\i2omgmt.sys
2008-11-06 18:39 . 2008-04-13 14:45 59,136 --a--c--- c:\windows\system32\dllcache\gckernel.sys
2008-11-06 18:39 . 2004-08-03 22:31 34,173 --a--c--- c:\windows\system32\dllcache\forehe.sys
2008-11-06 18:39 . 2008-04-13 14:40 28,288 --a--c--- c:\windows\system32\dllcache\grserial.sys
2008-11-06 18:39 . 2008-04-13 20:11 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-11-06 18:39 . 2008-04-13 14:45 10,624 --a--c--- c:\windows\system32\dllcache\gameenum.sys
2008-11-06 18:38 . 2008-04-13 14:39 206,976 --a--c--- c:\windows\system32\dllcache\dot4.sys
2008-11-06 18:38 . 2004-08-03 22:32 137,088 --a--c--- c:\windows\system32\dllcache\essm2e.sys
2008-11-06 18:38 . 2008-04-13 20:12 20,992 --a--c--- c:\windows\system32\dllcache\dshowext.ax
2008-11-06 18:38 . 2008-04-13 14:40 8,320 --a--c--- c:\windows\system32\dllcache\dlttape.sys
2008-11-06 18:37 . 2008-04-13 20:11 249,856 --a--c--- c:\windows\system32\dllcache\ctmasetp.dll
2008-11-06 18:37 . 2004-08-03 22:32 48,640 --a--c--- c:\windows\system32\dllcache\cwrwdm.sys
2008-11-06 18:37 . 2008-04-13 14:36 13,952 --a--c--- c:\windows\system32\dllcache\cmbatt.sys
2008-11-06 18:36 . 2008-04-13 14:40 8,192 --a--c--- c:\windows\system32\dllcache\changer.sys
2008-11-06 18:35 . 2008-04-13 14:46 38,912 --a--c--- c:\windows\system32\dllcache\avc.sys
2008-11-06 18:35 . 2004-08-03 22:31 36,224 --a--c--- c:\windows\system32\dllcache\an983.sys
2008-11-06 18:35 . 2008-04-13 20:12 18,432 --a--c--- c:\windows\system32\dllcache\bdaplgin.ax
2008-11-06 18:35 . 2008-04-13 14:46 13,696 --a--c--- c:\windows\system32\dllcache\avcstrm.sys
2008-11-06 18:35 . 2008-04-13 14:46 11,776 --a--c--- c:\windows\system32\dllcache\bdasup.sys
2008-11-06 18:33 . 2004-08-03 22:32 231,552 --a--c--- c:\windows\system32\dllcache\ac97ali.sys
2008-11-06 18:33 . 2004-08-03 22:32 84,480 --a--c--- c:\windows\system32\dllcache\ac97via.sys
2008-11-06 18:33 . 2008-04-13 14:46 48,128 --a--c--- c:\windows\system32\dllcache\61883.sys
2008-11-06 18:33 . 2008-04-13 14:40 12,288 --a--c--- c:\windows\system32\dllcache\4mmdat.sys
2008-11-06 18:33 . 2004-08-03 22:32 10,880 --a--c--- c:\windows\system32\dllcache\admjoy.sys
2008-11-05 02:18 . 2008-11-05 02:18 0 --a------ c:\windows\nsreg.dat
2008-11-02 17:08 . 2008-11-02 17:08 <DIR> d-------- c:\program files\Classic Menu for Office
2008-11-02 11:40 . 2006-10-18 12:44 303,616 -ra------ c:\windows\system32\drivers\BLKWGDv7.sys
2008-10-30 22:31 . 2008-10-30 22:31 <DIR> d-------- c:\program files\Common Files\iseemedia
2008-10-30 22:30 . 2008-10-30 22:30 <DIR> d-------- c:\program files\iseemedia
2008-10-30 22:30 . 2008-10-30 22:30 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-10-30 22:23 . 2008-10-30 22:23 <DIR> d-------- c:\documents and settings\STEVE\Application Data\Morpheus Software
2008-10-30 22:22 . 2008-10-30 22:25 <DIR> d-------- c:\program files\Morpheus Photo Animation Suite
2008-10-30 21:15 . 2008-10-30 21:15 <DIR> d-------- c:\program files\Softland
2008-10-30 21:15 . 2008-10-08 12:43 20,120 --a------ c:\windows\system32\dopdfmn6.dll
2008-10-30 21:15 . 2008-10-08 12:43 18,072 --a------ c:\windows\system32\dopdfmi6.dll
2008-10-30 21:15 . 2008-09-08 11:44 7,481 --a------ c:\windows\system32\dopdf6.ctm
2008-10-26 12:03 . 2008-10-26 12:03 21,035 --a------ c:\windows\system32\drivers\AegisP.sys
2008-10-24 22:58 . 2008-10-24 22:58 <DIR> d-------- c:\program files\Windows Installer Clean Up
2008-10-24 22:56 . 2008-11-05 23:20 <DIR> d-------- c:\program files\MSECACHE
2008-10-22 22:37 . 2008-10-22 22:37 <DIR> d-------- c:\program files\Windows Defender
2008-10-21 22:20 . 2008-09-16 17:09 30,080 --a------ c:\windows\system32\drivers\RKHit.sys
2008-10-21 22:20 . 2008-10-21 22:20 42 --a------ c:\windows\system32\AK083E209605E394C.lie
2008-10-20 15:43 . 2007-01-13 08:45 172,032 --a------ c:\windows\system32\igfxres.dll
2008-10-20 14:48 . 2008-10-20 14:48 <DIR> d-------- c:\program files\OJOsoft
2008-10-20 14:44 . 2008-10-20 14:44 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-18 15:50 . 2003-07-24 11:10 17,149 --a------ c:\windows\system32\DNINDIS5.SYS
2008-10-17 00:14 . 2008-10-17 00:14 <DIR> d-------- c:\program files\SearchPerks! Perk Counter
2008-10-16 21:59 . 2001-10-16 07:12 696,320 -ra------ c:\windows\system32\AmericanFlag.scr
2008-10-16 21:55 . 2008-10-16 21:55 186 --a------ c:\windows\Autumn_Fantasy.ini
2008-10-16 19:57 . 2008-10-16 19:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2008-10-16 19:43 . 2006-11-29 12:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-10-16 19:42 . 2008-10-16 19:42 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-10-16 19:40 . 2008-10-19 10:30 <DIR> d-------- c:\program files\Windows Live
2008-10-16 19:40 . 2008-10-16 19:41 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-10-16 19:39 . 2008-10-16 19:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-15 00:23 . 2008-11-03 17:58 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-10-14 22:31 . 2008-10-14 22:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2008-10-14 15:36 . 2008-08-14 05:11 2,189,184 --a--c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-14 15:36 . 2008-08-14 04:33 2,066,048 --a--c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-14 13:36 . 2008-10-14 13:35 160,792 --a------ c:\windows\system32\drivers\pctfw2.sys
