Inactive [InActive] Possible malware?

Hey, that's great news Steve!

Yes, the slipstreamed cd is an installation disk. You will still have to update, but not near as many ... at least not yet.

I'm going to look back over the topic when I get a few moments and see if there's any cleanup left to do. I'll post in with final steps or an all done.

 

Many Thanks

Dave you've been a big help. You gave me a great birthday present

 

Well HAPPY BIRTHDAY!!

 

Please post the contents of C:\Qoobox\ComboFix2.txt

 

Combofix2.txt

Sorry I took so long, I had to run in to work for a few. Here is the post;

ComboFix 08-11-10.01 - STEVE 2008-11-10 23:34:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2380 [GMT -5:00]
Running from: c:\documents and settings\STEVE\Desktop\ComboFix.exe
* Created a new restore point
.
The following files were disabled during the run:
c:\program files\Spyware Doctor\smumhook.dll
c:\program files\Spyware Doctor\klg.dat


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Fonts\acrsecB.fon
c:\windows\Fonts\acrsecI.fon
c:\windows\system\oeminfo.ini

.
((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.

2008-11-07 19:40 . 2008-11-07 19:40 <DIR> d-------- c:\program files\Nice Folders
2008-11-07 01:30 . 2008-11-07 01:31 <DIR> d-------- C:\rsit
2008-11-07 01:30 . 2008-11-07 17:44 <DIR> d-------- c:\program files\trend micro
2008-11-06 18:54 . 2008-04-13 20:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2008-11-06 18:53 . 2004-08-03 22:31 154,624 --a--c--- c:\windows\system32\dllcache\wlluc48.sys
2008-11-06 18:53 . 2008-04-13 14:45 31,744 --a--c--- c:\windows\system32\dllcache\wceusbsh.sys
2008-11-06 18:53 . 2004-08-03 22:29 23,615 --a--c--- c:\windows\system32\dllcache\wch7xxnt.sys
2008-11-06 18:53 . 2004-08-03 22:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2008-11-06 18:53 . 2004-08-03 22:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2008-11-06 18:53 . 2008-04-13 14:36 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys
2008-11-06 18:53 . 2008-04-13 20:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2008-11-06 18:52 . 2008-04-13 20:12 82,944 --a--c--- c:\windows\system32\dllcache\tp4mon.exe
2008-11-06 18:52 . 2004-08-03 22:29 33,599 --a--c--- c:\windows\system32\dllcache\watv04nt.sys
2008-11-06 18:52 . 2004-08-03 22:31 32,384 --a--c--- c:\windows\system32\dllcache\usb101et.sys
2008-11-06 18:52 . 2004-08-03 22:29 29,311 --a--c--- c:\windows\system32\dllcache\watv01nt.sys
2008-11-06 18:52 . 2004-08-03 22:29 19,551 --a--c--- c:\windows\system32\dllcache\watv02nt.sys
2008-11-06 18:52 . 2008-04-13 14:45 17,152 --a--c--- c:\windows\system32\dllcache\usbohci.sys
2008-11-06 18:52 . 2004-08-03 22:29 12,415 --a--c--- c:\windows\system32\dllcache\wadv01nt.sys
2008-11-06 18:52 . 2004-08-03 22:29 12,127 --a--c--- c:\windows\system32\dllcache\wadv02nt.sys
2008-11-06 18:52 . 2004-08-03 22:29 11,775 --a--c--- c:\windows\system32\dllcache\wadv05nt.sys
2008-11-06 18:52 . 2008-04-13 14:40 5,376 --a--c--- c:\windows\system32\dllcache\viaide.sys
2008-11-06 18:51 . 2008-04-13 14:40 149,376 --a--c--- c:\windows\system32\dllcache\tffsport.sys
2008-11-06 18:51 . 2008-04-13 14:36 16,000 --a--c--- c:\windows\system32\dllcache\smbbatt.sys
2008-11-06 18:51 . 2008-04-13 14:40 7,552 --a--c--- c:\windows\system32\dllcache\sonyait.sys
2008-11-06 18:51 . 2008-04-13 14:36 6,912 --a--c--- c:\windows\system32\dllcache\smbclass.sys
2008-11-06 18:50 . 2004-08-03 22:31 63,547 --a--c--- c:\windows\system32\dllcache\sla30nd5.sys
2008-11-06 18:50 . 2008-04-13 14:40 43,904 --a--c--- c:\windows\system32\dllcache\sbp2port.sys
2008-11-06 18:50 . 2004-08-03 22:31 32,768 --a--c--- c:\windows\system32\dllcache\sisnic.sys
2008-11-06 18:49 . 2008-04-13 20:12 159,232 --a--c--- c:\windows\system32\dllcache\ptpusd.dll
2008-11-06 18:49 . 2008-04-13 14:40 79,104 --a--c--- c:\windows\system32\dllcache\rocket.sys
2008-11-06 18:49 . 2008-04-13 20:12 33,280 --a--c--- c:\windows\system32\dllcache\psisrndr.ax
2008-11-06 18:49 . 2004-08-03 22:31 20,992 --a--c--- c:\windows\system32\dllcache\rtl8139.sys
2008-11-06 18:49 . 2008-04-13 14:40 6,016 --a--c--- c:\windows\system32\dllcache\qic157.sys
2008-11-06 18:48 . 2008-04-13 20:12 363,520 --a--c--- c:\windows\system32\dllcache\psisdecd.dll
2008-11-06 18:48 . 2008-04-13 20:10 259,328 --a--c--- c:\windows\system32\dllcache\perm3dd.dll
2008-11-06 18:48 . 2008-04-13 20:10 211,584 --a--c--- c:\windows\system32\dllcache\perm2dll.dll
2008-11-06 18:48 . 2004-08-03 22:06 169,984 --a--c--- c:\windows\system32\dllcache\pcx500.sys
2008-11-06 18:48 . 2004-08-03 22:31 29,502 --a--c--- c:\windows\system32\dllcache\pca200e.sys
2008-11-06 18:48 . 2008-04-13 14:44 28,032 --a--c--- c:\windows\system32\dllcache\perm3.sys
2008-11-06 18:48 . 2008-04-13 14:44 27,904 --a--c--- c:\windows\system32\dllcache\perm2.sys
2008-11-06 18:48 . 2008-04-13 14:41 17,664 --a--c--- c:\windows\system32\dllcache\ppa3.sys
2008-11-06 18:44 . 2008-04-13 14:54 28,672 --a--c--- c:\windows\system32\dllcache\nscirda.sys
2008-11-06 18:43 . 2004-08-03 22:31 132,695 --a--c--- c:\windows\system32\dllcache\netwlan5.sys
2008-11-06 18:43 . 2008-04-13 20:12 56,832 --a--c--- c:\windows\system32\dllcache\msdvbnp.ax
2008-11-06 18:43 . 2008-04-13 14:46 51,200 --a--c--- c:\windows\system32\dllcache\msdv.sys
2008-11-06 18:43 . 2008-04-13 14:46 49,024 --a--c--- c:\windows\system32\dllcache\mstape.sys
2008-11-06 18:43 . 2008-04-13 14:54 22,016 --a--c--- c:\windows\system32\dllcache\msircomm.sys
2008-11-06 18:42 . 2004-08-03 22:41 606,684 --a--c--- c:\windows\system32\dllcache\ltmdmnt.sys
2008-11-06 18:42 . 2004-08-03 22:41 420,992 --a--c--- c:\windows\system32\dllcache\ltmdmntt.sys
2008-11-06 18:42 . 2008-04-13 14:41 26,112 --a--c--- c:\windows\system32\dllcache\memstpci.sys
2008-11-06 18:42 . 2004-08-03 22:39 20,864 --a--c--- c:\windows\system32\dllcache\lwadihid.sys
2008-11-06 18:42 . 2008-04-13 14:46 15,232 --a--c--- c:\windows\system32\dllcache\mpe.sys
2008-11-06 18:42 . 2008-04-13 14:40 7,040 --a--c--- c:\windows\system32\dllcache\ltotape.sys
2008-11-06 18:41 . 2008-04-13 20:12 151,552 --a--c--- c:\windows\system32\dllcache\irftp.exe
2008-11-06 18:41 . 2008-04-13 14:54 88,192 --a--c--- c:\windows\system32\dllcache\irda.sys
2008-11-06 18:41 . 2008-04-13 14:40 34,688 --a--c--- c:\windows\system32\dllcache\lbrtfdc.sys
2008-11-06 18:41 . 2008-04-13 20:11 28,160 --a--c--- c:\windows\system32\dllcache\irmon.dll
2008-11-06 18:41 . 2008-04-13 14:39 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2008-11-06 18:40 . 2008-04-13 20:11 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2008-11-06 18:40 . 2004-08-03 22:29 161,020 --a--c--- c:\windows\system32\dllcache\i81xnt5.sys
2008-11-06 18:40 . 2008-04-13 14:41 18,560 --a--c--- c:\windows\system32\dllcache\i2omp.sys
2008-11-06 18:40 . 2008-04-13 14:41 8,576 --a--c--- c:\windows\system32\dllcache\i2omgmt.sys
2008-11-06 18:39 . 2008-04-13 14:45 59,136 --a--c--- c:\windows\system32\dllcache\gckernel.sys
2008-11-06 18:39 . 2004-08-03 22:31 34,173 --a--c--- c:\windows\system32\dllcache\forehe.sys
2008-11-06 18:39 . 2008-04-13 14:40 28,288 --a--c--- c:\windows\system32\dllcache\grserial.sys
2008-11-06 18:39 . 2008-04-13 20:11 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-11-06 18:39 . 2008-04-13 14:45 10,624 --a--c--- c:\windows\system32\dllcache\gameenum.sys
2008-11-06 18:38 . 2008-04-13 14:39 206,976 --a--c--- c:\windows\system32\dllcache\dot4.sys
2008-11-06 18:38 . 2004-08-03 22:32 137,088 --a--c--- c:\windows\system32\dllcache\essm2e.sys
2008-11-06 18:38 . 2008-04-13 20:12 20,992 --a--c--- c:\windows\system32\dllcache\dshowext.ax
2008-11-06 18:38 . 2008-04-13 14:40 8,320 --a--c--- c:\windows\system32\dllcache\dlttape.sys
2008-11-06 18:37 . 2008-04-13 20:11 249,856 --a--c--- c:\windows\system32\dllcache\ctmasetp.dll
2008-11-06 18:37 . 2004-08-03 22:32 48,640 --a--c--- c:\windows\system32\dllcache\cwrwdm.sys
2008-11-06 18:37 . 2008-04-13 14:36 13,952 --a--c--- c:\windows\system32\dllcache\cmbatt.sys
2008-11-06 18:36 . 2008-04-13 14:40 8,192 --a--c--- c:\windows\system32\dllcache\changer.sys
2008-11-06 18:35 . 2008-04-13 14:46 38,912 --a--c--- c:\windows\system32\dllcache\avc.sys
2008-11-06 18:35 . 2004-08-03 22:31 36,224 --a--c--- c:\windows\system32\dllcache\an983.sys
2008-11-06 18:35 . 2008-04-13 20:12 18,432 --a--c--- c:\windows\system32\dllcache\bdaplgin.ax
2008-11-06 18:35 . 2008-04-13 14:46 13,696 --a--c--- c:\windows\system32\dllcache\avcstrm.sys
2008-11-06 18:35 . 2008-04-13 14:46 11,776 --a--c--- c:\windows\system32\dllcache\bdasup.sys
2008-11-06 18:33 . 2004-08-03 22:32 231,552 --a--c--- c:\windows\system32\dllcache\ac97ali.sys
2008-11-06 18:33 . 2004-08-03 22:32 84,480 --a--c--- c:\windows\system32\dllcache\ac97via.sys
