My computer is infected, and I don't know what it is.

Hello, This is my first post. Bear with me I'm not very skilled with computers. My computer was infected 3 days ago. The start, and icons are gone, the background picture is all that's left. I can get on with alt ctrl del, I'm redirected most of the time, mainly if I'm going to a anti virus site. I've tried to run Malwarebytes, Super Anti Spywear, and it won't let me. I'm cut off sometimes, this the second time I've written this. It hasn't slowed it down very much, if any, but things are running strangely. Thanks for your help, and a great site. God Bless!

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explaination about the tool. No input is needed, the scan is running.
• Notepad will open with the results.
• Follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Hello, thanks for your reply. I had to have my computer, since nothing except combofix would run I ran it. About 20 infections were removed. Then I was able to reload Malwarebytes Pro, it removed Trojan.Dropper 18928, Trojan.Sirefef 41203, Trojan.Downloader 76377, Trojan.Sirefef 84172, Trojan.Agent 60513, Worm.Autorun.B. I reinstalled SUPERAntiSpyware Pro. The main problem I have now is no start, taskbar, or icons on my desktop just the background. I've tried Ctrl-Esc and it dosen't work. Safe mode is the same with a black screen. Thanks so much for a great site!

Hi cowboyup,



Welcome to BleepingComputer HijackThis Logs and Malware Removal,
My name is sundavis, I will be helping you to deal with your Malware problems today.

I suppose you had run Combofix and the system should have installed Recovery Console. If yes, please do the following:
Please save the following instructions into Notepad and print it out as this webpage would not be available when you're carrying out the process.

1. Restart your computer
2. Before Windows loads, you will be prompted to choose which Operating System to start.
3. Use the up and down arrow key to select Microsoft Windows Recovery Console.
4. You must enter which Windows installation to log onto. Type 1 and press enter.
5. At the C:\Windows prompt, type the following bolded text, and press Enter:

cd erdnt\hiv-backup

6. At the next prompt, type the following bolded text, and press Enter:

batch erdnt.con

7. The erunt backups will begin copying.
8. At the next prompt, type the following bolded text, and press Enter:

exit

Windows will now begin loading.

If the system can boot into Windows, please do the following:

Step1

Please download GMER Rootkit Scanner from Here or Here.

• Extract the contents of the zipped file to desktop.
• Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

After that, please rerun DDS as instructed in post #2, post the logs and tell me the problems you're experencing now. Thanks

Hello sundavis,

Thanks for the help. I tried to get the file, from the Recovery Console. It said: The system cannot find the file or directory specified. Here is the Gmer scan. I hope I did this correctly, not much experience. Thanks, cowboyup

Hi cowboyup,

After that, please rerun DDS as instructed in post #2, post the logs and tell me the problems you're experencing now. Thanks

It seems that the Win32k.sys rootket was gone. Do you have any remaining issues on your system?

The main problem I have now is no start, taskbar, or icons on my desktop just the background

It seems that you can run programs in your current status. If that's the case, you don't need to run Recovery Console any more.
Please downlad this file and this one on your desktop, double click it one by one and follow the prompt. When done, Restart your pc.
If the problem still persists, Please go to --> C:\Windows\ERDNT\Hiv-Backup\ERDNT.exe double click on erdnt.exe and this will restore the erunt backup. After that, please do the following:


Step1

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

In your next reply, please post back:

1.RSIT log.txt and info.txt.

Please detail the problems you're experiencing now. Thanks

Hi sundavis,

I tried everything you ask me to do, and still no start, taskbar or icons. That'2 the first time I've gone into C drive but it seemed to be right. I rebooted with the changes.

Hi sundavis,

I tried everything you ask me to do, and still no start, taskbar or icons. That'2 the first time I've gone into C drive but it seemed to be right. I rebooted with the changes.


I can't get the attachment to upload?? Sorry about 3 post!

Hi cowboyup,

I can't get the attachment to upload?? Sorry about 3 post

Please post the logs directily into this thread. Copy and paste the contents into this thread, not uploading. Can you go to ERDNT to restore the backup? Do you have XP installation disc handy?

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mike Sorenson at 2009-11-11 09:46:22
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 30 GB (78%) free of 38 GB
Total RAM: 760 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:27 AM, on 11/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mike Sorenson\Local Settings\Temporary Internet Files\Content.IE5\UPZ4TPCK\RSIT[1].exe
C:\Program Files\trend micro\Mike Sorenson.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EPSON Stylus CX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_S2AF.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\DOCUME~1\MIKESO~1\LOCALS~1\Temp\SAS_SelfExtract\program.com
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GoToAssist Express Expert] "C:\Program Files\Citrix\GoToAssist Express Expert\185\g2ax_start.exe" "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - Startup: KFDA Weather Link.lnk = C:\Program Files\KFDA Weather Link\liveonline_2279950.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\DOCUME~1\MIKESO~1\LOCALS~1\Temp\F-Secure\BlackLight\fsblsrv.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

--
End of file - 7524 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Mike Sorenson.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for user.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Mike Sorenson.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for user.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure Startup.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}]
eBay Toolbar Helper - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll [2009-03-19 525552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-10-10 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-07 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-07 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-08 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{92085AD4-F48A-450D-BD93-B28CC7DF67CE} - eBay Toolbar - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll [2009-03-19 525552]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-07 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-21 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-21 126976]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"eBayToolbar"=C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe [2009-03-19 632048]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-10-10 198160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"EPSON Stylus CX5000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE [2006-02-14 131072]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-08 149280]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]
"Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-11-07 122880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2009-09-07 251336]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2002-01-01 39408]
"SUPERAntiSpyware"=C:\DOCUME~1\MIKESO~1\LOCALS~1\Temp\SAS_SelfExtract\program.com [2009-09-15 1998576]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"GoToAssist Express Expert"=C:\Program Files\Citrix\GoToAssist Express Expert\185\g2ax_start.exe [2009-11-02 77176]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe [2009-10-14 3217368]