2008-10-13 10:45 . 2003-12-12 15:06 1,693,696 --a------ c:\windows\system32\ltclr13n.dll
2008-10-13 10:45 . 2003-11-04 14:11 155,648 --a------ c:\windows\system32\lftif13n.dll
2008-10-13 10:45 . 2003-11-04 14:10 98,304 --a------ c:\windows\system32\lffax13n.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 04:33 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-11 04:32 --------- d-----w c:\program files\Spyware Doctor
2008-11-11 04:11 --------- d-----w c:\documents and settings\STEVE\Application Data\FrostWire
2008-11-10 17:24 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-08 15:52 319,488 ----a-w c:\windows\HideWin.exe
2008-11-08 12:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-08 00:40 737,280 -c--a-w c:\windows\iun6002.exe
2008-11-07 06:58 --------- d-----w c:\program files\backups
2008-11-02 16:35 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 04:23 --------- d-----w c:\program files\Windows Media Connect
2008-10-31 04:23 --------- d-----w c:\program files\RegCure
2008-10-31 04:23 --------- d-----w c:\program files\Microsoft Pro Photo Tools
2008-10-31 04:23 --------- d-----w c:\program files\lg_fwupdate
2008-10-31 04:23 --------- d-----w c:\program files\FrostWire
2008-10-31 04:23 --------- d-----w c:\program files\CramMaster
2008-10-31 02:10 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-29 03:09 --------- d-----w c:\documents and settings\STEVE\Application Data\Canon
2008-10-18 22:20 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2008-10-18 19:44 --------- d-----w c:\documents and settings\All Users\Application Data\SITEguard
2008-10-14 19:00 --------- d-----w c:\program files\Virtual Earth 3D
2008-10-14 18:36 --------- d-----w c:\program files\Common Files\PC Tools
2008-10-13 23:26 4,879,360 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2008-10-11 04:44 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-10-11 04:36 --------- d-----w c:\documents and settings\STEVE\Application Data\Trondent Development Corp
2008-10-09 19:54 17,021,440 ----a-w c:\windows\RTHDCPL.EXE
2008-10-09 02:52 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-09 02:51 --------- d-----w c:\program files\Common Files\Adobe
2008-10-09 02:33 --------- d-----w c:\documents and settings\STEVE\Application Data\Azureus
2008-10-04 23:04 --------- d-----w c:\program files\Google
2008-10-02 20:16 --------- d-----w c:\documents and settings\STEVE\Application Data\Ahead
2008-09-30 21:38 2,168,320 ----a-w c:\windows\MicCal.exe
2008-09-30 01:58 --------- d-----w c:\program files\Common Files\Download Manager
2008-09-26 02:05 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-09-23 06:26 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-09-21 16:04 --------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ
2008-09-20 14:40 --------- d-----w c:\documents and settings\STEVE\Application Data\Windows Desktop Search
2008-09-20 14:13 --------- d-----w c:\program files\Windows Desktop Search
2008-09-19 22:48 1,200,128 ----a-w c:\windows\RtlUpd.exe
2008-09-19 11:55 --------- d-----w c:\program files\MSBuild
2008-09-19 11:51 --------- d-----w c:\program files\Microsoft ActiveSync
2008-09-19 11:46 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-09-18 01:48 --------- d-----w c:\program files\CyberLink
2008-09-18 01:39 --------- d-----w c:\program files\Canon
2008-09-18 01:37 --------- d-----w c:\documents and settings\STEVE\Application Data\uTorrent
2008-09-16 11:47 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-09-16 02:41 --------- d--h--w c:\program files\CanonBJ
2008-09-16 02:17 --------- d-----w c:\program files\Common Files\CANON
2008-09-16 01:58 --------- d-----w c:\program files\Common Files\ScanSoft Shared
2008-09-16 01:58 --------- d-----w c:\documents and settings\STEVE\Application Data\ScanSoft
2008-09-16 01:58 --------- d-----w c:\documents and settings\All Users\Application Data\ScanSoft
2008-09-16 01:58 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-09-16 01:57 --------- d-----w c:\program files\ScanSoft
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-12 17:17 3,768 ----a-w c:\windows\system32\drivers\MovRVDrv32.sys
2008-09-12 17:17 23,096 ----a-w c:\windows\system32\drivers\SndTDriverV32.sys
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-25 21:17 528,384 ----a-w c:\windows\RtlExUpd.dll
2008-08-19 18:26 77,824 ----a-w c:\windows\SOUNDMAN.EXE
2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
2005-04-05 17:58 143,936 -c--a-w c:\documents and settings\STEVE\Application Data\GDIPFONTCACHEV1.DAT
2004-12-14 04:23 8,192 -csha-w c:\program files\Thumbs.db
2004-12-05 17:31 187,904 -c--a-w c:\program files\HijackThis19802.exe
2001-03-28 16:02 122,880 -c--a-w c:\windows\inf\AGFA\message.exe
2000-10-22 03:15 59,616 -c--a-w c:\program files\gun.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2787EA8E-8D87-48af-88AD-B30246C917AB}]
2008-09-30 14:59 514096 --a------ c:\program files\SearchPerks! Perk Counter\Bmbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2787EA8E-8D87-48af-88AD-B30246C917AB} "= "c:\program files\SearchPerks! Perk Counter\Bmbho.dll" [2008-09-30 514096]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2787EA8E-8D87-48AF-88AD-B30246C917AB} "= "c:\program files\SearchPerks! Perk Counter\Bmbho.dll" [2008-09-30 514096]