2008-11-06 18:33 . 2008-04-13 14:46 48,128 --a--c--- c:\windows\system32\dllcache\61883.sys
2008-11-06 18:33 . 2008-04-13 14:40 12,288 --a--c--- c:\windows\system32\dllcache\4mmdat.sys
2008-11-06 18:33 . 2004-08-03 22:32 10,880 --a--c--- c:\windows\system32\dllcache\admjoy.sys
2008-11-05 02:18 . 2008-11-05 02:18 0 --a------ c:\windows\nsreg.dat
2008-11-02 17:08 . 2008-11-02 17:08 <DIR> d-------- c:\program files\Classic Menu for Office
2008-11-02 11:40 . 2006-10-18 12:44 303,616 -ra------ c:\windows\system32\drivers\BLKWGDv7.sys
2008-10-30 22:31 . 2008-10-30 22:31 <DIR> d-------- c:\program files\Common Files\iseemedia
2008-10-30 22:30 . 2008-10-30 22:30 <DIR> d-------- c:\program files\iseemedia
2008-10-30 22:30 . 2008-10-30 22:30 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-10-30 22:23 . 2008-10-30 22:23 <DIR> d-------- c:\documents and settings\STEVE\Application Data\Morpheus Software
2008-10-30 22:22 . 2008-10-30 22:25 <DIR> d-------- c:\program files\Morpheus Photo Animation Suite
2008-10-30 21:15 . 2008-10-30 21:15 <DIR> d-------- c:\program files\Softland
2008-10-30 21:15 . 2008-10-08 12:43 20,120 --a------ c:\windows\system32\dopdfmn6.dll
2008-10-30 21:15 . 2008-10-08 12:43 18,072 --a------ c:\windows\system32\dopdfmi6.dll
2008-10-30 21:15 . 2008-09-08 11:44 7,481 --a------ c:\windows\system32\dopdf6.ctm
2008-10-26 12:03 . 2008-10-26 12:03 21,035 --a------ c:\windows\system32\drivers\AegisP.sys
2008-10-24 22:58 . 2008-10-24 22:58 <DIR> d-------- c:\program files\Windows Installer Clean Up
2008-10-24 22:56 . 2008-11-05 23:20 <DIR> d-------- c:\program files\MSECACHE
2008-10-22 22:37 . 2008-10-22 22:37 <DIR> d-------- c:\program files\Windows Defender
2008-10-21 22:20 . 2008-09-16 17:09 30,080 --a------ c:\windows\system32\drivers\RKHit.sys
2008-10-21 22:20 . 2008-10-21 22:20 42 --a------ c:\windows\system32\AK083E209605E394C.lie
2008-10-20 15:43 . 2007-01-13 08:45 172,032 --a------ c:\windows\system32\igfxres.dll
2008-10-20 14:48 . 2008-10-20 14:48 <DIR> d-------- c:\program files\OJOsoft
2008-10-20 14:44 . 2008-10-20 14:44 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-18 15:50 . 2003-07-24 11:10 17,149 --a------ c:\windows\system32\DNINDIS5.SYS
2008-10-17 00:14 . 2008-10-17 00:14 <DIR> d-------- c:\program files\SearchPerks! Perk Counter
2008-10-16 21:59 . 2001-10-16 07:12 696,320 -ra------ c:\windows\system32\AmericanFlag.scr
2008-10-16 21:55 . 2008-10-16 21:55 186 --a------ c:\windows\Autumn_Fantasy.ini
2008-10-16 19:57 . 2008-10-16 19:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2008-10-16 19:43 . 2006-11-29 12:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-10-16 19:42 . 2008-10-16 19:42 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-10-16 19:40 . 2008-10-19 10:30 <DIR> d-------- c:\program files\Windows Live
2008-10-16 19:40 . 2008-10-16 19:41 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-10-16 19:39 . 2008-10-16 19:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-15 00:23 . 2008-11-03 17:58 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-10-14 22:31 . 2008-10-14 22:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2008-10-14 15:36 . 2008-08-14 05:11 2,189,184 --a--c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-14 15:36 . 2008-08-14 04:33 2,066,048 --a--c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-14 13:36 . 2008-10-14 13:35 160,792 --a------ c:\windows\system32\drivers\pctfw2.sys
2008-10-13 10:45 . 2003-12-12 15:06 1,693,696 --a------ c:\windows\system32\ltclr13n.dll
2008-10-13 10:45 . 2003-11-04 14:11 155,648 --a------ c:\windows\system32\lftif13n.dll
2008-10-13 10:45 . 2003-11-04 14:10 98,304 --a------ c:\windows\system32\lffax13n.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 04:33 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-11 04:32 --------- d-----w c:\program files\Spyware Doctor
2008-11-11 04:11 --------- d-----w c:\documents and settings\STEVE\Application Data\FrostWire
2008-11-10 17:24 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-08 15:52 319,488 ----a-w c:\windows\HideWin.exe
2008-11-08 12:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-08 00:40 737,280 -c--a-w c:\windows\iun6002.exe
2008-11-07 06:58 --------- d-----w c:\program files\backups
2008-11-02 16:35 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 04:23 --------- d-----w c:\program files\Windows Media Connect
2008-10-31 04:23 --------- d-----w c:\program files\RegCure
2008-10-31 04:23 --------- d-----w c:\program files\Microsoft Pro Photo Tools
2008-10-31 04:23 --------- d-----w c:\program files\lg_fwupdate
2008-10-31 04:23 --------- d-----w c:\program files\FrostWire
2008-10-31 04:23 --------- d-----w c:\program files\CramMaster
2008-10-31 02:10 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-29 03:09 --------- d-----w c:\documents and settings\STEVE\Application Data\Canon
2008-10-18 22:20 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2008-10-18 19:44 --------- d-----w c:\documents and settings\All Users\Application Data\SITEguard
2008-10-14 19:00 --------- d-----w c:\program files\Virtual Earth 3D
2008-10-14 18:36 --------- d-----w c:\program files\Common Files\PC Tools
2008-10-13 23:26 4,879,360 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2008-10-11 04:44 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-10-11 04:36 --------- d-----w c:\documents and settings\STEVE\Application Data\Trondent Development Corp
2008-10-09 19:54 17,021,440 ----a-w c:\windows\RTHDCPL.EXE
2008-10-09 02:52 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-09 02:51 --------- d-----w c:\program files\Common Files\Adobe
2008-10-09 02:33 --------- d-----w c:\documents and settings\STEVE\Application Data\Azureus
2008-10-04 23:04 --------- d-----w c:\program files\Google
2008-10-02 20:16 --------- d-----w c:\documents and settings\STEVE\Application Data\Ahead
2008-09-30 21:38 2,168,320 ----a-w c:\windows\MicCal.exe
2008-09-30 01:58 --------- d-----w c:\program files\Common Files\Download Manager
2008-09-26 02:05 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-09-23 06:26 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-09-21 16:04 --------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ
2008-09-20 14:40 --------- d-----w c:\documents and settings\STEVE\Application Data\Windows Desktop Search
2008-09-20 14:13 --------- d-----w c:\program files\Windows Desktop Search
2008-09-19 22:48 1,200,128 ----a-w c:\windows\RtlUpd.exe
2008-09-19 11:55 --------- d-----w c:\program files\MSBuild
2008-09-19 11:51 --------- d-----w c:\program files\Microsoft ActiveSync
2008-09-19 11:46 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-09-18 01:48 --------- d-----w c:\program files\CyberLink
2008-09-18 01:39 --------- d-----w c:\program files\Canon
2008-09-18 01:37 --------- d-----w c:\documents and settings\STEVE\Application Data\uTorrent
2008-09-16 11:47 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-09-16 02:41 --------- d--h--w c:\program files\CanonBJ
2008-09-16 02:17 --------- d-----w c:\program files\Common Files\CANON
2008-09-16 01:58 --------- d-----w c:\program files\Common Files\ScanSoft Shared
2008-09-16 01:58 --------- d-----w c:\documents and settings\STEVE\Application Data\ScanSoft
2008-09-16 01:58 --------- d-----w c:\documents and settings\All Users\Application Data\ScanSoft
2008-09-16 01:58 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-09-16 01:57 --------- d-----w c:\program files\ScanSoft
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-12 17:17 3,768 ----a-w c:\windows\system32\drivers\MovRVDrv32.sys
2008-09-12 17:17 23,096 ----a-w c:\windows\system32\drivers\SndTDriverV32.sys
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-25 21:17 528,384 ----a-w c:\windows\RtlExUpd.dll
2008-08-19 18:26 77,824 ----a-w c:\windows\SOUNDMAN.EXE
2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
2005-04-05 17:58 143,936 -c--a-w c:\documents and settings\STEVE\Application Data\GDIPFONTCACHEV1.DAT
2004-12-14 04:23 8,192 -csha-w c:\program files\Thumbs.db
2004-12-05 17:31 187,904 -c--a-w c:\program files\HijackThis19802.exe
2001-03-28 16:02 122,880 -c--a-w c:\windows\inf\AGFA\message.exe
2000-10-22 03:15 59,616 -c--a-w c:\program files\gun.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2787EA8E-8D87-48af-88AD-B30246C917AB}]
2008-09-30 14:59 514096 --a------ c:\program files\SearchPerks! Perk Counter\Bmbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2787EA8E-8D87-48af-88AD-B30246C917AB} "= "c:\program files\SearchPerks! Perk Counter\Bmbho.dll" [2008-09-30 514096]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2787EA8E-8D87-48AF-88AD-B30246C917AB} "= "c:\program files\SearchPerks! Perk Counter\Bmbho.dll" [2008-09-30 514096]