C:\Documents and Settings\Mike Sorenson\Start Menu\Programs\Startup
KFDA Weather Link.lnk - C:\Program Files\KFDA Weather Link\liveonline_2279950.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-06-21 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=55924053
"NoDriveTypeAutoRun"=323
"NoBandCustomize"=0
"NoMovingBands"=0
"NoCloseDragDropBands"=0
"NoActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoRun"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-11-10 21:40:20 ----D---- C:\Program Files\trend micro
2009-11-10 21:40:19 ----D---- C:\rsit
2009-11-09 03:39:30 ----D---- C:\Program Files\SUPERAntiSpyware
2009-11-09 03:38:16 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-09 02:29:09 ----D---- C:\Program Files\Uniblue
2009-11-08 23:08:10 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-08 23:08:10 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-08 23:08:10 ----A---- C:\WINDOWS\system32\java.exe
2009-11-08 23:07:40 ----D---- C:\Program Files\Java
2009-11-08 23:06:06 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-11-08 20:35:07 ----A---- C:\WINDOWS\BDTSupport.dll
2009-11-08 20:35:06 ----A---- C:\WINDOWS\SGDetectionTool.dll
2009-11-08 20:35:06 ----A---- C:\WINDOWS\PCTBDRes.dll
2009-11-08 20:35:06 ----A---- C:\WINDOWS\PCTBDCore.dll
2009-11-08 20:27:53 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\PC Tools
2009-11-08 20:27:53 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-11-08 08:24:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-11-07 15:02:34 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-11-07 15:00:23 ----D---- C:\Program Files\Windows Defender
2009-11-07 13:54:50 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\Registry Mechanic
2009-11-07 13:49:42 ----D---- C:\Program Files\Registry Mechanic
2009-11-07 13:38:34 ----D---- C:\Program Files\netmeeting
2009-11-07 04:02:35 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\Digital Support
2009-11-06 21:53:03 ----D---- C:\WINDOWS\system32\XPSViewer
2009-11-06 21:52:57 ----D---- C:\Program Files\MSBuild
2009-11-06 21:52:44 ----D---- C:\Program Files\Reference Assemblies
2009-11-06 21:52:02 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-11-06 21:52:01 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-11-06 21:52:01 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-11-06 21:52:01 ----D---- C:\ee63a9dc6e857bcb6570007bf5294f
2009-11-06 17:18:38 ----RASHD---- C:\cmdcons
2009-11-06 17:16:50 ----A---- C:\WINDOWS\zip.exe
2009-11-06 17:16:50 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-06 17:16:50 ----A---- C:\WINDOWS\SWSC.exe
2009-11-06 17:16:50 ----A---- C:\WINDOWS\SWREG.exe
2009-11-06 17:16:50 ----A---- C:\WINDOWS\sed.exe
2009-11-06 17:16:50 ----A---- C:\WINDOWS\PEV.exe
2009-11-06 17:16:50 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-06 17:16:50 ----A---- C:\WINDOWS\MBR.exe
2009-11-06 17:16:50 ----A---- C:\WINDOWS\grep.exe
2009-11-06 17:16:42 ----D---- C:\WINDOWS\ERDNT
2009-11-06 17:03:47 ----D---- C:\Qoobox
2009-11-05 13:10:43 ----A---- C:\RootRepeal report 11-05-09 (13-10-43).txt
2009-11-05 12:44:38 ----D---- C:\Program Files\Runtime Software
2009-11-05 12:30:08 ----D---- C:\Program Files\Cobian Backup 8
2009-11-05 12:27:13 ----D---- C:\Program Files\Cobian Backup 9
2009-11-05 10:05:10 ----D---- C:\Program Files\Common Files\PC Tools
2009-11-05 09:46:30 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\ArcSoft
2009-11-05 08:29:53 ----D---- C:\Documents and Settings\All Users\Application Data\RegCure
2009-11-05 03:30:55 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\Leadertech
2009-11-05 03:30:53 ----D---- C:\EPSONREG
2009-11-05 03:22:52 ----D---- C:\Program Files\ArcSoft
2009-11-05 03:22:52 ----A---- C:\WINDOWS\PCDLIB32.DLL
2009-11-05 03:22:26 ----A---- C:\WINDOWS\system32\PICSDK2.dll
2009-11-05 03:22:26 ----A---- C:\WINDOWS\system32\PICSDK.ini
2009-11-05 03:22:25 ----A---- C:\WINDOWS\system32\PICSDK.dll
2009-11-05 03:22:25 ----A---- C:\WINDOWS\system32\PICEntry.dll
2009-11-05 03:22:25 ----A---- C:\WINDOWS\system32\EpPicPrt.dll
2009-11-05 03:22:25 ----A---- C:\WINDOWS\system32\EpPicMgr.dll
2009-11-05 03:21:37 ----A---- C:\WINDOWS\EPSTPLOG.TXT
2009-11-05 03:21:37 ----A---- C:\WINDOWS\EPSMTL32.TXT
2009-11-05 03:20:45 ----A---- C:\WINDOWS\EP_CX5000.ini
2009-11-05 03:20:11 ----D---- C:\Program Files\EPSON
2009-11-05 03:20:02 ----A---- C:\WINDOWS\system32\E_FLBBVA.DLL
2009-11-05 03:20:02 ----A---- C:\WINDOWS\system32\E_FD4BBVA.DLL
2009-11-05 03:20:01 ----A---- C:\WINDOWS\system32\EAL32.INI
2009-11-05 03:20:01 ----A---- C:\WINDOWS\system32\EAL32.DLL
2009-11-05 03:20:01 ----A---- C:\WINDOWS\system32\EAL.EXE
2009-11-05 03:17:48 ----A---- C:\WINDOWS\system32\escwiad.dll
2009-11-05 01:43:46 ----RSD---- C:\WINDOWS\assembly
2009-11-05 01:43:04 ----D---- C:\WINDOWS\Microsoft.NET
2009-11-04 05:34:03 ----D---- C:\Program Files\ieSpell
2009-11-04 04:55:11 ----A---- C:\RootRepeal report 11-04-09 (04-55-11).txt
2009-11-03 14:45:27 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\IObit
2009-11-02 23:15:55 ----D---- C:\Program Files\FileASSASSIN
2009-11-02 21:57:37 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\Malwarebytes
2009-11-02 21:57:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-02 21:57:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-02 15:57:04 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-02 13:58:58 ----D---- C:\Program Files\Citrix
2009-11-01 22:29:02 ----D---- C:\WINDOWS\Minidump
2009-10-23 15:19:32 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\Help
2009-10-23 15:18:57 ----D---- C:\Program Files\AmmoGuide.com Ballistics Calculator
2009-10-22 09:23:25 ----A---- C:\WINDOWS\system32\muweb.dll
2009-10-22 09:23:25 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-10-22 09:23:25 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-10-22 01:13:48 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\WildTangent
2009-10-21 20:53:09 ----D---- C:\Program Files\Microsoft Silverlight
2009-10-19 21:30:07 ----A---- C:\WINDOWS\system32\kbdkor.dll
2009-10-19 21:30:07 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2009-10-19 21:30:07 ----A---- C:\WINDOWS\system32\kbd103.dll
2009-10-19 21:30:07 ----A---- C:\WINDOWS\system32\kbd101c.dll
2009-10-19 21:30:01 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-10-19 21:30:01 ----A---- C:\WINDOWS\system32\kbd101b.dll
2009-10-19 12:16:31 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-10-19 12:16:07 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-10-19 12:15:52 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-10-19 12:15:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-10-19 12:03:38 ----D---- C:\WINDOWS\Sun
2009-10-18 17:04:07 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-10-18 17:04:06 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-10-18 17:03:50 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-10-18 17:03:44 ----D---- C:\Program Files\Windows Media Connect 2
2009-10-18 17:03:28 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-10-18 17:02:39 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-10-18 17:02:10 ----D---- C:\WINDOWS\system32\LogFiles
2009-10-18 17:02:03 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-10-17 20:12:31 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-17 20:10:35 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\Sun
2009-10-15 22:00:37 ----D---- C:\Program Files\WildGames
2009-10-15 22:00:37 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent
2009-10-15 20:03:53 ----A---- C:\WINDOWS\system32\rave.dll
2009-10-15 20:03:53 ----A---- C:\WINDOWS\system32\qd3d.dll
2009-10-15 20:03:53 ----A---- C:\WINDOWS\system32\3DViewer.dll
2009-10-15 20:02:59 ----A---- C:\WINDOWS\uninst.exe
2009-10-15 20:00:51 ----A---- C:\WINDOWS\system32\SETBROWS.EXE
2009-10-15 20:00:51 ----A---- C:\WINDOWS\system32\ROBOEX32.DLL
2009-10-15 20:00:51 ----A---- C:\WINDOWS\system32\INETWH32.dll
2009-10-15 20:00:51 ----A---- C:\WINDOWS\system32\INETWH16.DLL
2009-10-15 20:00:51 ----A---- C:\WINDOWS\system32\CSH.DLL
2009-10-15 20:00:48 ----D---- C:\Program Files\Celestron
2009-10-15 20:00:20 ----D---- C:\Program Files\Common Files\InstallShield
2009-10-15 17:41:55 ----D---- C:\Documents and Settings\All Users\Application Data\EA
2009-10-15 16:16:29 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-15 16:14:52 ----D---- C:\Program Files\Oberon Media
2009-10-15 16:14:52 ----D---- C:\Program Files\Common Files\Oberon Media
2009-10-15 16:14:51 ----D---- C:\Program Files\IncrediGames
2009-10-14 04:31:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-14 04:29:54 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-14 04:29:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-14 04:29:45 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-14 04:29:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-14 04:29:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-14 04:29:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-14 04:29:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-14 04:29:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-13 08:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-10-13 08:22:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-10-13 08:22:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-10-13 08:22:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-10-12 16:33:23 ----D---- C:\WINDOWS\Prefetch
2009-10-12 16:19:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-10-12 16:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-10-12 16:19:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-10-12 16:18:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-10-12 16:18:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-10-12 16:18:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-10-12 16:18:25 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-10-12 16:18:17 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-10-12 16:18:08 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-10-12 16:17:58 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-12 16:17:48 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-10-12 16:17:40 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-10-12 16:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-10-12 16:17:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-10-12 16:17:16 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-10-12 16:17:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-10-12 16:17:00 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-10-12 16:16:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-10-12 16:16:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-10-12 16:16:35 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-10-12 16:16:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-10-12 16:16:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-10-12 16:16:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-10-12 16:15:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-10-12 16:15:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-10-12 16:15:41 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-10-12 16:15:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-10-12 16:15:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-10-12 16:15:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-10-12 16:15:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-10-12 16:15:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-10-12 16:14:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-10-12 16:14:46 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-10-12 16:14:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-10-12 16:14:31 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-10-12 16:14:24 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-10-12 16:14:15 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-10-12 16:09:46 ----D---- C:\WINDOWS\system32\scripting
2009-10-12 16:09:46 ----D---- C:\WINDOWS\l2schemas
2009-10-12 16:09:45 ----D---- C:\WINDOWS\system32\en
2009-10-12 16:09:45 ----D---- C:\WINDOWS\system32\bits
2009-10-12 16:05:00 ----D---- C:\WINDOWS\network diagnostic
2009-10-12 15:58:37 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-10-12 15:58:34 ----D---- C:\WINDOWS\EHome
2009-10-12 13:18:35 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$