[HKEY_CLASSES_ROOT\clsid\{2787ea8e-8d87-48af-88ad-b30246c917ab}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"RegistryMechanic "= "c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"WinColorReminder "= "c:\program files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe" [2005-10-31 101120]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-24 1234712]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"itype "= "c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"SoundMan "= "SOUNDMAN.EXE" [2008-08-19 c:\windows\SOUNDMAN.EXE]
"AlcWzrd "= "ALCWZRD.EXE" [2008-06-19 c:\windows\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

c:\documents and settings\STEVE\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv32 "= c:\windows\system32\ir32_32.dll
"vidc.iv31 "= c:\windows\system32\ir32_32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Infuzer.lnk]
backup=c:\windows\pss\Infuzer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadMSvcmm
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pgsazn
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search-Exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shsvotsx
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wdskctl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdService
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows ControlAd
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YneCz

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
--a--c--- 2007-02-26 09:40 249856 c:\program files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2008-05-28 07:27 570664 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a--c--- 2006-10-25 08:03 210472 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2008-06-19 16:20 57344 c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2008-06-19 16:42 2808832 c:\windows\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2008-08-19 13:26 77824 c:\windows\SOUNDMAN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WinColorReminder "=c:\program files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
"CanonMyPrinter "=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu "=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"OpwareSE4 "= "c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\FrostWire\\FrostWire.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe "=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-10 97928]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-10-14 160792]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-10 231704]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\DRIVERS\ubsbm.sys [2005-07-27 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\DRIVERS\ubumapi.sys [2005-07-27 36352]
R3 PD1030VID;Creative WebCam Pro;c:\windows\system32\DRIVERS\p1030vid.sys [2002-05-20 167673]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\DRIVERS\ubohci.sys [2005-07-27 77056]
S3 Belkin700F;Belkin Wireless G Desktop Card Service v7;c:\windows\system32\DRIVERS\BLKWGDv7.sys [2006-10-18 303616]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [ ]
S3 dwanarp;dwanarp;c:\docume~1\ALEX\LOCALS~1\Temp\dwanarp.sys [ ]
S3 KBCAM;JamC@m USB service;c:\windows\system32\Drivers\KBCAM.sys [2001-02-06 16384]
S3 kusbport;kusbport;c:\docume~1\ALEX\LOCALS~1\Temp\kusbport.sys [ ]
S3 lws2ifsl;lws2ifsl;c:\docume~1\ALEX\LOCALS~1\Temp\lws2ifsl.sys [ ]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2008-09-12 3768]
S3 mwanarp;mwanarp;c:\docume~1\ALEX\LOCALS~1\Temp\mwanarp.sys [ ]
S3 psdbus;psdbus;c:\docume~1\ALEX\LOCALS~1\Temp\psdbus.sys [ ]
S3 qserenum;qserenum;c:\docume~1\ALEX\LOCALS~1\Temp\qserenum.sys [ ]
S3 SndTDriverV32;SndTDriverV32;c:\windows\system32\drivers\SndTDriverV32.sys [2008-09-12 23096]
S3 TDMusic;TDMusic;c:\docume~1\ALEX\LOCALS~1\Temp\TDMusic.sys [ ]
S3 tredbook;tredbook;c:\docume~1\ALEX\LOCALS~1\Temp\tredbook.sys [ ]

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe "
.
Contents of the 'Scheduled Tasks' folder

2008-11-09 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 19:12]

2008-08-19 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 11:01]

2008-11-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-11-05 c:\windows\Tasks\PC Pitstop Optimize.job
- c:\progra~1\PCPITS~1\Optimize\PCPOPT~1.EXE [2004-12-15 09:31]

2008-11-11 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 16:21]

2008-11-10 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 16:21]

2008-11-10 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-30 13:45]

2008-11-11 c:\windows\Tasks\User_Feed_Synchronization-{E2FBE838-A198-4BAA-9737-F2779651B624}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\STEVE\Application Data\Mozilla\Firefox\Profiles\t29h95gg.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.live.com/
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\Virtual Earth 3D\npVE3D.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 23:36:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\winlogon.exe
-> c:\program files\Spyware Doctor\smumhook.dll
-> c:\program files\Spyware Doctor\klg.dat

PROCESS: c:\windows\system32\lsass.exe
-> c:\program files\Spyware Doctor\smumhook.dll
-> c:\program files\Spyware Doctor\klg.dat

PROCESS: c:\windows\system32\csrss.exe
-> c:\program files\Spyware Doctor\smumhook.dll
-> c:\program files\Spyware Doctor\klg.dat
.
Completion time: 2008-11-10 23:38:00
ComboFix-quarantined-files.txt 2008-11-11 04:37:44

Pre-Run: 58,596,499,456 bytes free
Post-Run: 58,579,755,008 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