[HKEY_CLASSES_ROOT\clsid\{2787ea8e-8d87-48af-88ad-b30246c917ab}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"RegistryMechanic "= "c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"WinColorReminder "= "c:\program files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe" [2005-10-31 101120]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-24 1234712]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"itype "= "c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"SoundMan "= "SOUNDMAN.EXE" [2008-08-19 c:\windows\SOUNDMAN.EXE]
"AlcWzrd "= "ALCWZRD.EXE" [2008-06-19 c:\windows\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

c:\documents and settings\STEVE\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv32 "= c:\windows\system32\ir32_32.dll
"vidc.iv31 "= c:\windows\system32\ir32_32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Infuzer.lnk]
backup=c:\windows\pss\Infuzer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadMSvcmm
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pgsazn
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search-Exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shsvotsx
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wdskctl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdService
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows ControlAd
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YneCz

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
--a--c--- 2007-02-26 09:40 249856 c:\program files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2008-05-28 07:27 570664 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a--c--- 2006-10-25 08:03 210472 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2008-06-19 16:20 57344 c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2008-06-19 16:42 2808832 c:\windows\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2008-08-19 13:26 77824 c:\windows\SOUNDMAN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WinColorReminder "=c:\program files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
"CanonMyPrinter "=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu "=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"OpwareSE4 "= "c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\FrostWire\\FrostWire.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe "=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-10 97928]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-10-14 160792]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-10 231704]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\DRIVERS\ubsbm.sys [2005-07-27 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\DRIVERS\ubumapi.sys [2005-07-27 36352]
R3 PD1030VID;Creative WebCam Pro;c:\windows\system32\DRIVERS\p1030vid.sys [2002-05-20 167673]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\DRIVERS\ubohci.sys [2005-07-27 77056]
S3 Belkin700F;Belkin Wireless G Desktop Card Service v7;c:\windows\system32\DRIVERS\BLKWGDv7.sys [2006-10-18 303616]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [ ]
S3 dwanarp;dwanarp;c:\docume~1\ALEX\LOCALS~1\Temp\dwanarp.sys [ ]
S3 KBCAM;JamC@m USB service;c:\windows\system32\Drivers\KBCAM.sys [2001-02-06 16384]
S3 kusbport;kusbport;c:\docume~1\ALEX\LOCALS~1\Temp\kusbport.sys [ ]
S3 lws2ifsl;lws2ifsl;c:\docume~1\ALEX\LOCALS~1\Temp\lws2ifsl.sys [ ]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2008-09-12 3768]
S3 mwanarp;mwanarp;c:\docume~1\ALEX\LOCALS~1\Temp\mwanarp.sys [ ]
S3 psdbus;psdbus;c:\docume~1\ALEX\LOCALS~1\Temp\psdbus.sys [ ]
S3 qserenum;qserenum;c:\docume~1\ALEX\LOCALS~1\Temp\qserenum.sys [ ]
S3 SndTDriverV32;SndTDriverV32;c:\windows\system32\drivers\SndTDriverV32.sys [2008-09-12 23096]
S3 TDMusic;TDMusic;c:\docume~1\ALEX\LOCALS~1\Temp\TDMusic.sys [ ]
S3 tredbook;tredbook;c:\docume~1\ALEX\LOCALS~1\Temp\tredbook.sys [ ]