======List of files/folders modified in the last 1 months======

2009-11-10 23:46:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-10 23:46:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-10 23:40:55 ----D---- C:\WINDOWS\Temp
2009-11-10 23:39:10 ----D---- C:\WINDOWS\system32
2009-11-10 23:39:07 ----D---- C:\WINDOWS
2009-11-10 21:40:20 ----RD---- C:\Program Files
2009-11-10 21:28:12 ----D---- C:\WINDOWS\system32\config
2009-11-10 19:40:32 ----SD---- C:\WINDOWS\Tasks
2009-11-09 03:39:40 ----SHD---- C:\WINDOWS\Installer
2009-11-09 03:38:16 ----D---- C:\Program Files\Common Files
2009-11-09 02:32:29 ----SD---- C:\Documents and Settings\Mike Sorenson\Application Data\Microsoft
2009-11-08 20:28:28 ----D---- C:\WINDOWS\WinSxS
2009-11-08 20:28:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-11-08 20:28:21 ----D---- C:\WINDOWS\system32\drivers
2009-11-08 08:31:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-08 08:24:45 ----HD---- C:\WINDOWS\inf
2009-11-08 08:24:41 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-08 08:24:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-07 17:02:04 ----D---- C:\WINDOWS\Help
2009-11-07 15:00:23 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-11-07 13:21:12 ----SHD---- C:\RECYCLER
2009-11-07 01:01:03 ----D---- C:\WINDOWS\AppPatch
2009-11-07 00:33:30 ----D---- C:\Program Files\Google
2009-11-06 22:35:45 ----D---- C:\WINDOWS\addins
2009-11-06 21:52:53 ----RSD---- C:\WINDOWS\Fonts
2009-11-06 21:52:21 ----D---- C:\WINDOWS\system32\spool
2009-11-06 21:49:15 ----D---- C:\Program Files\Internet Explorer
2009-11-06 17:18:45 ----RASH---- C:\boot.ini
2009-11-05 09:44:47 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-11-05 03:22:51 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-05 03:17:49 ----D---- C:\WINDOWS\twain_32
2009-11-05 01:43:10 ----D---- C:\WINDOWS\system32\mui
2009-11-05 01:43:04 ----D---- C:\WINDOWS\pchealth
2009-11-04 03:00:59 ----A---- C:\WINDOWS\imsins.BAK
2009-11-04 03:00:30 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-04 00:30:13 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\Uniblue
2009-11-02 15:57:54 ----D---- C:\Documents and Settings
2009-11-01 22:30:01 ----D---- C:\WINDOWS\mui
2009-11-01 22:26:39 ----D---- C:\WINDOWS\Connection Wizard
2009-11-01 22:26:39 ----D---- C:\WINDOWS\Config
2009-10-30 11:30:41 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-29 13:23:58 ----A---- C:\WINDOWS\BRWMARK.INI
2009-10-22 03:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-18 17:03:59 ----D---- C:\Program Files\Windows Media Player
2009-10-18 17:03:52 ----A---- C:\WINDOWS\win.ini
2009-10-15 20:00:51 ----D---- C:\Program Files\Common Files\System
2009-10-14 03:32:10 ----A---- C:\WINDOWS\OEWABLog.txt
2009-10-12 16:33:34 ----A---- C:\WINDOWS\setuplog.txt
2009-10-12 16:32:53 ----D---- C:\WINDOWS\system32\Setup
2009-10-12 16:32:53 ----D---- C:\Program Files\Messenger
2009-10-12 16:32:52 ----D---- C:\WINDOWS\system32\wbem
2009-10-12 16:32:21 ----D---- C:\WINDOWS\security
2009-10-12 16:18:59 ----D---- C:\Program Files\Outlook Express
2009-10-12 16:09:58 ----D---- C:\WINDOWS\ime
2009-10-12 16:09:47 ----D---- C:\WINDOWS\system32\usmt
2009-10-12 16:09:47 ----D---- C:\WINDOWS\system32\en-US
2009-10-12 16:09:45 ----D---- C:\WINDOWS\PeerNet
2009-10-12 16:09:45 ----D---- C:\Program Files\Movie Maker
2009-10-12 16:07:43 ----D---- C:\WINDOWS\ServicePackFiles
2009-10-12 16:07:36 ----D---- C:\WINDOWS\system32\Restore
2009-10-12 16:07:36 ----D---- C:\WINDOWS\system32\npp
2009-10-12 16:07:35 ----D---- C:\WINDOWS\msagent
2009-10-12 16:07:33 ----D---- C:\WINDOWS\srchasst
2009-10-12 16:07:31 ----D---- C:\WINDOWS\system32\Com
2009-10-12 16:07:27 ----D---- C:\Program Files\Windows NT
2009-10-12 16:06:56 ----D---- C:\WINDOWS\system32\oobe
2009-10-12 16:06:54 ----D---- C:\WINDOWS\system
2009-10-12 16:02:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-10-12 10:33:01 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\DOCUME~1\MIKESO~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-01-24 4127488]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-21 807998]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-11-20 104320]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\MIKESO~1\LOCALS~1\Temp\catchme.sys []
S3 fsbl-standalone;F-Secure BlackLight Beta Engine Driver; \??\C:\DOCUME~1\MIKESO~1\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys []
S3 rootrepeal[1];rootrepeal[1]; \??\C:\WINDOWS\system32\drivers\rootrepeal[1].sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SASENUM;SASENUM; \??\C:\DOCUME~1\MIKESO~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-11 57344]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-08 153376]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-09-10 269648]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-10-14 583640]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor; C:\DOCUME~1\MIKESO~1\LOCALS~1\Temp\F-Secure\BlackLight\fsblsrv.exe []
S3 GameConsoleService;GameConsoleService; C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2009-10-15 238328]
S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2002-01-01 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Hi sundavis, how do I get to ERDNT? Now something I've never seen while typing this the hour glass comes up and adds one space at a time, maybe theres so much info. here? I don't have a installation disc. Thanks, cowboyup