387 --- E O F --- 2008-11-08 03:24:29

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:45, on 2008-11-10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\IoctlSvc.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\hijackthis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe "
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [WinColorReminder] C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8072 bytes

noahdfear · 2008/11/10

Steve, I'm gonna have to wait and inspect this log with fresher eyes tomorrow evening. I'm wiped out tonight. I do have one question though ........ what made all the changes in the dllcache folder 5 days ago?

eloivsdiablo · 2008/11/10

Steveo, Spyware Doctor has a reputation for false positive flags, they do this to dupe users into thinking the program is doing its job. Unfortunately I had read awhile ago of how a user had deleted vital files and rendered their machine next to useless, I recall another forum strongly advising a user not to delete a said file. Anyway, that's my take on what may have happened. Spy-bot search and destroy or Adaware for mine, wouldn't go near Spyware Doctor...

steveo65 · 2008/11/10

I'm not sure, can you list some possible scenarios? Maybe then I can give you a better idea. I have been using spyware dr. for almost 6 years now and have never been steered wrong. It was rated #1 by PC Mag & PC World.

noahdfear · 2008/11/11

I'm reviewing now and will post something shortly. Hang in there!

noahdfear · 2008/11/11

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
KillAll::
FileLook::
c:\windows\inf\AGFA\message.exe
DirLook::
c:\windows\inf\AGFA
Driver::
dwanarp
kusbport
lws2ifsl
mwanarp
psdbus
qserenum
TDMusic
tredbook
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadMSvcmm]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pgsazn]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search-Exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shsvotsx]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 2]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wdskctl]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdService]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows ControlAd]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YneCz]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.

steveo65 · 2008/11/11

Log files

Sorry it took so long, I forgot to disable my real times. When combofix tried to update it failed. Also, why does it change my browser? Here is the log file.

ComboFix 08-11-11.01 - STEVE 2008-11-11 23:29:04.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2450 [GMT -5:00]
Running from: c:\documents and settings\STEVE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\STEVE\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DWANARP
-------\Legacy_KUSBPORT
-------\Legacy_LWS2IFSL
-------\Legacy_MWANARP
-------\Legacy_QSERENUM
-------\Legacy_TDMUSIC
-------\Service_dwanarp
-------\Service_kusbport
-------\Service_lws2ifsl
-------\Service_mwanarp
-------\Service_psdbus
-------\Service_qserenum
-------\Service_TDMusic
-------\Service_tredbook

((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.