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe "
.
Contents of the 'Scheduled Tasks' folder

2008-11-09 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 19:12]

2008-08-19 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 11:01]

2008-11-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-11-05 c:\windows\Tasks\PC Pitstop Optimize.job
- c:\progra~1\PCPITS~1\Optimize\PCPOPT~1.EXE [2004-12-15 09:31]

2008-11-11 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 16:21]

2008-11-10 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 16:21]

2008-11-10 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-30 13:45]

2008-11-11 c:\windows\Tasks\User_Feed_Synchronization-{E2FBE838-A198-4BAA-9737-F2779651B624}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\STEVE\Application Data\Mozilla\Firefox\Profiles\t29h95gg.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.live.com/
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\Virtual Earth 3D\npVE3D.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 23:36:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\winlogon.exe
-> c:\program files\Spyware Doctor\smumhook.dll
-> c:\program files\Spyware Doctor\klg.dat

PROCESS: c:\windows\system32\lsass.exe
-> c:\program files\Spyware Doctor\smumhook.dll
-> c:\program files\Spyware Doctor\klg.dat

PROCESS: c:\windows\system32\csrss.exe
-> c:\program files\Spyware Doctor\smumhook.dll
-> c:\program files\Spyware Doctor\klg.dat
.
Completion time: 2008-11-10 23:38:00
ComboFix-quarantined-files.txt 2008-11-11 04:37:44

Pre-Run: 58,596,499,456 bytes free
Post-Run: 58,579,755,008 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

387 --- E O F --- 2008-11-08 03:24:29

 

Hi Steve,

Thanks! Lets clean up. Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.
You can delete any other logs that were created/saved too.

Download ATF Cleaner by Atribune and save it to your Desktop.

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Reboot


That should finish things up. Any other issues?

 

Clean-up finished

I feel that my restart/start-up times are slow, but other than that, everything seems to be at the present time. Thanks once again!

 

Disk Cleanup and defrag>reboot>defrag>reboot might help your startup time. If you did clear Prefetch, it might take a couple of reboots for that to repopulate as well.

Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!

 

Bad News

Dave, its back! The internet options won't open again

 

Please repeat the procedure in Post #21

 

Log file

Volume in drive C is System Master
Volume Serial Number is 2C11-5164

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 07:00 AM 358,400 inetcpl.cpl
1 File(s) 358,400 bytes

Directory of C:\WINDOWS\ie7

04/13/2008 07:12 PM 360,960 inetcpl.cpl
1 File(s) 360,960 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 07:12 PM 360,960 inetcpl.cpl
1 File(s) 360,960 bytes

Directory of C:\WINDOWS\system32

08/22/2008 03:08 AM 1,415,680 inetcpl.cpl
1 File(s) 1,415,680 bytes

Directory of C:\WINDOWS\system32\dllcache

08/22/2008 03:08 AM 1,415,680 inetcpl.cpl
1 File(s) 1,415,680 bytes

 

Hmmm, another update maybe? Looks like the file got changed again. Repeat the instructions in Post #23

Now let's get a fresh RSIT log.

• Download RSIT by random/random and save it to your desktop.
• Double click RSIT.exe to start the tool.
• At the disclaimer, please use the drop down box to select 3 months for the file/folder search, then click Continue.
• When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
• Please post the contents of log.txt here in your next reply.

 

Log file

Logfile of random's system information tool 1.04 (written by random/random)
Run by STEVE at 2008-11-18 23:19:13
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 57 GB (50%) free of 114 GB
Total RAM: 3063 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:39 PM, on 11/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\FrostWire\FrostWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\STEVE\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\STEVE.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe "
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\RunOnce: [IERESETATTRIB] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\system32\ieudinit.exe -ResetFileAttributes
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7922 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\PC Pitstop Optimize.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{E2FBE838-A198-4BAA-9737-F2779651B624}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-10 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY "=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-24 1234712]
"IntelliPoint "=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]
"itype "=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-11-21 813912]
"GrooveMonitor "=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"IgfxTray "=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"SoundMan "=C:\WINDOWS\SOUNDMAN.EXE [2008-08-19 77824]
"AlcWzrd "=C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]
"ISTray "=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]
"WinPatrol "=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-10-09 333120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IERESETATTRIB "=C:\WINDOWS\system32\cmd.exe [2008-04-13 389120]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"RegistryMechanic "=C:\Program Files\Registry Mechanic\RegMech.exe [2008-07-08 2828184]
"WMPNSCFG "=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
C:\Program Files\lg_fwupdate\fwupdate.exe [2007-02-26 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-05-28 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2008-08-19 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Infuzer.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-09-28 123904]

C:\Documents and Settings\STEVE\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "avgrsstx.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} "=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=
"NoDrives "=
"NoDriveAutoRun "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\WINDOWS\system32\dpvsetup.exe "= "C:\WINDOWS\system32\dpvsetup.exe:*isabled:Microsoft DirectPlay Voice Test "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\FrostWire\FrostWire.exe "= "C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire "
"C:\Program Files\AVG\AVG8\avgupd.exe "= "C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe "= "C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup "
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe "= "C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942 "
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE "= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook "
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE "= "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove "
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE "= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