Hi cowboyup,

how do I get to ERDNT?

You need to navigate to C:\Windows\ERDNT\Hiv-Backup folder and click the the green color of ERDNT.exe then it will restore the backups. If you can't locate Hiv-Backup folder, check if there is one folder named subs. If yes, go to subs folder and double click ERDNT.exe and it will restore backup as well.

If you still have problems to locate the Hiv-Backup folder or subs folder, please do the following:

Reboot into Recovery Console

At the C:\Windows prompt, type the following bolded command, and press Enter.

copy C:\WINDOWS\ServicePackFiles\i386\explorer.exe c:\windows\explorer.exe

The system may prompt:overwrite explorer.exe (yes/no/all)

Click yes to the prompt. Type exit and reboot your pc.

Let me know if start, taskbar or icons appear.

Please go to C:\rist folder and post back the content of info.txt in your next reply. Thanks

Hi sundavis, I just ran a Malwarebytes complete scan because my computer was acting strangely. Here is the log. I live on a ranch, and I need to go to town so I'll be back this afternoon. Thanks so much for your help, Cowboyup

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mike Sorenson at 2009-11-12 10:10:11
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 28 GB (72%) free of 38 GB
Total RAM: 760 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:15 AM, on 11/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\MIKESO~1\LOCALS~1\Temp\SAS_SelfExtract\program.com
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\KFDA Weather Link\liveonline_2279950.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mike Sorenson\Desktop\RSIT.exe
C:\Program Files\trend micro\Mike Sorenson.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fox.news.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EPSON Stylus CX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_S2AF.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\DOCUME~1\MIKESO~1\LOCALS~1\Temp\SAS_SelfExtract\program.com
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-789336058-2025429265-682003330-1004\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c (User 'user')
O4 - HKUS\S-1-5-21-789336058-2025429265-682003330-1004\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'user')
O4 - HKUS\S-1-5-21-789336058-2025429265-682003330-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'user')
O4 - Startup: KFDA Weather Link.lnk = C:\Program Files\KFDA Weather Link\liveonline_2279950.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\DOCUME~1\MIKESO~1\LOCALS~1\Temp\F-Secure\BlackLight\fsblsrv.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 8290 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Mike Sorenson.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for user.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Mike Sorenson.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for user.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure Startup.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}]
eBay Toolbar Helper - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll [2009-03-19 525552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-10-10 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-07 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-07 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-08 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{92085AD4-F48A-450D-BD93-B28CC7DF67CE} - eBay Toolbar - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll [2009-03-19 525552]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-07 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-21 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-21 126976]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"eBayToolbar"=C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe [2009-03-19 632048]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-10-10 198160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"EPSON Stylus CX5000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE [2006-02-14 131072]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-08 149280]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]
"Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-11-07 122880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2009-09-07 251336]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2002-01-01 39408]
"SUPERAntiSpyware"=C:\DOCUME~1\MIKESO~1\LOCALS~1\Temp\SAS_SelfExtract\program.com [2009-09-15 1998576]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