2008-11-11 09:12 . 2008-11-11 19:19 <DIR> d-------- c:\documents and settings\STEVE\Application Data\OnlineArmor
2008-11-11 09:11 . 2008-11-11 09:11 <DIR> d-------- c:\program files\Tall Emu
2008-11-07 19:40 . 2008-11-07 19:40 <DIR> d-------- c:\program files\Nice Folders
2008-11-07 01:30 . 2008-11-07 01:31 <DIR> d-------- C:\rsit
2008-11-07 01:30 . 2008-11-10 23:45 <DIR> d-------- c:\program files\trend micro
2008-11-06 18:54 . 2008-04-13 20:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2008-11-06 18:53 . 2004-08-03 22:31 154,624 --a--c--- c:\windows\system32\dllcache\wlluc48.sys
2008-11-06 18:53 . 2008-04-13 14:45 31,744 --a--c--- c:\windows\system32\dllcache\wceusbsh.sys
2008-11-06 18:53 . 2004-08-03 22:29 23,615 --a--c--- c:\windows\system32\dllcache\wch7xxnt.sys
2008-11-06 18:53 . 2004-08-03 22:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2008-11-06 18:53 . 2004-08-03 22:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2008-11-06 18:53 . 2008-04-13 14:36 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys
2008-11-06 18:53 . 2008-04-13 20:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2008-11-06 18:52 . 2008-04-13 20:12 82,944 --a--c--- c:\windows\system32\dllcache\tp4mon.exe
2008-11-06 18:52 . 2004-08-03 22:29 33,599 --a--c--- c:\windows\system32\dllcache\watv04nt.sys
2008-11-06 18:52 . 2004-08-03 22:31 32,384 --a--c--- c:\windows\system32\dllcache\usb101et.sys
2008-11-06 18:52 . 2004-08-03 22:29 29,311 --a--c--- c:\windows\system32\dllcache\watv01nt.sys
2008-11-06 18:52 . 2004-08-03 22:29 19,551 --a--c--- c:\windows\system32\dllcache\watv02nt.sys
2008-11-06 18:52 . 2008-04-13 14:45 17,152 --a--c--- c:\windows\system32\dllcache\usbohci.sys
2008-11-06 18:52 . 2004-08-03 22:29 12,415 --a--c--- c:\windows\system32\dllcache\wadv01nt.sys
2008-11-06 18:52 . 2004-08-03 22:29 12,127 --a--c--- c:\windows\system32\dllcache\wadv02nt.sys
2008-11-06 18:52 . 2004-08-03 22:29 11,775 --a--c--- c:\windows\system32\dllcache\wadv05nt.sys
2008-11-06 18:52 . 2008-04-13 14:40 5,376 --a--c--- c:\windows\system32\dllcache\viaide.sys
2008-11-06 18:51 . 2008-04-13 14:40 149,376 --a--c--- c:\windows\system32\dllcache\tffsport.sys
2008-11-06 18:51 . 2008-04-13 14:36 16,000 --a--c--- c:\windows\system32\dllcache\smbbatt.sys
2008-11-06 18:51 . 2008-04-13 14:40 7,552 --a--c--- c:\windows\system32\dllcache\sonyait.sys
2008-11-06 18:51 . 2008-04-13 14:36 6,912 --a--c--- c:\windows\system32\dllcache\smbclass.sys
2008-11-06 18:50 . 2004-08-03 22:31 63,547 --a--c--- c:\windows\system32\dllcache\sla30nd5.sys
2008-11-06 18:50 . 2008-04-13 14:40 43,904 --a--c--- c:\windows\system32\dllcache\sbp2port.sys
2008-11-06 18:50 . 2004-08-03 22:31 32,768 --a--c--- c:\windows\system32\dllcache\sisnic.sys
2008-11-06 18:49 . 2008-04-13 20:12 159,232 --a--c--- c:\windows\system32\dllcache\ptpusd.dll
2008-11-06 18:49 . 2008-04-13 14:40 79,104 --a--c--- c:\windows\system32\dllcache\rocket.sys
2008-11-06 18:49 . 2008-04-13 20:12 33,280 --a--c--- c:\windows\system32\dllcache\psisrndr.ax
2008-11-06 18:49 . 2004-08-03 22:31 20,992 --a--c--- c:\windows\system32\dllcache\rtl8139.sys
2008-11-06 18:49 . 2008-04-13 14:40 6,016 --a--c--- c:\windows\system32\dllcache\qic157.sys
2008-11-06 18:48 . 2008-04-13 20:12 363,520 --a--c--- c:\windows\system32\dllcache\psisdecd.dll
2008-11-06 18:48 . 2008-04-13 20:10 259,328 --a--c--- c:\windows\system32\dllcache\perm3dd.dll
2008-11-06 18:48 . 2008-04-13 20:10 211,584 --a--c--- c:\windows\system32\dllcache\perm2dll.dll
2008-11-06 18:48 . 2004-08-03 22:06 169,984 --a--c--- c:\windows\system32\dllcache\pcx500.sys
2008-11-06 18:48 . 2004-08-03 22:31 29,502 --a--c--- c:\windows\system32\dllcache\pca200e.sys
2008-11-06 18:48 . 2008-04-13 14:44 28,032 --a--c--- c:\windows\system32\dllcache\perm3.sys
2008-11-06 18:48 . 2008-04-13 14:44 27,904 --a--c--- c:\windows\system32\dllcache\perm2.sys
2008-11-06 18:48 . 2008-04-13 14:41 17,664 --a--c--- c:\windows\system32\dllcache\ppa3.sys
2008-11-06 18:44 . 2008-04-13 14:54 28,672 --a--c--- c:\windows\system32\dllcache\nscirda.sys
2008-11-06 18:43 . 2004-08-03 22:31 132,695 --a--c--- c:\windows\system32\dllcache\netwlan5.sys
2008-11-06 18:43 . 2008-04-13 20:12 56,832 --a--c--- c:\windows\system32\dllcache\msdvbnp.ax
2008-11-06 18:43 . 2008-04-13 14:46 51,200 --a--c--- c:\windows\system32\dllcache\msdv.sys
2008-11-06 18:43 . 2008-04-13 14:46 49,024 --a--c--- c:\windows\system32\dllcache\mstape.sys
2008-11-06 18:43 . 2008-04-13 14:54 22,016 --a--c--- c:\windows\system32\dllcache\msircomm.sys
2008-11-06 18:42 . 2004-08-03 22:41 606,684 --a--c--- c:\windows\system32\dllcache\ltmdmnt.sys
2008-11-06 18:42 . 2004-08-03 22:41 420,992 --a--c--- c:\windows\system32\dllcache\ltmdmntt.sys
2008-11-06 18:42 . 2008-04-13 14:41 26,112 --a--c--- c:\windows\system32\dllcache\memstpci.sys
2008-11-06 18:42 . 2004-08-03 22:39 20,864 --a--c--- c:\windows\system32\dllcache\lwadihid.sys
2008-11-06 18:42 . 2008-04-13 14:46 15,232 --a--c--- c:\windows\system32\dllcache\mpe.sys
2008-11-06 18:42 . 2008-04-13 14:40 7,040 --a--c--- c:\windows\system32\dllcache\ltotape.sys
2008-11-06 18:41 . 2008-04-13 20:12 151,552 --a--c--- c:\windows\system32\dllcache\irftp.exe
2008-11-06 18:41 . 2008-04-13 14:54 88,192 --a--c--- c:\windows\system32\dllcache\irda.sys