======File associations======

.js - open -
.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1 "
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2008-11-18 23:19:13 ----D---- C:\rsit
2008-11-17 23:55:44 ----D---- C:\WINDOWS\LastGood
2008-11-17 23:33:58 ----A---- C:\WINDOWS\imsins.BAK
2008-11-17 23:31:28 ----A---- C:\WINDOWS\system32\SET69.tmp
2008-11-17 23:31:28 ----A---- C:\WINDOWS\system32\SET59.tmp
2008-11-17 23:31:28 ----A---- C:\WINDOWS\system32\SET50.tmp
2008-11-17 23:31:28 ----A---- C:\WINDOWS\system32\SET4F.tmp
2008-11-17 23:31:28 ----A---- C:\WINDOWS\system32\SET3D.tmp
2008-11-17 23:31:26 ----A---- C:\WINDOWS\system32\SET6A.tmp
2008-11-17 23:31:26 ----A---- C:\WINDOWS\system32\SET68.tmp
2008-11-17 23:31:26 ----A---- C:\WINDOWS\system32\SET67.tmp
2008-11-17 23:31:26 ----A---- C:\WINDOWS\system32\SET66.tmp
2008-11-17 23:31:26 ----A---- C:\WINDOWS\system32\SET65.tmp
2008-11-17 23:31:26 ----A---- C:\WINDOWS\system32\SET64.tmp
2008-11-17 23:31:26 ----A---- C:\WINDOWS\system32\SET63.tmp
2008-11-17 23:31:25 ----A---- C:\WINDOWS\system32\SET62.tmp
2008-11-17 23:31:25 ----A---- C:\WINDOWS\system32\SET61.tmp
2008-11-17 23:31:25 ----A---- C:\WINDOWS\system32\SET60.tmp
2008-11-17 23:31:25 ----A---- C:\WINDOWS\system32\SET5F.tmp
2008-11-17 23:31:25 ----A---- C:\WINDOWS\system32\SET5E.tmp
2008-11-17 23:31:25 ----A---- C:\WINDOWS\system32\SET5D.tmp
2008-11-17 23:31:25 ----A---- C:\WINDOWS\system32\SET5C.tmp
2008-11-17 23:31:25 ----A---- C:\WINDOWS\system32\SET5B.tmp
2008-11-17 23:31:25 ----A---- C:\WINDOWS\system32\SET5A.tmp
2008-11-17 23:31:25 ----A---- C:\WINDOWS\system32\SET56.tmp
2008-11-17 23:31:25 ----A---- C:\WINDOWS\system32\SET55.tmp
2008-11-17 23:31:25 ----A---- C:\WINDOWS\system32\SET54.tmp
2008-11-17 23:31:25 ----A---- C:\WINDOWS\system32\SET53.tmp
2008-11-17 23:31:25 ----A---- C:\WINDOWS\system32\SET52.tmp
2008-11-17 23:31:25 ----A---- C:\WINDOWS\system32\SET51.tmp
2008-11-17 23:31:24 ----A---- C:\WINDOWS\system32\SET58.tmp
2008-11-17 23:31:24 ----A---- C:\WINDOWS\system32\SET57.tmp
2008-11-17 23:31:24 ----A---- C:\WINDOWS\system32\SET4E.tmp
2008-11-17 23:31:24 ----A---- C:\WINDOWS\system32\SET4D.tmp
2008-11-17 23:31:24 ----A---- C:\WINDOWS\system32\SET4C.tmp
2008-11-17 23:31:24 ----A---- C:\WINDOWS\system32\SET4B.tmp
2008-11-17 23:31:24 ----A---- C:\WINDOWS\system32\SET4A.tmp
2008-11-17 23:31:24 ----A---- C:\WINDOWS\system32\SET49.tmp
2008-11-17 23:31:24 ----A---- C:\WINDOWS\system32\SET48.tmp
2008-11-17 23:31:24 ----A---- C:\WINDOWS\system32\SET47.tmp
2008-11-17 23:31:24 ----A---- C:\WINDOWS\system32\SET46.tmp
2008-11-17 23:31:24 ----A---- C:\WINDOWS\system32\SET45.tmp
2008-11-17 23:31:24 ----A---- C:\WINDOWS\system32\SET44.tmp
2008-11-17 23:31:24 ----A---- C:\WINDOWS\system32\SET43.tmp
2008-11-17 23:31:24 ----A---- C:\WINDOWS\system32\SET42.tmp
2008-11-17 23:31:24 ----A---- C:\WINDOWS\system32\SET41.tmp
2008-11-17 23:31:24 ----A---- C:\WINDOWS\system32\SET40.tmp
2008-11-17 23:31:24 ----A---- C:\WINDOWS\system32\SET3F.tmp
2008-11-17 23:31:24 ----A---- C:\WINDOWS\system32\SET3E.tmp
2008-11-17 23:31:24 ----A---- C:\WINDOWS\system32\SET3C.tmp
2008-11-17 23:31:24 ----A---- C:\WINDOWS\system32\SET3B.tmp
2008-11-17 23:31:24 ----A---- C:\WINDOWS\system32\ieencode.dll
2008-11-17 23:31:23 ----DC---- C:\WINDOWS\ie8
2008-11-17 11:20:56 ----A---- C:\WINDOWS\system32\cdm.dll.wusetup.45792421.new
2008-11-16 14:00:56 ----D---- C:\Documents and Settings\STEVE\Application Data\NCH Swift Sound
2008-11-16 14:00:55 ----D---- C:\Documents and Settings\STEVE\Application Data\Recordpad
2008-11-16 14:00:37 ----D---- C:\Program Files\NCH Software
2008-11-16 14:00:29 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-11-16 13:59:39 ----D---- C:\Program Files\NCH Swift Sound
2008-11-16 09:59:36 ----D---- C:\Program Files\CCleaner
2008-11-16 09:59:00 ----D---- C:\Documents and Settings\STEVE\Application Data\WinPatrol
2008-11-16 09:58:52 ----D---- C:\Program Files\BillP Studios
2008-11-16 00:48:53 ----D---- C:\Program Files\Lavasoft
2008-11-16 00:48:52 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-14 01:52:13 ----AD---- C:\$AutoStreamer$
2008-11-14 01:09:51 ----D---- C:\Program Files\AutoStreamer
2008-11-13 23:47:08 ----D---- C:\Program Files\Easy Duplicate Finder
2008-11-13 20:27:40 ----A---- C:\WINDOWS\system32\wuapi.dll.wusetup.76964343.new
2008-11-12 23:01:16 ----SHD---- C:\RECYCLER
2008-11-12 22:42:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 22:41:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 22:41:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-11 23:38:42 ----D---- C:\WINDOWS\temp
2008-11-11 23:38:38 ----A---- C:\ComboFix.txt
2008-11-11 09:12:04 ----D---- C:\Documents and Settings\STEVE\Application Data\OnlineArmor
2008-11-11 09:11:31 ----D---- C:\Program Files\Tall Emu
2008-11-10 23:34:23 ----A---- C:\Boot.bak
2008-11-10 23:34:18 ----RASHD---- C:\cmdcons
2008-11-10 23:31:51 ----D---- C:\WINDOWS\ERDNT
2008-11-07 19:40:38 ----D---- C:\Program Files\Nice Folders
2008-11-07 01:30:41 ----D---- C:\Program Files\trend micro
2008-11-05 02:16:05 ----D---- C:\Documents and Settings\STEVE\Application Data\Mozilla
2008-11-05 02:14:23 ----D---- C:\Program Files\Mozilla Firefox
2008-10-30 22:31:00 ----D---- C:\Program Files\Common Files\iseemedia
2008-10-30 22:30:58 ----D---- C:\Program Files\iseemedia
2008-10-30 22:30:11 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-30 22:23:18 ----D---- C:\Documents and Settings\STEVE\Application Data\Morpheus Software
2008-10-30 22:22:57 ----D---- C:\Program Files\Morpheus Photo Animation Suite
2008-10-25 05:19:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-24 22:58:20 ----D---- C:\Program Files\Windows Installer Clean Up
2008-10-24 22:56:04 ----D---- C:\Program Files\MSECACHE
2008-10-22 22:37:01 ----D---- C:\Program Files\Windows Defender
2008-10-20 15:43:01 ----A---- C:\WINDOWS\system32\igfxres.dll
2008-10-20 14:48:39 ----D---- C:\Program Files\OJOsoft
2008-10-20 14:44:36 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-19 10:24:54 ----A---- C:\WINDOWS\system32\order.txt
2008-10-18 15:50:39 ----A---- C:\WINDOWS\system32\results.txt
2008-10-16 21:55:38 ----A---- C:\WINDOWS\Autumn_Fantasy.ini
2008-10-16 19:57:58 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-10-16 19:43:26 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-10-16 19:42:38 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2008-10-16 19:40:30 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-16 19:40:14 ----D---- C:\Program Files\Windows Live
2008-10-16 19:39:55 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-15 23:07:33 ----D---- C:\Documents and Settings\STEVE\Application Data\WinRAR
2008-10-15 23:07:01 ----D---- C:\Program Files\WinRAR
2008-10-15 00:23:54 ----D---- C:\Program Files\Windows Live Safety Center
2008-10-14 22:31:38 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-10-14 20:40:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-14 20:40:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-14 20:39:52 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-14 20:38:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-14 20:38:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-13 10:45:17 ----A---- C:\WINDOWS\system32\ltclr13n.dll
2008-10-13 10:45:17 ----A---- C:\WINDOWS\system32\lftif13n.dll
2008-10-13 10:45:17 ----A---- C:\WINDOWS\system32\lffax13n.dll
2008-10-10 00:22:04 ----D---- C:\Documents and Settings\STEVE\Application Data\Trondent Development Corp
2008-10-08 21:52:57 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-10-08 21:45:07 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-10-02 15:17:55 ----A---- C:\WINDOWS\COVERE~1.INI