C:\Documents and Settings\Mike Sorenson\Start Menu\Programs\Startup
KFDA Weather Link.lnk - C:\Program Files\KFDA Weather Link\liveonline_2279950.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-06-21 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=55924053
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoRun"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-11-12 04:21:25 ----A---- C:\WINDOWS\Active Setup Log.txt
2009-11-12 04:14:29 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\MSNInstaller
2009-11-11 19:32:15 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-10 21:40:20 ----D---- C:\Program Files\trend micro
2009-11-10 21:40:19 ----D---- C:\rsit
2009-11-09 03:39:30 ----D---- C:\Program Files\SUPERAntiSpyware
2009-11-09 03:38:16 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-09 02:29:09 ----D---- C:\Program Files\Uniblue
2009-11-08 23:08:10 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-08 23:08:10 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-08 23:08:10 ----A---- C:\WINDOWS\system32\java.exe
2009-11-08 23:07:40 ----D---- C:\Program Files\Java
2009-11-08 23:06:06 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-11-08 20:35:07 ----A---- C:\WINDOWS\BDTSupport.dll
2009-11-08 20:35:06 ----A---- C:\WINDOWS\SGDetectionTool.dll
2009-11-08 20:35:06 ----A---- C:\WINDOWS\PCTBDRes.dll
2009-11-08 20:35:06 ----A---- C:\WINDOWS\PCTBDCore.dll
2009-11-08 20:27:53 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\PC Tools
2009-11-08 20:27:53 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-11-08 08:24:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-11-07 15:02:34 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-11-07 15:00:23 ----D---- C:\Program Files\Windows Defender
2009-11-07 13:54:50 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\Registry Mechanic
2009-11-07 13:49:42 ----D---- C:\Program Files\Registry Mechanic
2009-11-07 13:38:34 ----D---- C:\Program Files\netmeeting
2009-11-07 04:02:35 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\Digital Support
2009-11-06 21:53:03 ----D---- C:\WINDOWS\system32\XPSViewer
2009-11-06 21:52:57 ----D---- C:\Program Files\MSBuild
2009-11-06 21:52:44 ----D---- C:\Program Files\Reference Assemblies
2009-11-06 21:52:02 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-11-06 21:52:01 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-11-06 21:52:01 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-11-06 21:52:01 ----D---- C:\ee63a9dc6e857bcb6570007bf5294f
2009-11-06 17:18:38 ----RASHD---- C:\cmdcons
2009-11-06 17:16:50 ----A---- C:\WINDOWS\zip.exe
2009-11-06 17:16:50 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-06 17:16:50 ----A---- C:\WINDOWS\SWSC.exe
2009-11-06 17:16:50 ----A---- C:\WINDOWS\SWREG.exe
2009-11-06 17:16:50 ----A---- C:\WINDOWS\sed.exe
2009-11-06 17:16:50 ----A---- C:\WINDOWS\PEV.exe
2009-11-06 17:16:50 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-06 17:16:50 ----A---- C:\WINDOWS\MBR.exe
2009-11-06 17:16:50 ----A---- C:\WINDOWS\grep.exe
2009-11-06 17:16:42 ----D---- C:\WINDOWS\ERDNT
2009-11-06 17:03:47 ----D---- C:\Qoobox
2009-11-05 13:10:43 ----A---- C:\RootRepeal report 11-05-09 (13-10-43).txt
2009-11-05 12:44:38 ----D---- C:\Program Files\Runtime Software
2009-11-05 12:30:08 ----D---- C:\Program Files\Cobian Backup 8
2009-11-05 12:27:13 ----D---- C:\Program Files\Cobian Backup 9
2009-11-05 10:05:10 ----D---- C:\Program Files\Common Files\PC Tools
2009-11-05 09:46:30 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\ArcSoft
2009-11-05 08:29:53 ----D---- C:\Documents and Settings\All Users\Application Data\RegCure
2009-11-05 03:30:55 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\Leadertech
2009-11-05 03:30:53 ----D---- C:\EPSONREG
2009-11-05 03:22:52 ----D---- C:\Program Files\ArcSoft
2009-11-05 03:22:52 ----A---- C:\WINDOWS\PCDLIB32.DLL
2009-11-05 03:22:26 ----A---- C:\WINDOWS\system32\PICSDK2.dll
2009-11-05 03:22:26 ----A---- C:\WINDOWS\system32\PICSDK.ini
2009-11-05 03:22:25 ----A---- C:\WINDOWS\system32\PICSDK.dll
2009-11-05 03:22:25 ----A---- C:\WINDOWS\system32\PICEntry.dll
2009-11-05 03:22:25 ----A---- C:\WINDOWS\system32\EpPicPrt.dll
2009-11-05 03:22:25 ----A---- C:\WINDOWS\system32\EpPicMgr.dll
2009-11-05 03:21:37 ----A---- C:\WINDOWS\EPSTPLOG.TXT
2009-11-05 03:21:37 ----A---- C:\WINDOWS\EPSMTL32.TXT
2009-11-05 03:20:45 ----A---- C:\WINDOWS\EP_CX5000.ini
2009-11-05 03:20:11 ----D---- C:\Program Files\EPSON
2009-11-05 03:20:02 ----A---- C:\WINDOWS\system32\E_FLBBVA.DLL
2009-11-05 03:20:02 ----A---- C:\WINDOWS\system32\E_FD4BBVA.DLL
2009-11-05 03:20:01 ----A---- C:\WINDOWS\system32\EAL32.INI
2009-11-05 03:20:01 ----A---- C:\WINDOWS\system32\EAL32.DLL
2009-11-05 03:20:01 ----A---- C:\WINDOWS\system32\EAL.EXE
2009-11-05 03:17:48 ----A---- C:\WINDOWS\system32\escwiad.dll
2009-11-05 01:43:46 ----RSD---- C:\WINDOWS\assembly
2009-11-05 01:43:04 ----D---- C:\WINDOWS\Microsoft.NET
2009-11-04 05:34:03 ----D---- C:\Program Files\ieSpell
2009-11-04 04:55:11 ----A---- C:\RootRepeal report 11-04-09 (04-55-11).txt
2009-11-03 14:45:27 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\IObit
2009-11-02 23:15:55 ----D---- C:\Program Files\FileASSASSIN
2009-11-02 21:57:37 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\Malwarebytes
2009-11-02 21:57:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-02 21:57:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-02 15:57:04 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-02 13:58:58 ----D---- C:\Program Files\Citrix
2009-11-01 22:29:02 ----D---- C:\WINDOWS\Minidump
2009-10-23 15:19:32 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\Help
2009-10-23 15:18:57 ----D---- C:\Program Files\AmmoGuide.com Ballistics Calculator
2009-10-22 09:23:25 ----A---- C:\WINDOWS\system32\muweb.dll
2009-10-22 09:23:25 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-10-22 09:23:25 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-10-22 01:13:48 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\WildTangent
2009-10-19 21:30:07 ----A---- C:\WINDOWS\system32\kbdkor.dll
2009-10-19 21:30:07 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2009-10-19 21:30:07 ----A---- C:\WINDOWS\system32\kbd103.dll
2009-10-19 21:30:07 ----A---- C:\WINDOWS\system32\kbd101c.dll
2009-10-19 21:30:01 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-10-19 21:30:01 ----A---- C:\WINDOWS\system32\kbd101b.dll
2009-10-19 12:16:31 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-10-19 12:16:07 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-10-19 12:15:52 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-10-19 12:15:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-10-19 12:03:38 ----D---- C:\WINDOWS\Sun
2009-10-18 17:04:07 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-10-18 17:04:06 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-10-18 17:03:50 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-10-18 17:03:44 ----D---- C:\Program Files\Windows Media Connect 2
2009-10-18 17:03:28 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-10-18 17:02:39 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-10-18 17:02:10 ----D---- C:\WINDOWS\system32\LogFiles
2009-10-18 17:02:03 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-10-17 20:12:31 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-17 20:10:35 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\Sun
2009-10-15 22:00:37 ----D---- C:\Program Files\WildGames
2009-10-15 22:00:37 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent
2009-10-15 20:03:53 ----A---- C:\WINDOWS\system32\rave.dll
2009-10-15 20:03:53 ----A---- C:\WINDOWS\system32\qd3d.dll
2009-10-15 20:03:53 ----A---- C:\WINDOWS\system32\3DViewer.dll
2009-10-15 20:02:59 ----A---- C:\WINDOWS\uninst.exe
2009-10-15 20:00:51 ----A---- C:\WINDOWS\system32\SETBROWS.EXE
2009-10-15 20:00:51 ----A---- C:\WINDOWS\system32\ROBOEX32.DLL
2009-10-15 20:00:51 ----A---- C:\WINDOWS\system32\INETWH32.dll
2009-10-15 20:00:51 ----A---- C:\WINDOWS\system32\INETWH16.DLL
2009-10-15 20:00:51 ----A---- C:\WINDOWS\system32\CSH.DLL
2009-10-15 20:00:48 ----D---- C:\Program Files\Celestron
2009-10-15 20:00:20 ----D---- C:\Program Files\Common Files\InstallShield
2009-10-15 17:41:55 ----D---- C:\Documents and Settings\All Users\Application Data\EA
2009-10-15 16:16:29 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-15 16:14:52 ----D---- C:\Program Files\Oberon Media
2009-10-15 16:14:52 ----D---- C:\Program Files\Common Files\Oberon Media
2009-10-15 16:14:51 ----D---- C:\Program Files\IncrediGames
2009-10-14 04:31:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-14 04:29:54 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-14 04:29:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-14 04:29:45 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-14 04:29:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-14 04:29:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-14 04:29:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-14 04:29:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-14 04:29:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-13 08:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-10-13 08:22:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-10-13 08:22:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-10-13 08:22:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