2008-11-06 18:41 . 2008-04-13 14:40 34,688 --a--c--- c:\windows\system32\dllcache\lbrtfdc.sys
2008-11-06 18:41 . 2008-04-13 20:11 28,160 --a--c--- c:\windows\system32\dllcache\irmon.dll
2008-11-06 18:41 . 2008-04-13 14:39 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2008-11-06 18:40 . 2008-04-13 20:11 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2008-11-06 18:40 . 2004-08-03 22:29 161,020 --a--c--- c:\windows\system32\dllcache\i81xnt5.sys
2008-11-06 18:40 . 2008-04-13 14:41 18,560 --a--c--- c:\windows\system32\dllcache\i2omp.sys
2008-11-06 18:40 . 2008-04-13 14:41 8,576 --a--c--- c:\windows\system32\dllcache\i2omgmt.sys
2008-11-06 18:39 . 2008-04-13 14:45 59,136 --a--c--- c:\windows\system32\dllcache\gckernel.sys
2008-11-06 18:39 . 2004-08-03 22:31 34,173 --a--c--- c:\windows\system32\dllcache\forehe.sys
2008-11-06 18:39 . 2008-04-13 14:40 28,288 --a--c--- c:\windows\system32\dllcache\grserial.sys
2008-11-06 18:39 . 2008-04-13 20:11 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-11-06 18:39 . 2008-04-13 14:45 10,624 --a--c--- c:\windows\system32\dllcache\gameenum.sys
2008-11-06 18:38 . 2008-04-13 14:39 206,976 --a--c--- c:\windows\system32\dllcache\dot4.sys
2008-11-06 18:38 . 2004-08-03 22:32 137,088 --a--c--- c:\windows\system32\dllcache\essm2e.sys
2008-11-06 18:38 . 2008-04-13 20:12 20,992 --a--c--- c:\windows\system32\dllcache\dshowext.ax
2008-11-06 18:38 . 2008-04-13 14:40 8,320 --a--c--- c:\windows\system32\dllcache\dlttape.sys
2008-11-06 18:37 . 2008-04-13 20:11 249,856 --a--c--- c:\windows\system32\dllcache\ctmasetp.dll
2008-11-06 18:37 . 2004-08-03 22:32 48,640 --a--c--- c:\windows\system32\dllcache\cwrwdm.sys
2008-11-06 18:37 . 2008-04-13 14:36 13,952 --a--c--- c:\windows\system32\dllcache\cmbatt.sys
2008-11-06 18:36 . 2008-04-13 14:40 8,192 --a--c--- c:\windows\system32\dllcache\changer.sys
2008-11-06 18:35 . 2008-04-13 14:46 38,912 --a--c--- c:\windows\system32\dllcache\avc.sys
2008-11-06 18:35 . 2004-08-03 22:31 36,224 --a--c--- c:\windows\system32\dllcache\an983.sys
2008-11-06 18:35 . 2008-04-13 20:12 18,432 --a--c--- c:\windows\system32\dllcache\bdaplgin.ax
2008-11-06 18:35 . 2008-04-13 14:46 13,696 --a--c--- c:\windows\system32\dllcache\avcstrm.sys
2008-11-06 18:35 . 2008-04-13 14:46 11,776 --a--c--- c:\windows\system32\dllcache\bdasup.sys
2008-11-06 18:33 . 2004-08-03 22:32 231,552 --a--c--- c:\windows\system32\dllcache\ac97ali.sys
2008-11-06 18:33 . 2004-08-03 22:32 84,480 --a--c--- c:\windows\system32\dllcache\ac97via.sys
2008-11-06 18:33 . 2008-04-13 14:46 48,128 --a--c--- c:\windows\system32\dllcache\61883.sys
2008-11-06 18:33 . 2008-04-13 14:40 12,288 --a--c--- c:\windows\system32\dllcache\4mmdat.sys
2008-11-06 18:33 . 2004-08-03 22:32 10,880 --a--c--- c:\windows\system32\dllcache\admjoy.sys
2008-11-05 02:18 . 2008-11-05 02:18 0 --a------ c:\windows\nsreg.dat
2008-11-02 17:08 . 2008-11-02 17:08 <DIR> d-------- c:\program files\Classic Menu for Office
2008-11-02 11:40 . 2006-10-18 12:44 303,616 -ra------ c:\windows\system32\drivers\BLKWGDv7.sys
2008-10-30 22:31 . 2008-10-30 22:31 <DIR> d-------- c:\program files\Common Files\iseemedia
2008-10-30 22:30 . 2008-10-30 22:30 <DIR> d-------- c:\program files\iseemedia
2008-10-30 22:30 . 2008-10-30 22:30 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-10-30 22:23 . 2008-10-30 22:23 <DIR> d-------- c:\documents and settings\STEVE\Application Data\Morpheus Software
2008-10-30 22:22 . 2008-10-30 22:25 <DIR> d-------- c:\program files\Morpheus Photo Animation Suite
2008-10-30 21:20 . 2008-10-30 21:20 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Softland
2008-10-30 21:15 . 2008-09-08 11:44 7,481 --a------ c:\windows\system32\dopdf6.ctm
2008-10-26 12:03 . 2008-10-26 12:03 21,035 --a------ c:\windows\system32\drivers\AegisP.sys
2008-10-24 22:58 . 2008-10-24 22:58 <DIR> d-------- c:\program files\Windows Installer Clean Up
2008-10-24 22:56 . 2008-11-05 23:20 <DIR> d-------- c:\program files\MSECACHE
2008-10-22 22:37 . 2008-10-22 22:37 <DIR> d-------- c:\program files\Windows Defender
2008-10-21 22:20 . 2008-09-16 17:09 30,080 --a------ c:\windows\system32\drivers\RKHit.sys
2008-10-21 22:20 . 2008-10-21 22:20 42 --a------ c:\windows\system32\AK083E209605E394C.lie
2008-10-20 15:43 . 2007-01-13 08:45 172,032 --a------ c:\windows\system32\igfxres.dll
2008-10-20 14:48 . 2008-10-20 14:48 <DIR> d-------- c:\program files\OJOsoft
2008-10-20 14:44 . 2008-10-20 14:44 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-18 15:50 . 2003-07-24 11:10 17,149 --a------ c:\windows\system32\DNINDIS5.SYS
2008-10-16 21:59 . 2001-10-16 07:12 696,320 -ra------ c:\windows\system32\AmericanFlag.scr
2008-10-16 21:55 . 2008-10-16 21:55 186 --a------ c:\windows\Autumn_Fantasy.ini
2008-10-16 19:57 . 2008-10-16 19:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2008-10-16 19:43 . 2006-11-29 12:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-10-16 19:42 . 2008-10-16 19:42 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-10-16 19:40 . 2008-10-19 10:30 <DIR> d-------- c:\program files\Windows Live