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-29 21:02:38 ----D---- C:\Converted
2008-09-29 20:58:32 ----D---- C:\Program Files\Common Files\Download Manager
2008-09-28 08:19:43 ----D---- C:\Sierra
2008-09-27 00:08:15 ----D---- C:\Downloads
2008-09-25 21:05:36 ----D---- C:\Documents and Settings\STEVE\Application Data\Azureus
2008-09-23 19:42:21 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-09-23 19:40:50 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-09-21 11:04:06 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-09-20 09:40:51 ----D---- C:\Documents and Settings\STEVE\Application Data\Windows Desktop Search
2008-09-19 19:07:30 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2008-09-19 07:19:25 ----D---- C:\Program Files\Common Files\DESIGNER
2008-09-19 07:00:39 ----A---- C:\WINDOWS\system32\msonpmon.dll
2008-09-19 06:55:02 ----D---- C:\Program Files\Microsoft Visual Studio
2008-09-19 06:46:47 ----D---- C:\Program Files\Microsoft Visual Studio 8
2008-09-19 06:45:11 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-17 00:00:51 ----D---- C:\Documents and Settings\STEVE\Application Data\uTorrent
2008-09-16 06:47:41 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-15 22:57:24 ----D---- C:\Documents and Settings\STEVE\Application Data\Canon
2008-09-15 21:41:34 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-09-15 21:41:24 ----AC---- C:\WINDOWS\system32\CNC470O.DLL
2008-09-15 21:41:23 ----AC---- C:\WINDOWS\system32\CNC470I.DLL
2008-09-15 21:41:23 ----A---- C:\WINDOWS\system32\CNC470L.DLL
2008-09-15 21:41:23 ----A---- C:\WINDOWS\system32\CNC470C.DLL
2008-09-15 21:41:07 ----HD---- C:\Program Files\CanonBJ
2008-09-15 21:17:10 ----D---- C:\Program Files\Common Files\CANON
2008-09-15 21:01:41 ----A---- C:\WINDOWS\system32\CNMLM8U.DLL
2008-09-15 20:59:22 ----AC---- C:\WINDOWS\MAXLINK.INI
2008-09-15 20:58:56 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-15 20:58:53 ----D---- C:\Documents and Settings\STEVE\Application Data\ScanSoft
2008-09-15 20:58:39 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2008-09-15 20:58:39 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-09-15 20:57:57 ----D---- C:\Program Files\ScanSoft
2008-09-10 20:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-10 20:00:07 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-08 10:08:28 ----AC---- C:\WINDOWS\system32\lfgif13n.dll
2008-09-08 10:08:27 ----AC---- C:\WINDOWS\system32\ltkrn13n.dll
2008-09-08 10:08:27 ----AC---- C:\WINDOWS\system32\ltimg13n.dll
2008-09-08 10:08:27 ----AC---- C:\WINDOWS\system32\ltfil13n.dll
2008-09-08 10:08:27 ----AC---- C:\WINDOWS\system32\ltefx13n.dll
2008-09-08 10:08:27 ----AC---- C:\WINDOWS\system32\ltdis13n.dll
2008-09-08 10:08:27 ----AC---- C:\WINDOWS\system32\lfcmp13n.dll
2008-09-08 10:08:27 ----AC---- C:\WINDOWS\system32\lfbmp13n.dll
2008-09-05 00:41:14 ----D---- C:\Program Files\Photo Story 3 for Windows
2008-09-04 22:29:57 ----RAC---- C:\WINDOWS\system32\DolbyHph.dll
2008-09-04 08:07:19 ----D---- C:\Program Files\Pro Imaging Powertoys
2008-09-03 22:37:35 ----AC---- C:\WINDOWS\system32\igfxpers.exe
2008-09-03 22:37:35 ----A---- C:\WINDOWS\system32\igxprd32.dll
2008-09-03 22:37:34 ----AC---- C:\WINDOWS\system32\iglicd32.dll
2008-09-03 22:37:34 ----AC---- C:\WINDOWS\system32\igldev32.dll
2008-09-03 22:37:34 ----AC---- C:\WINDOWS\system32\igfxsrvc.exe
2008-09-03 22:37:34 ----A---- C:\WINDOWS\system32\igxpgd32.dll
2008-09-03 22:37:34 ----A---- C:\WINDOWS\system32\igxpdv32.dll
2008-09-03 22:37:33 ----AC---- C:\WINDOWS\system32\igfxCoIn_v4764.dll
2008-09-03 22:37:33 ----A---- C:\WINDOWS\system32\igxpdx32.dll
2008-09-03 22:37:27 ----AC---- C:\WINDOWS\system32\igxpun.exe
2008-09-03 22:37:27 ----AC---- C:\WINDOWS\system32\difxapi.dll
2008-09-03 21:05:06 ----AC---- C:\WINDOWS\system32\igfxext.exe
2008-09-03 21:05:06 ----AC---- C:\WINDOWS\system32\igfxexps.dll
2008-09-03 21:04:38 ----RAC---- C:\WINDOWS\system32\ialmgdev.dll
2008-09-03 21:04:38 ----RAC---- C:\WINDOWS\system32\iAlmCoIn_v3847.dll
2008-09-03 21:04:36 ----RAC---- C:\WINDOWS\system32\ialmgicd.dll
2008-09-03 21:04:35 ----RAC---- C:\WINDOWS\system32\ialmrem.dll
2008-09-03 21:04:04 ----RAC---- C:\WINDOWS\system32\igfxhk.dll
2008-09-03 21:04:04 ----AC---- C:\WINDOWS\system32\igfxress.dll
2008-09-03 21:04:04 ----AC---- C:\WINDOWS\system32\hkcmd.exe
2008-09-03 21:04:03 ----AC---- C:\WINDOWS\system32\igfxzoom.exe
2008-09-03 21:04:03 ----AC---- C:\WINDOWS\system32\igfxtray.exe
2008-09-03 21:04:02 ----AC---- C:\WINDOWS\system32\igfxdo.dll
2008-09-03 21:04:02 ----AC---- C:\WINDOWS\system32\igfxdev.dll
2008-09-03 21:04:01 ----RAC---- C:\WINDOWS\system32\igfxdiag.exe
2008-09-03 21:04:01 ----RAC---- C:\WINDOWS\system32\igfxdgps.dll
2008-09-03 21:04:01 ----AC---- C:\WINDOWS\system32\igfxcfg.exe
2008-09-03 21:04:00 ----RAC---- C:\WINDOWS\system32\igfxeud.dll
2008-09-03 21:03:59 ----AC---- C:\WINDOWS\system32\igfxsrvc.dll
2008-09-03 21:03:59 ----AC---- C:\WINDOWS\system32\igfxpph.dll
2008-09-03 21:03:58 ----RAC---- C:\WINDOWS\system32\ialmdd5.dll
2008-09-03 21:03:58 ----AC---- C:\WINDOWS\system32\hccutils.dll
2008-09-03 21:03:57 ----RAC---- C:\WINDOWS\system32\ialmrnt5.dll
2008-09-03 21:03:57 ----RAC---- C:\WINDOWS\system32\ialmdnt5.dll
2008-09-03 21:03:57 ----RAC---- C:\WINDOWS\system32\ialmdev5.dll
2008-09-03 19:32:34 ----AC---- C:\WINDOWS\OpPrintServer.INI
2008-09-03 19:30:19 ----D---- C:\Program Files\Canon
2008-09-03 18:34:09 ----D---- C:\Program Files\RegCure
2008-09-03 16:53:35 ----D---- C:\Program Files\Registry Mechanic
2008-08-29 08:05:25 ----D---- C:\Program Files\Common Files\Ahead
2008-08-29 08:05:25 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-29 07:07:49 ----D---- C:\Documents and Settings\STEVE\Application Data\Ahead
2008-08-28 00:24:53 ----D---- C:\Program Files\Unibrain
2008-08-28 00:20:42 ----D---- C:\Program Files\MSXML 4.0
2008-08-27 16:34:11 ----AC---- C:\WINDOWS\system32\wuaueng.dll.wusetup.57397843.new
2008-08-27 01:13:16 ----D---- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-08-27 01:01:51 ----D---- C:\Program Files\Common Files\LightScribe
2008-08-27 00:58:50 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2008-08-27 00:56:37 ----D---- C:\Program Files\Nero
2008-08-27 00:55:45 ----AC---- C:\WINDOWS\system32\d3dx9_30.dll
2008-08-27 00:55:44 ----AC---- C:\WINDOWS\system32\d3dx9_28.dll
2008-08-27 00:52:45 ----AC---- C:\WINDOWS\lgfwup.ini
2008-08-27 00:52:42 ----AC---- C:\WINDOWS\system32\VB6KO.DLL
2008-08-27 00:52:42 ----AC---- C:\WINDOWS\system32\lgfwunis.exe
2008-08-27 00:52:40 ----D---- C:\Program Files\lg_fwupdate
2008-08-27 00:45:03 ----D---- C:\Program Files\CyberLink
2008-08-22 08:01:47 ----D---- C:\Program Files\Spyware Doctor
2008-08-22 08:01:47 ----D---- C:\Documents and Settings\STEVE\Application Data\PC Tools
2008-08-22 00:15:30 ----D---- C:\Program Files\Microsoft Windows Script
2008-08-22 00:01:22 ----D---- C:\Program Files\Microsoft IntelliType Pro
2008-08-20 23:05:25 ----D---- C:\Program Files\Common Files\PC Tools
2008-08-19 09:35:54 ----AC---- C:\WINDOWS\system32\CSVer.dll
2008-08-19 01:43:24 ----D---- C:\Program Files\Microsoft IntelliPoint
2008-08-19 01:39:03 ----AC---- C:\WINDOWS\SkyTel.exe
2008-08-19 01:39:02 ----AC---- C:\WINDOWS\system32\ChCfg.exe
2008-08-19 01:38:29 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2008-08-19 01:38:29 ----A---- C:\WINDOWS\RtlUpd.exe
2008-08-19 01:38:26 ----A---- C:\WINDOWS\MicCal.exe
2008-08-19 01:38:25 ----D---- C:\Program Files\Realtek
2008-08-19 01:38:25 ----A---- C:\WINDOWS\ALCWZRD.EXE
2008-08-19 01:38:25 ----A---- C:\WINDOWS\ALCMTR.EXE
2008-08-19 01:38:05 ----A---- C:\WINDOWS\RtlExUpd.dll
2008-08-19 01:32:06 ----D---- C:\Program Files\Intel Desktop Board
2008-08-19 01:31:02 ----D---- C:\Intel