======List of files/folders modified in the last 1 months======

2009-11-12 09:25:10 ----D---- C:\WINDOWS\Temp
2009-11-12 08:56:18 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-12 08:56:17 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-12 08:40:53 ----D---- C:\WINDOWS\system32\config
2009-11-12 08:40:41 ----D---- C:\WINDOWS\system32\wbem
2009-11-12 08:40:40 ----D---- C:\WINDOWS\Registration
2009-11-12 08:40:20 ----RD---- C:\Program Files\Internet Explorer
2009-11-12 08:40:15 ----D---- C:\WINDOWS\system32
2009-11-12 08:40:15 ----D---- C:\WINDOWS
2009-11-12 08:40:13 ----HD---- C:\WINDOWS\inf
2009-11-12 08:40:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-12 06:20:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-12 06:20:29 ----D---- C:\Program Files\Online Services
2009-11-12 06:18:55 ----A---- C:\WINDOWS\imsins.BAK
2009-11-12 05:46:25 ----D---- C:\WINDOWS\system32\en-US
2009-11-12 05:14:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-12 05:14:04 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-12 04:14:59 ----RD---- C:\Program Files
2009-11-12 02:45:16 ----SHD---- C:\WINDOWS\Installer
2009-11-12 02:44:42 ----D---- C:\WINDOWS\WinSxS
2009-11-12 01:39:05 ----D---- C:\WINDOWS\Prefetch
2009-11-11 23:15:23 ----D---- C:\WINDOWS\Help
2009-11-11 18:58:51 ----RASH---- C:\boot.ini
2009-11-10 19:40:32 ----SD---- C:\WINDOWS\Tasks
2009-11-09 03:38:16 ----D---- C:\Program Files\Common Files
2009-11-09 02:32:29 ----SD---- C:\Documents and Settings\Mike Sorenson\Application Data\Microsoft
2009-11-08 20:28:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-11-08 20:28:21 ----D---- C:\WINDOWS\system32\drivers
2009-11-07 15:00:23 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-11-07 13:21:12 ----SHD---- C:\RECYCLER
2009-11-07 01:01:03 ----D---- C:\WINDOWS\AppPatch
2009-11-07 00:33:30 ----D---- C:\Program Files\Google
2009-11-06 22:35:45 ----D---- C:\WINDOWS\addins
2009-11-06 21:52:53 ----RSD---- C:\WINDOWS\Fonts
2009-11-06 21:52:21 ----D---- C:\WINDOWS\system32\spool
2009-11-05 11:36:21 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-05 09:44:47 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-11-05 03:22:51 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-05 03:17:49 ----D---- C:\WINDOWS\twain_32
2009-11-05 01:43:10 ----D---- C:\WINDOWS\system32\mui
2009-11-05 01:43:04 ----D---- C:\WINDOWS\pchealth
2009-11-04 00:30:13 ----D---- C:\Documents and Settings\Mike Sorenson\Application Data\Uniblue
2009-11-03 13:25:30 ----D---- C:\WINDOWS\network diagnostic
2009-11-02 15:57:54 ----D---- C:\Documents and Settings
2009-11-01 22:30:01 ----D---- C:\WINDOWS\mui
2009-11-01 22:26:39 ----D---- C:\WINDOWS\Connection Wizard
2009-11-01 22:26:39 ----D---- C:\WINDOWS\Config
2009-10-30 11:30:41 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-29 13:23:58 ----A---- C:\WINDOWS\BRWMARK.INI
2009-10-22 03:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-18 17:03:59 ----D---- C:\Program Files\Windows Media Player
2009-10-18 17:03:52 ----A---- C:\WINDOWS\win.ini
2009-10-15 20:00:51 ----D---- C:\Program Files\Common Files\System
2009-10-14 03:32:10 ----A---- C:\WINDOWS\OEWABLog.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\DOCUME~1\MIKESO~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-01-24 4127488]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-21 807998]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-11-20 104320]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\MIKESO~1\LOCALS~1\Temp\catchme.sys []
S3 fsbl-standalone;F-Secure BlackLight Beta Engine Driver; \??\C:\DOCUME~1\MIKESO~1\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys []
S3 rootrepeal[1];rootrepeal[1]; \??\C:\WINDOWS\system32\drivers\rootrepeal[1].sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SASENUM;SASENUM; \??\C:\DOCUME~1\MIKESO~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-08 153376]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-09-10 269648]
S2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-11 57344]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor; C:\DOCUME~1\MIKESO~1\LOCALS~1\Temp\F-Secure\BlackLight\fsblsrv.exe []
S3 GameConsoleService;GameConsoleService; C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2009-11-09 238328]
S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2002-01-01 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Hi sundavis,
It's so good to have my desktop back!!!! Now when I click on Internet Explorer from my desktop, I'm redirected from my Fox news which is my home page, to cnet I don't think cnet has been downloaded and I can't find the on to remove it. My wife's side works fine, with no redirect. Thanks again, Cowboyup

Hi cowboyup,

It's so good to have my desktop back

This is the first stage we should do, but we still have some work to do. Please be patient and do exactly as instructed in the following. Thanks.


Step1

If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

• Close any open browsers
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Internet Explorer\iexplore.exe"=-

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop



Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.


Step2

I notice you have MBAM installed in your system, Please rerun it as instructed in the following. Update your virus definitions before proceeding. If you can't update the program, you can download the virus definitions from Here and install manually.

• Double Click mbam-setup.exe to install the application.
• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
• C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
• You can refer to this tutorial

Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


I also notice you have not any antivirus program installed in your system. it's somewhat naked surfing on the web and wide open to the malwares.

Please get the free one to install and scan your system. Update the virus definitions before proceeding.

AntiVir Free Edition


In your next reply, please post back:


1.ComboFix log
2.MBAM log

Tell me how things are going now.

Hi sundavis, Heres the files. Thanks, Cowboyup


ComboFix 09-11-13.04 - Mike Sorenson 11/12/2009 17:00.19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.760.521 [GMT -6:00]
Running from: c:\documents and settings\Mike Sorenson\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mike Sorenson\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-10-12 to 2009-11-12 )))))))))))))))))))))))))))))))
.