2008-10-16 19:40 . 2008-10-16 19:41 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-10-16 19:39 . 2008-10-16 19:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-15 00:23 . 2008-11-03 17:58 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-10-14 22:31 . 2008-10-14 22:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2008-10-14 15:36 . 2008-08-14 05:11 2,189,184 --a--c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-14 15:36 . 2008-08-14 04:33 2,066,048 --a--c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-14 13:36 . 2008-10-14 13:35 160,792 --a------ c:\windows\system32\drivers\pctfw2.sys
2008-10-13 10:45 . 2003-12-12 15:06 1,693,696 --a------ c:\windows\system32\ltclr13n.dll
2008-10-13 10:45 . 2003-11-04 14:11 155,648 --a------ c:\windows\system32\lftif13n.dll
2008-10-13 10:45 . 2003-11-04 14:10 98,304 --a------ c:\windows\system32\lffax13n.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 04:35 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-12 04:23 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-12 04:23 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-12 03:36 --------- d-----w c:\documents and settings\STEVE\Application Data\FrostWire
2008-11-12 02:23 --------- d-----w c:\program files\FrostWire
2008-11-12 00:56 --------- d-----w c:\program files\Spyware Doctor
2008-11-11 18:23 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-08 15:52 319,488 ----a-w c:\windows\HideWin.exe
2008-11-08 00:40 737,280 -c--a-w c:\windows\iun6002.exe
2008-11-07 06:58 --------- d-----w c:\program files\backups
2008-11-02 16:35 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 04:23 --------- d-----w c:\program files\Windows Media Connect
2008-10-31 04:23 --------- d-----w c:\program files\RegCure
2008-10-31 04:23 --------- d-----w c:\program files\Microsoft Pro Photo Tools
2008-10-31 04:23 --------- d-----w c:\program files\lg_fwupdate
2008-10-31 04:23 --------- d-----w c:\program files\CramMaster
2008-10-31 02:10 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-29 03:09 --------- d-----w c:\documents and settings\STEVE\Application Data\Canon
2008-10-18 22:20 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2008-10-18 19:44 --------- d-----w c:\documents and settings\All Users\Application Data\SITEguard
2008-10-14 19:00 --------- d-----w c:\program files\Virtual Earth 3D
2008-10-14 18:36 --------- d-----w c:\program files\Common Files\PC Tools
2008-10-13 23:26 4,879,360 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2008-10-11 04:44 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-10-11 04:36 --------- d-----w c:\documents and settings\STEVE\Application Data\Trondent Development Corp
2008-10-09 19:54 17,021,440 ----a-w c:\windows\RTHDCPL.EXE
2008-10-09 02:52 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-09 02:51 --------- d-----w c:\program files\Common Files\Adobe
2008-10-09 02:33 --------- d-----w c:\documents and settings\STEVE\Application Data\Azureus
2008-10-04 23:04 --------- d-----w c:\program files\Google
2008-10-02 20:16 --------- d-----w c:\documents and settings\STEVE\Application Data\Ahead
2008-09-30 21:38 2,168,320 ----a-w c:\windows\MicCal.exe
2008-09-30 01:58 --------- d-----w c:\program files\Common Files\Download Manager
2008-09-26 02:05 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-09-23 06:26 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-09-21 16:04 --------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ
2008-09-20 14:40 --------- d-----w c:\documents and settings\STEVE\Application Data\Windows Desktop Search
2008-09-20 14:13 --------- d-----w c:\program files\Windows Desktop Search
2008-09-19 22:48 1,200,128 ----a-w c:\windows\RtlUpd.exe
2008-09-19 11:55 --------- d-----w c:\program files\MSBuild
2008-09-19 11:51 --------- d-----w c:\program files\Microsoft ActiveSync
2008-09-19 11:46 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-09-18 01:48 --------- d-----w c:\program files\CyberLink
2008-09-18 01:39 --------- d-----w c:\program files\Canon
2008-09-18 01:37 --------- d-----w c:\documents and settings\STEVE\Application Data\uTorrent
2008-09-16 11:47 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-09-16 02:41 --------- d--h--w c:\program files\CanonBJ
2008-09-16 02:17 --------- d-----w c:\program files\Common Files\CANON
2008-09-16 01:58 --------- d-----w c:\program files\Common Files\ScanSoft Shared
2008-09-16 01:58 --------- d-----w c:\documents and settings\STEVE\Application Data\ScanSoft
2008-09-16 01:58 --------- d-----w c:\documents and settings\All Users\Application Data\ScanSoft
2008-09-16 01:58 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-09-16 01:57 --------- d-----w c:\program files\ScanSoft
2008-09-12 17:17 3,768 ----a-w c:\windows\system32\drivers\MovRVDrv32.sys
2008-09-12 17:17 23,096 ----a-w c:\windows\system32\drivers\SndTDriverV32.sys
2008-08-25 21:17 528,384 ----a-w c:\windows\RtlExUpd.dll
2008-08-19 18:26 77,824 ----a-w c:\windows\SOUNDMAN.EXE
2005-04-05 17:58 143,936 -c--a-w c:\documents and settings\STEVE\Application Data\GDIPFONTCACHEV1.DAT
2004-12-14 04:23 8,192 -csha-w c:\program files\Thumbs.db
2001-03-28 16:02 122,880 -c--a-w c:\windows\inf\AGFA\message.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- c:\windows\inf\AGFA\message.exe ----
Company: Agfa Gevaert NV
File Description: Installer Message Applet
File Version: 1.3.2
Product Name: Agfa Setup
Copyright: Copyright (C) Agfa Gevaert NV 1999-2001
Original file name: MESSAGE.EXE
MD5: 2a7006524ab670a5fb3fd7a15b02fb45