======List of files/folders modified in the last 3 months======

2008-11-18 23:19:33 ----D---- C:\WINDOWS\Prefetch
2008-11-18 23:19:22 ----D---- C:\Documents and Settings\STEVE\Application Data\FrostWire
2008-11-18 23:15:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-18 22:09:07 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-18 11:29:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-18 03:45:22 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-11-18 01:16:20 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-18 01:12:51 ----D---- C:\WINDOWS\system32
2008-11-18 01:12:50 ----D---- C:\WINDOWS\system32\en-US
2008-11-18 01:12:17 ----D---- C:\WINDOWS\Media
2008-11-18 01:12:16 ----HD---- C:\WINDOWS\inf
2008-11-18 01:12:16 ----D---- C:\WINDOWS\Help
2008-11-18 01:12:14 ----D---- C:\Program Files\Internet Explorer
2008-11-18 01:12:08 ----D---- C:\WINDOWS
2008-11-18 01:11:13 ----RD---- C:\Program Files
2008-11-17 23:55:43 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-17 23:39:12 ----SD---- C:\WINDOWS\Tasks
2008-11-17 23:36:52 ----D---- C:\WINDOWS\system32\drivers
2008-11-17 23:29:38 ----D---- C:\WINDOWS\Debug
2008-11-16 01:02:44 ----SHD---- C:\WINDOWS\Installer
2008-11-16 01:02:43 ----D---- C:\WINDOWS\security
2008-11-15 22:00:52 ----SHD---- C:\System Volume Information
2008-11-15 22:00:52 ----D---- C:\WINDOWS\system32\Restore
2008-11-12 22:42:01 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 22:41:06 ----D---- C:\WINDOWS\WinSxS
2008-11-11 23:33:16 ----A---- C:\WINDOWS\system.ini
2008-11-11 23:30:41 ----D---- C:\WINDOWS\AppPatch
2008-11-11 23:30:41 ----D---- C:\Program Files\Common Files
2008-11-11 23:23:48 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-11 23:23:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-11 23:12:08 ----D---- C:\WINDOWS\system32\config
2008-11-11 21:23:48 ----D---- C:\Program Files\FrostWire
2008-11-11 19:57:26 ----D---- C:\WINDOWS\system32\wbem
2008-11-11 19:57:24 ----D---- C:\WINDOWS\Registration
2008-11-11 08:50:26 ----D---- C:\WINDOWS\Minidump
2008-11-10 23:35:25 ----RSD---- C:\WINDOWS\Fonts
2008-11-10 23:34:47 ----D---- C:\WINDOWS\system
2008-11-10 23:34:23 ----RASH---- C:\boot.ini
2008-11-10 23:30:40 ----AC---- C:\WINDOWS\win.ini
2008-11-08 10:53:33 ----D---- C:\WINDOWS\system32\RTCOM
2008-11-08 10:53:14 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-08 10:52:15 ----A---- C:\WINDOWS\HideWin.exe
2008-11-07 19:40:26 ----AC---- C:\WINDOWS\iun6002.exe
2008-11-07 01:58:02 ----D---- C:\Program Files\backups
2008-11-05 20:24:23 ----D---- C:\Documents and Settings\STEVE\Application Data\Adobe
2008-11-05 20:24:23 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-04 00:46:16 ----HD---- C:\$AVG8.VAULT$
2008-11-03 19:10:25 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-11-03 07:38:35 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-02 19:03:50 ----SD---- C:\Documents and Settings\STEVE\Application Data\Microsoft
2008-11-02 16:29:52 ----RSD---- C:\WINDOWS\assembly
2008-11-02 16:29:09 ----D---- C:\WINDOWS\system32\URTTemp
2008-11-02 12:04:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-02 11:35:49 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-02 01:15:09 ----AC---- C:\WINDOWS\NeroDigital.ini
2008-10-30 23:23:37 ----D---- C:\Program Files\CramMaster
2008-10-30 23:23:36 ----D---- C:\Program Files\Microsoft Pro Photo Tools
2008-10-30 23:23:34 ----D---- C:\Program Files\Windows Media Connect
2008-10-30 21:15:42 ----D---- C:\WINDOWS\system32\FxsTmp
2008-10-22 22:37:01 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-20 14:57:39 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-19 10:31:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-19 09:53:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-16 19:43:29 ----D---- C:\WINDOWS\system32\DirectX
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 20:39:09 ----D---- C:\WINDOWS\ie7updates
2008-10-14 14:00:02 ----D---- C:\Program Files\Virtual Earth 3D
2008-10-10 23:44:28 ----D---- C:\Program Files\Adobe
2008-10-10 01:32:38 ----D---- C:\WINDOWS\pss
2008-10-09 14:54:26 ----A---- C:\WINDOWS\RTHDCPL.EXE
2008-10-08 21:51:53 ----D---- C:\Program Files\Common Files\Adobe
2008-10-04 18:04:00 ----D---- C:\Program Files\Google
2008-10-04 01:49:35 ----AC---- C:\WINDOWS\ODBC.INI
2008-10-04 01:45:16 ----AC---- C:\WINDOWS\vbaddin.ini
2008-09-24 10:52:10 ----D---- C:\Program Files\Windows Media Player
2008-09-23 01:26:13 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-20 09:13:50 ----D---- C:\Program Files\Windows Desktop Search
2008-09-19 07:07:27 ----HD---- C:\WINDOWS\ShellNew
2008-09-19 07:07:03 ----D---- C:\Program Files\Common Files\System
2008-09-19 06:55:44 ----D---- C:\Program Files\MSBuild
2008-09-19 06:55:22 ----D---- C:\Program Files\Microsoft Office
2008-09-19 06:51:07 ----D---- C:\Program Files\Microsoft ActiveSync
2008-09-17 20:38:41 ----D---- C:\WINDOWS\twain_32
2008-09-12 20:34:10 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-09-09 20:14:56 ----AC---- C:\WINDOWS\system32\msxml6.dll
2008-09-04 23:49:57 ----D---- C:\WINDOWS\nvidia icons
2008-09-04 12:15:04 ----A---- C:\WINDOWS\system32\msxml3.dll
2008-09-04 08:06:58 ----D---- C:\WINDOWS\Downloaded Installations
2008-09-03 22:37:27 ----D---- C:\WINDOWS\system32\Lang
2008-09-03 22:14:01 ----AC---- C:\WINDOWS\Ascd_tmp.ini
2008-09-03 16:47:46 ----D---- C:\CtDriverInstTemp
2008-09-03 07:55:55 ----D---- C:\WINDOWS\system32\IS_F_screensaver dir
2008-09-03 07:55:10 ----D---- C:\Program Files\Creative
2008-08-29 00:48:09 ----D---- C:\WINDOWS\nview
2008-08-26 02:24:28 ----C---- C:\WINDOWS\system32\extmgr.dll
2008-08-26 01:03:23 ----D---- C:\Program Files\Starry Night Backyard
2008-08-22 03:15:56 ----N---- C:\WINDOWS\system32\ieframe.dll.mui
2008-08-22 03:14:40 ----N---- C:\WINDOWS\system32\advpack.dll.mui
2008-08-22 03:10:34 ----N---- C:\WINDOWS\system32\ieframe.dll
2008-08-22 03:09:32 ----N---- C:\WINDOWS\system32\mshtml.dll
2008-08-22 03:08:22 ----N---- C:\WINDOWS\system32\WinFXDocObj.exe
2008-08-22 03:08:22 ----N---- C:\WINDOWS\system32\urlmon.dll