2009-11-12 14:40 . 2009-11-12 14:40 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-12 10:14 . 2009-11-12 10:14 1244648 ----a-w- c:\documents and settings\Mike Sorenson\Application Data\MSNInstaller\msnauins.exe
2009-11-12 10:14 . 2009-11-12 10:14 -------- d-----w- c:\documents and settings\Mike Sorenson\Application Data\MSNInstaller
2009-11-12 08:07 . 2009-11-12 08:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-11-12 00:16 . 2009-11-12 00:16 -------- d-----w- c:\documents and settings\Mike Sorenson\Local Settings\Application Data\PCHealth
2009-11-11 03:40 . 2009-11-12 16:48 -------- d-----w- c:\program files\trend micro
2009-11-11 03:40 . 2009-11-11 03:40 -------- d-----w- C:\rsit
2009-11-09 09:39 . 2009-11-09 09:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-09 09:38 . 2009-11-09 09:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-09 08:37 . 2009-11-09 08:37 67488 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-09 08:29 . 2009-11-09 08:29 -------- d-----w- c:\program files\Uniblue
2009-11-09 05:07 . 2009-11-09 05:07 -------- d-----w- c:\program files\Java
2009-11-09 05:06 . 2009-11-09 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-09 02:35 . 2009-10-08 17:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-09 02:35 . 2009-10-08 17:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-09 02:35 . 2009-10-08 17:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-09 02:35 . 2009-10-08 17:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-09 02:35 . 2009-10-02 20:19 1152470 ----a-w- c:\windows\UDB.zip
2009-11-09 02:35 . 2008-11-26 18:08 131 ----a-w- c:\windows\IDB.zip
2009-11-09 02:28 . 2009-09-24 14:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-09 02:28 . 2009-10-06 22:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-09 02:28 . 2009-09-23 22:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-09 02:28 . 2009-09-03 15:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-09 02:27 . 2009-11-09 02:27 -------- d-----w- c:\documents and settings\Mike Sorenson\Application Data\PC Tools
2009-11-09 02:27 . 2009-11-09 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-08 15:48 . 2009-11-08 15:48 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2009-11-07 21:02 . 2009-11-03 02:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-07 21:00 . 2009-11-07 21:00 -------- d-----w- c:\program files\Windows Defender
2009-11-07 19:54 . 2009-11-07 19:54 -------- d-----w- c:\documents and settings\Mike Sorenson\Application Data\Registry Mechanic
2009-11-07 10:02 . 2009-11-07 10:04 -------- d-----w- c:\documents and settings\Mike Sorenson\Application Data\Digital Support
2009-11-07 03:53 . 2009-11-07 03:53 -------- d-----w- c:\windows\system32\XPSViewer
2009-11-07 03:52 . 2009-11-07 03:52 -------- d-----w- c:\program files\MSBuild
2009-11-07 03:52 . 2009-11-07 03:52 -------- d-----w- c:\program files\Reference Assemblies
2009-11-07 03:52 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-07 03:52 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-07 03:52 . 2009-11-07 03:52 -------- d-----w- C:\ee63a9dc6e857bcb6570007bf5294f
2009-11-07 03:52 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-07 03:52 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-07 03:52 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-07 03:52 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-07 03:52 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-06 05:32 . 2009-11-09 05:06 152576 ----a-w- c:\documents and settings\Mike Sorenson\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-05 18:44 . 2009-11-05 18:44 -------- d-----w- c:\program files\Runtime Software
2009-11-05 18:30 . 2009-11-05 18:30 -------- d-----w- c:\program files\Cobian Backup 8
2009-11-05 18:27 . 2009-11-05 18:27 -------- d-----w- c:\program files\Cobian Backup 9
2009-11-05 16:05 . 2009-11-09 02:35 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-05 15:46 . 2009-11-05 15:46 -------- d-----w- c:\documents and settings\Mike Sorenson\Application Data\ArcSoft
2009-11-05 14:29 . 2009-11-05 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-11-05 10:07 . 2009-11-05 10:07 -------- d-----w- c:\documents and settings\Mike Sorenson\DoctorWeb
2009-11-05 09:30 . 2009-11-05 09:30 -------- d-----w- c:\documents and settings\Mike Sorenson\Application Data\Leadertech
2009-11-05 09:30 . 2009-11-05 09:30 -------- d-----w- C:\EPSONREG
2009-11-05 09:23 . 2005-02-23 20:58 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2009-11-05 09:20 . 2009-11-05 09:23 -------- d-----w- c:\program files\EPSON
2009-11-05 09:20 . 2006-04-05 07:05 73216 ----a-w- c:\windows\system32\E_FLBBVA.DLL
2009-11-05 09:20 . 2005-04-11 07:01 62976 ----a-w- c:\windows\system32\E_FD4BBVA.DLL
2009-11-05 09:20 . 2004-06-24 07:20 309760 ----a-w- c:\windows\system32\EAL32.DLL
2009-11-05 09:20 . 2004-03-12 07:30 82944 ----a-w- c:\windows\system32\EAL.EXE
2009-11-05 09:17 . 2006-03-20 06:00 63488 ----a-w- c:\windows\system32\escwiad.dll
2009-11-05 09:17 . 2008-04-13 19:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-05 09:17 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-04 11:34 . 2009-11-04 11:34 -------- d-----w- c:\program files\ieSpell
2009-11-04 10:40 . 2009-11-04 10:42 34816 ----a-w- c:\windows\system32\drivers\rootrepeal[1].sys
2009-11-03 20:45 . 2009-11-03 20:45 -------- d-----w- c:\documents and settings\Mike Sorenson\Application Data\IObit
2009-11-03 08:03 . 2009-11-03 08:03 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Threat Expert
2009-11-03 05:15 . 2009-11-03 05:15 -------- d-----w- c:\program files\FileASSASSIN
2009-11-03 03:57 . 2009-11-03 03:57 -------- d-----w- c:\documents and settings\Mike Sorenson\Application Data\Malwarebytes
2009-11-03 03:57 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-03 03:57 . 2009-11-03 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-03 03:57 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-03 03:57 . 2009-11-07 02:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-03 01:13 . 2009-11-03 01:13 -------- d-----w- c:\documents and settings\Mike Sorenson\Local Settings\Application Data\Threat Expert
2009-11-02 23:37 . 2009-11-02 23:37 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-02 22:20 . 2009-11-02 22:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\IM
2009-11-02 21:59 . 2009-11-02 21:59 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-11-02 21:59 . 2009-11-02 21:59 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-11-02 19:58 . 2009-11-12 06:56 -------- d-----w- c:\program files\Citrix
2009-11-02 19:58 . 2009-11-02 19:58 -------- d-----w- c:\documents and settings\Mike Sorenson\Local Settings\Application Data\Citrix
2009-11-02 19:58 . 2009-11-12 14:45 108920 ----a-w- c:\documents and settings\Mike Sorenson\g2ax_expert_downloadhelper_win32_x86.exe
2009-10-24 11:32 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-10-23 21:19 . 2009-10-23 21:19 -------- d-----w- c:\documents and settings\Mike Sorenson\Local Settings\Application Data\Help
2009-10-23 21:18 . 2009-10-23 21:19 -------- d-----w- c:\program files\AmmoGuide.com Ballistics Calculator
2009-10-22 17:12 . 2009-10-22 17:13 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Adobe
2009-10-22 15:23 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-22 15:23 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-10-22 07:13 . 2009-10-22 07:13 -------- d-----w- c:\documents and settings\Mike Sorenson\Application Data\WildTangent
2009-10-20 03:30 . 2001-08-18 03:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-10-20 03:30 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-10-20 03:30 . 2001-08-18 03:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-10-20 03:30 . 2001-08-18 03:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-10-20 03:30 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-10-20 03:30 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-10-20 03:30 . 2001-08-17 19:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-10-20 03:30 . 2001-08-17 19:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-10-20 03:30 . 2008-04-14 00:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-10-20 03:30 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-10-20 03:30 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-10-20 03:30 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-10-19 18:03 . 2009-10-19 18:03 -------- d-----w- c:\windows\Sun
2009-10-19 02:43 . 2009-11-12 06:37 1668920 ----a-w- c:\documents and settings\All Users\Application Data\WildTangent\Game Console - WildGames\Downloads\en-us\Installers\SetupGamesClient.exe
2009-10-18 23:03 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-10-18 23:03 . 2009-10-18 23:03 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-18 23:02 . 2009-10-18 23:02 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-10-18 23:02 . 2009-10-18 23:02 -------- d-----w- c:\windows\system32\LogFiles
2009-10-18 02:12 . 2009-11-09 05:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-18 02:11 . 2009-10-18 02:11 152576 ----a-w- c:\documents and settings\Mike Sorenson\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-16 04:02 . 2009-10-16 04:02 -------- d-----w- c:\documents and settings\user\Application Data\WildTangent
2009-10-16 04:00 . 2009-11-10 22:34 -------- d-----w- c:\program files\WildGames
2009-10-16 04:00 . 2009-10-19 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-10-16 02:03 . 1998-03-20 18:41 596992 ----a-w- c:\windows\system32\rave.dll
2009-10-16 02:03 . 1998-03-20 18:39 969216 ----a-w- c:\windows\system32\qd3d.dll
2009-10-16 02:03 . 1998-03-20 18:38 126976 ----a-w- c:\windows\system32\3DViewer.dll
2009-10-16 02:02 . 1998-03-20 18:01 299008 ----a-w- c:\windows\uninst.exe
2009-10-16 02:01 . 2009-10-16 02:01 -------- d-----w- c:\documents and settings\user\WINDOWS
2009-10-16 02:00 . 1998-10-27 17:08 317952 ----a-w- c:\windows\system32\ROBOEX32.DLL
2009-10-16 02:00 . 1998-10-20 22:05 54784 ----a-w- c:\windows\system32\INETWH32.dll
2009-10-16 02:00 . 1997-01-31 23:44 50176 ----a-w- c:\windows\system32\CSH.DLL
2009-10-16 02:00 . 1995-10-16 23:55 9136 ----a-w- c:\windows\system32\INETWH16.DLL
2009-10-16 02:00 . 1995-10-13 23:28 4528 ----a-w- c:\windows\system32\SETBROWS.EXE
2009-10-16 02:00 . 2009-10-16 02:00 -------- d-----w- c:\program files\Celestron
2009-10-16 02:00 . 2009-11-05 09:22 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-15 23:41 . 2009-10-15 23:41 -------- d-----w- c:\documents and settings\user\Application Data\EA
2009-10-15 23:41 . 2009-10-15 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\EA
2009-10-15 22:16 . 2009-11-12 15:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-15 22:14 . 2009-11-02 09:31 -------- d-----w- c:\program files\Oberon Media
2009-10-15 22:14 . 2009-10-15 22:14 -------- d-----w- c:\program files\Common Files\Oberon Media