---- Directory of c:\windows\inf\AGFA ----

2001-09-07 12:43 80 --a--c--- c:\windows\inf\AGFA\message.ini
2001-03-28 11:02 122880 --a--c--- c:\windows\inf\AGFA\message.exe

((((((((((((((((((((((((((((( snapshot@2008-11-10_23.37.12.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2008-07-21 17:48:35 28,988 -c--a-w c:\windows\system32\Restore\rstrlog.dat
+ 2008-11-12 00:59:07 634,060 -c--a-w c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"RegistryMechanic "= "c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"WinColorReminder "= "c:\program files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe" [2005-10-31 101120]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-24 1234712]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"itype "= "c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"SoundMan "= "SOUNDMAN.EXE" [2008-08-19 c:\windows\SOUNDMAN.EXE]
"AlcWzrd "= "ALCWZRD.EXE" [2008-06-19 c:\windows\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

c:\documents and settings\STEVE\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv32 "= c:\windows\system32\ir32_32.dll
"vidc.iv31 "= c:\windows\system32\ir32_32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Infuzer.lnk]
backup=c:\windows\pss\Infuzer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
--a--c--- 2007-02-26 09:40 249856 c:\program files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2008-05-28 07:27 570664 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a--c--- 2006-10-25 08:03 210472 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2008-06-19 16:20 57344 c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2008-06-19 16:42 2808832 c:\windows\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2008-08-19 13:26 77824 c:\windows\SOUNDMAN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WinColorReminder "=c:\program files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
"CanonMyPrinter "=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu "=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"OpwareSE4 "= "c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\FrostWire\\FrostWire.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe "=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-10 97928]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-10-14 160792]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-10 231704]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\DRIVERS\ubsbm.sys [2005-07-27 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\DRIVERS\ubumapi.sys [2005-07-27 36352]
R3 PD1030VID;Creative WebCam Pro;c:\windows\system32\DRIVERS\p1030vid.sys [2002-05-20 167673]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\DRIVERS\ubohci.sys [2005-07-27 77056]
S3 Belkin700F;Belkin Wireless G Desktop Card Service v7;c:\windows\system32\DRIVERS\BLKWGDv7.sys [2006-10-18 303616]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [ ]
S3 KBCAM;JamC@m USB service;c:\windows\system32\Drivers\KBCAM.sys [2001-02-06 16384]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2008-09-12 3768]
S3 SndTDriverV32;SndTDriverV32;c:\windows\system32\drivers\SndTDriverV32.sys [2008-09-12 23096]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe "
.
Contents of the 'Scheduled Tasks' folder

2008-11-09 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 19:12]

2008-08-19 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 11:01]

2008-11-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-11-05 c:\windows\Tasks\PC Pitstop Optimize.job
- c:\progra~1\PCPITS~1\Optimize\PCPOPT~1.EXE [2004-12-15 09:31]

2008-11-12 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 16:21]

2008-11-10 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 16:21]

2008-11-10 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe []

2008-11-12 c:\windows\Tasks\User_Feed_Synchronization-{E2FBE838-A198-4BAA-9737-F2779651B624}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{2787EA8E-8D87-48AF-88AD-B30246C917AB} - (no file)

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 23:33:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Spyware Doctor\pctsAuxs.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\searchindexer.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-11-11 23:38:35 - machine was rebooted [STEVE]
ComboFix-quarantined-files.txt 2008-11-12 04:38:30
ComboFix2.txt 2008-11-11 04:38:02

Pre-Run: 60,327,542,784 bytes free
Post-Run: 60,312,420,352 bytes free

369 --- E O F --- 2008-11-08 03:24:29

noahdfear · 2008/11/11

Because the internet browser is so often compromised by malware, ComboFix automatically reset some things to default.

Is there any change in your system's behavior?

steveo65 · 2008/11/11

It seems to respond a little faster but, my original issue is still present

steveo65 · 2008/11/11

Also every time I use the quick reply box and click "post quick reply" I get directed to a ad page. Is this normal?

noahdfear · 2008/11/11

Please navigate to C:\Windows\System32 and right click inetcpl.cpl then select properties.
Post the filesize and version here.

eloivsdiablo · 2008/11/12

steveo,
http://www.my3cents.com/showReview.cgi?id=43501
http://www.castlecops.com/posts152916-15.html
http://www.spywareinfoforum.com/lofiversion/index.php/t115563.html
Specific examples I cannot recall but google 'spyware doctor false positives' to see this app is far from perfect, so excuse my scepticism. My first assumption was a file had been inadvertently deleted once I saw you have spydoc. I suggest that you take the time to back up your hard drive as this problem may be a sign that the OS is starting to crash and data retrieval will be difficult at that point. With further thought it seems like a corrupt user profile or Internet Explorer. Try creating another user account, then log off and go back in under the newly created one. Now, if you get the same problem under a new profile then it’s more then likely a corrupt IE file. I'd then attempt a repair install or at worst a complete reinstall...

steveo65 · 2008/11/12

File Properties

Version 7.0.6000.16735

Size: 1.74 MB (1,831,424 bytes)

Size on disk: 1.07 MB (1,126,400 bytes)

Log in or Sign up

Inactive [InActive] Possible malware?

steveo65 Well-Known Member Thread Starter

steveo65 Well-Known Member Thread Starter

noahdfear Inactive

steveo65 Well-Known Member Thread Starter

noahdfear Inactive

steveo65 Well-Known Member Thread Starter

noahdfear Inactive

steveo65 Well-Known Member Thread Starter

noahdfear Inactive

eloivsdiablo Inactive

steveo65 Well-Known Member Thread Starter

noahdfear Inactive

noahdfear Inactive

steveo65 Well-Known Member Thread Starter

noahdfear Inactive

steveo65 Well-Known Member Thread Starter

steveo65 Well-Known Member Thread Starter

noahdfear Inactive

eloivsdiablo Inactive

steveo65 Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Inactive [InActive] Possible malware?

steveo65 Well-Known Member Thread Starter

steveo65 Well-Known Member Thread Starter

noahdfear Inactive

steveo65 Well-Known Member Thread Starter

noahdfear Inactive

steveo65 Well-Known Member Thread Starter

noahdfear Inactive

steveo65 Well-Known Member Thread Starter

noahdfear Inactive

eloivsdiablo Inactive

steveo65 Well-Known Member Thread Starter

noahdfear Inactive

noahdfear Inactive

steveo65 Well-Known Member Thread Starter

noahdfear Inactive

steveo65 Well-Known Member Thread Starter

steveo65 Well-Known Member Thread Starter

noahdfear Inactive

eloivsdiablo Inactive

steveo65 Well-Known Member Thread Starter

Share This Page

Useful Searches