2008-08-22 03:08:08 ----N---- C:\WINDOWS\system32\webcheck.dll
2008-08-22 03:08:06 ----N---- C:\WINDOWS\system32\wininet.dll
2008-08-22 03:08:00 ----N---- C:\WINDOWS\system32\licmgr10.dll
2008-08-22 03:07:58 ----N---- C:\WINDOWS\system32\url.dll
2008-08-22 03:07:50 ----N---- C:\WINDOWS\system32\occache.dll
2008-08-22 03:07:50 ----N---- C:\WINDOWS\system32\msrating.dll
2008-08-22 03:07:08 ----N---- C:\WINDOWS\system32\corpol.dll
2008-08-22 03:06:58 ----N---- C:\WINDOWS\system32\jsproxy.dll
2008-08-22 03:06:44 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-22 03:06:40 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-08-22 03:06:36 ----N---- C:\WINDOWS\system32\vbscript.dll
2008-08-22 03:06:36 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-08-22 03:06:30 ----N---- C:\WINDOWS\system32\jscript.dll
2008-08-22 03:06:30 ----N---- C:\WINDOWS\system32\admparse.dll
2008-08-22 03:06:24 ----N---- C:\WINDOWS\system32\iesetup.dll
2008-08-22 03:06:24 ----N---- C:\WINDOWS\system32\ieakui.dll
2008-08-22 03:06:24 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-22 03:06:24 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-08-22 03:06:20 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-08-22 03:06:16 ----N---- C:\WINDOWS\system32\inseng.dll
2008-08-22 03:06:16 ----N---- C:\WINDOWS\system32\advpack.dll
2008-08-22 03:06:02 ----N---- C:\WINDOWS\system32\iertutil.dll
2008-08-22 03:05:48 ----N---- C:\WINDOWS\system32\msfeeds.dll
2008-08-22 03:05:34 ----N---- C:\WINDOWS\system32\mstime.dll
2008-08-22 03:05:24 ----N---- C:\WINDOWS\system32\iepeers.dll
2008-08-22 03:05:22 ----N---- C:\WINDOWS\system32\msfeedssync.exe
2008-08-22 03:05:22 ----N---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-22 03:05:20 ----N---- C:\WINDOWS\system32\icardie.dll
2008-08-22 03:05:16 ----N---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-22 03:05:14 ----N---- C:\WINDOWS\system32\pngfilt.dll
2008-08-22 03:05:14 ----N---- C:\WINDOWS\system32\imgutil.dll
2008-08-22 03:05:10 ----N---- C:\WINDOWS\system32\dxtrans.dll
2008-08-22 03:05:08 ----N---- C:\WINDOWS\system32\mshtmled.dll
2008-08-22 03:05:00 ----N---- C:\WINDOWS\system32\mshtmler.dll
2008-08-22 03:04:54 ----N---- C:\WINDOWS\system32\mshta.exe
2008-08-22 02:58:12 ----N---- C:\WINDOWS\system32\ieui.dll
2008-08-22 02:57:56 ----N---- C:\WINDOWS\system32\msls31.dll
2008-08-22 02:42:22 ----N---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-22 01:36:58 ----D---- C:\Program Files\Intel
2008-08-20 23:00:25 ----D---- C:\Program Files\PCPitstop
2008-08-20 22:33:15 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-10 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-12 26824]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-04 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-04 2560]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-10-26 21035]
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2008-06-02 8413]
R2 ubsbm;Unibrain 1394 SBM Driver; C:\WINDOWS\system32\DRIVERS\ubsbm.sys [2005-07-27 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver; C:\WINDOWS\system32\DRIVERS\ubumapi.sys [2005-07-27 36352]
R3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2007-11-07 171152]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\system32\drivers\gearaspiwdm.sys [2006-11-14 15664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-13 4879360]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760]
R3 ubohci;Unibrain 1394 OHCI Driver; C:\WINDOWS\system32\DRIVERS\ubohci.sys [2005-07-27 77056]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S2 LXARScan;Lexmark X73 MFP Scanner; C:\WINDOWS\System32\Drivers\Lxarscan.sys [2001-10-12 18024]
S2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Belkin700F;Belkin Wireless G Desktop Card Service v7; C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys [2006-10-18 303616]
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS []
S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
S3 KBCAM;JamC@m USB service; C:\WINDOWS\System32\Drivers\KBCAM.sys [2001-02-06 16384]
S3 MovRVDrv32;MovRVDrv32; C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2008-09-12 3768]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-01-07 6016]
S3 PD1030VID;Creative WebCam Pro; C:\WINDOWS\system32\DRIVERS\p1030vid.sys [2002-05-20 167673]
S3 RT61;Belkin RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2008-09-12 23096]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-10 231704]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-04 168432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-07-30 73728]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-10 28160]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

 

I see you put IE8 on. Maybe it replaced that file. Did the rename/copy procedure work? IE Control panel accessible now?

 

No Luck

I tried IE8, but was not impressed yet. I went back to Firefox. The copy and paste did work. Will I have to do this every time i get updates?

 

Well, I don't know. I'll try searching around to see if there's a known cause for it yet, and better yet, a fix for it.

 

Fyi

Just so you know, the rename and copy didn't work. I had to delete the system32 file and paste a i386 copy.

 

Do that search again from post #21 please. Need to verify the correct copy is in the dllcache.

 

search post

Volume in drive C is System Master
Volume Serial Number is 2C11-5164

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 07:00 AM 358,400 inetcpl.cpl
1 File(s) 358,400 bytes

Directory of C:\WINDOWS\ie7

04/13/2008 07:12 PM 360,960 inetcpl.cpl
1 File(s) 360,960 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 07:12 PM 360,960 inetcpl.cpl
1 File(s) 360,960 bytes

Directory of C:\WINDOWS\system32

04/13/2008 07:12 PM 360,960 inetcpl.cpl
1 File(s) 360,960 bytes

Directory of C:\WINDOWS\system32\dllcache

04/13/2008 07:12 PM 360,960 inetcpl.cpl
1 File(s) 360,960 bytes

 

Thanks. I'll be sure to let you know if I find any information regarding this behavior.