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-09 09:45 . 2002-01-01 10:06 117760 ----a-w- c:\documents and settings\Mike Sorenson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-07 21:00 . 2002-01-01 09:23 13104 ----a-w- c:\documents and settings\Mike Sorenson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-07 06:33 . 2002-01-01 10:21 -------- d-----w- c:\program files\Google
2009-11-05 15:44 . 2009-10-08 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-05 09:22 . 2009-11-05 09:22 -------- d-----w- c:\program files\ArcSoft
2009-11-05 09:22 . 2002-01-01 10:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-04 06:30 . 2009-10-11 02:14 -------- d-----w- c:\documents and settings\Mike Sorenson\Application Data\Uniblue
2009-10-16 01:58 . 2002-01-01 08:24 13104 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-12 22:12 . 2002-01-01 08:43 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-12 02:33 . 2009-10-12 02:33 -------- d-----r- c:\documents and settings\Mike Sorenson\Application Data\Brother
2009-10-11 02:47 . 2009-10-11 02:46 -------- d-----w- c:\program files\Common Files\Real
2009-10-11 02:47 . 2009-10-11 02:47 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-11 02:46 . 2009-10-11 02:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-11 02:46 . 2009-10-11 02:46 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-11 02:46 . 2009-10-11 02:46 -------- d-----w- c:\program files\Real
2009-10-11 01:58 . 2009-10-11 00:33 -------- d-----w- c:\program files\YouTube Downloader
2009-10-10 18:32 . 2009-10-10 18:32 -------- d-----w- c:\program files\NOS
2009-10-09 03:44 . 2009-10-09 03:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-09 03:41 . 2009-10-09 03:41 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-09 03:39 . 2009-10-09 03:39 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-10-08 21:44 . 2009-10-08 21:44 117760 ----a-w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-08 21:43 . 2009-10-08 21:43 -------- d-----w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2009-10-08 20:46 . 2009-10-08 20:46 -------- d-----w- c:\documents and settings\user\Application Data\eBay
2009-10-08 06:03 . 2009-10-08 06:03 61440 ----a-w- c:\windows\uninstall.exe
2009-10-08 06:03 . 2009-10-08 06:03 -------- d-----w- c:\program files\KFDA Weather Link
2009-10-08 04:38 . 2009-10-08 04:38 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-10-08 04:38 . 2009-10-08 04:38 -------- d-----w- c:\program files\TBN
2009-09-29 18:19 . 2009-09-29 18:19 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-09-16 09:20 . 2009-11-09 02:28 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-15 12:20 . 2009-11-09 02:28 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-09-15 08:12 . 2009-11-09 02:28 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-15 07:01 . 2009-11-09 02:28 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-09-11 14:18 . 2004-08-12 14:01 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-12 14:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-12 14:09 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-12 14:06 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 21:00 . 2009-08-23 21:00 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-08-23 21:00 . 2009-08-23 21:00 426496 ------w- c:\windows\system32\imapi2.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-09-08 251336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2002-01-01 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2009-03-19 632048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-11 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-09 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-07 122880]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2007-04-16 577536]

c:\documents and settings\Mike Sorenson\Start Menu\Programs\Startup\
KFDA Weather Link.lnk - c:\program files\KFDA Weather Link\liveonline_2279950.exe [2009-10-8 454656]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/2/2009 9:57 PM 269648]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/2/2009 9:57 PM 19160]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\MIKESO~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\MIKESO~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\docume~1\MIKESO~1\LOCALS~1\Temp\F-Secure\BlackLight\fsblsrv.exe --> c:\docume~1\MIKESO~1\LOCALS~1\Temp\F-Secure\BlackLight\fsblsrv.exe [?]
S3 fsbl-standalone;F-Secure BlackLight Beta Engine Driver;\??\c:\docume~1\MIKESO~1\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys --> c:\docume~1\MIKESO~1\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys [?]
S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/12/2004 8:06 AM 14336]
S3 SASENUM;SASENUM;\??\c:\docume~1\MIKESO~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\MIKESO~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-11-12 c:\windows\Tasks\Malwarebytes' Scheduled Scan for user.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-11-03 20:53]

2009-11-12 c:\windows\Tasks\Malwarebytes' Scheduled Update for user.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-11-03 20:53]

2009-11-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fox.news.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-12 17:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ImagePath"="\??\c:\windows\system32\drivers\rootrepeal
[1].sys"


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rootrepeal[1]]
"ImagePath"="\??\c:\windows\system32\drivers\rootrepeal
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Mike Sorenson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

- - - - - - - > 'explorer.exe'(968)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\IncrediMail\bin\B4ImApp.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-12 17:09
ComboFix-quarantined-files.txt 2009-11-12 23:09
ComboFix2.txt 2009-11-12 22:32

Pre-Run: 32,168,636,416 bytes free
Post-Run: 32,161,714,176 bytes free

- - End Of File - - D1D1D29500E64417B5C54D530DBE1207
Malwarebytes' Anti-Malware 1.41
Database version: 3157
Windows 5.1.2600 Service Pack 3

11/12/2009 6:00:38 PM
mbam-log-2009-11-12 (18-00-38).txt

Scan type: Full Scan (C:\|)
Objects scanned: 150879
Time elapsed: 35 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{ADF7F316-A219-4AE3-914E-DDF82030AE17}\RP72\A0013482.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ADF7F316-A219-4AE3-914E-DDF82030AE17}\RP72\A0013567.sys (Rootkit.Agent) -> Quarantined and deleted successfully.