Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly infected, but, I don't know by what.


  • This topic is locked This topic is locked
21 replies to this topic

#1 Hercules1

Hercules1

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 10 April 2009 - 07:26 PM

My computer hangs and freezes every time I use it. It may take from 1 to 20 minutes to do so, but, will happen eventually. Even now, I'm concerned it's going to freeze. This problem started about 2 weeks ago. About 2 months ago, I had a few blue screens several days in a row, but, the blue screens suddenly stopped happening. Everything was fine until recently. The computer will freeze reguardless of what I'm doing. I can be on the internet or simply listening to a cd. It occurs much quicker when I watch a video like something on youtube. In the case of listening to a cd, the computer is non-responsive to any input, but, the music will continually repeat the last 1-2 seconds of whatever it was playing. I can eject the cd from either drive when it happens. Even with the cd ejected, it keeps playing the last 1-2 seconds while everything else remains non-responsive. In all cases, I can only turn the computer off by pressing and holding the power button. Honestly, I don't know if I'm dealing with an infection that slipped past security, or if I am having a component failure somewhere in the system. I tried registry programs like Registry Mechanic, but, nothing helps. I've run all my security software to no avail...Norton, CCleaner, Malwarebytes', etc. Please help me solve this, or at least determine what wrong. Following are the scans that were requested in the instructions for posting here. Also, I have included a scan from Advanced System Care that may help. Thanks for the help!!!


DDS (Ver_09-03-16.01) - NTFSx86
Run by Joe & Sherrie at 19:48:08.96 on Fri 04/10/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2486 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\SAgent4.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Joe & Sherrie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mWindow Title = Windows Internet Explorer provided by Comcast
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [EPSON Stylus CX6600 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /M "Stylus CX6600" /EF "HKCU"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [EPSON Stylus CX6600 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\update
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} - hxxp://www.mushkin.com/_detect/InSPECS3_0.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.6.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120202317515
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135311071515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - hxxp://www.trendmicro.com/spyware-scan/as4web.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://zone.msn.com/bingame/feed/default/SproutLauncher.cab
DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} - hxxp://download.verizon.net/sfp/Cabs/hst/webinstall/HstWebInstall.cab
DPF: {E70CAD52-48BA-40DC-A417-9EE3693F1954} - hxxp://www.patriotmem.com/configurator/MemoryControl.ocx
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-21 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951632]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]
R2 UnoInstallerService;Uno Installer;c:\program files\m-audio uno\UnoInst.exe [2007-1-19 106496]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090408.003\NAVENG.sys [2009-4-8 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090408.003\NAVEX15.sys [2009-4-8 876144]
S3 EVOLUSB;%EVOL_USB_SvcDesc%;c:\windows\system32\drivers\evolusb.sys [2007-1-19 21984]
S3 MAUSBBB;Service for M-Audio Black Box (WDM);c:\windows\system32\drivers\mausbbb.sys [2007-7-6 103296]
S4 MAudioBlackBoxService;M-Audio BlackBox Installer;c:\program files\m-audio\black box\MAUSBBBInst.exe [2007-7-6 57344]

=============== Created Last 30 ================

2009-04-09 00:04 <DIR> --d----- c:\windows\system32\HouseCall 6.6
2009-04-06 20:39 116,224 a------- c:\windows\system32\dllcache\xrxwiadr.dll
2009-04-06 20:37 53,760 a------- c:\windows\system32\dllcache\wiamsmud.dll
2009-04-06 20:36 687,999 a------- c:\windows\system32\dllcache\usrwdxjs.sys
2009-04-06 20:35 47,616 a------- c:\windows\system32\dllcache\umaxcam.dll
2009-04-06 20:34 123,995 a------- c:\windows\system32\dllcache\tjisdn.sys
2009-04-06 20:33 155,648 a------- c:\windows\system32\dllcache\stlnprop.dll
2009-04-06 20:32 147,200 a------- c:\windows\system32\dllcache\smidispb.dll
2009-04-06 20:31 68,608 a------- c:\windows\system32\dllcache\sis6306p.sys
2009-04-06 20:30 495,616 a------- c:\windows\system32\dllcache\sblfx.dll
2009-04-06 20:29 9,216 a------- c:\windows\system32\dllcache\rsmgrstr.dll
2009-04-06 20:28 17,792 a------- c:\windows\system32\dllcache\ppa.sys
2009-04-06 20:27 44,544 a------- c:\windows\system32\dllcache\ovui2.dll
2009-04-06 20:26 7,552 a------- c:\windows\system32\dllcache\nsmmc.sys
2009-04-06 20:25 19,968 a------- c:\windows\system32\dllcache\mxnic.sys
2009-04-06 20:24 8,320 a------- c:\windows\system32\dllcache\memcard.sys
2009-04-06 20:23 253,952 a------- c:\windows\system32\dllcache\kdsusd.dll
2009-04-06 20:22 154,496 a------- c:\windows\system32\dllcache\icam4usb.sys
2009-04-06 20:21 289,887 a------- c:\windows\system32\dllcache\hsf_fall.sys
2009-04-06 20:20 322,432 a------- c:\windows\system32\dllcache\g400m.sys
2009-04-06 20:19 347,550 a------- c:\windows\system32\dllcache\es56tpi.sys
2009-04-06 20:18 334,208 a------- c:\windows\system32\dllcache\ds1wdm.sys
2009-04-06 20:17 28,672 a------- c:\windows\system32\dllcache\cyycoins.dll
2009-04-06 20:16 66,082 a------- c:\windows\system32\dllcache\c_20108.nls
2009-04-06 20:15 762,780 a------- c:\windows\system32\dllcache\3cwmcru.sys
2009-04-06 20:15 53,376 a------- c:\windows\system32\dllcache\1394bus.sys
2009-04-06 20:15 11,264 a------- c:\windows\system32\dllcache\1394vdbg.sys
2009-04-06 20:15 7,168 a------- c:\windows\system32\dllcache\wamregps.dll
2009-04-06 20:15 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2009-04-06 20:15 19,968 a------- c:\windows\system32\dllcache\inetsloc.dll
2009-04-06 20:15 7,680 a------- c:\windows\system32\dllcache\inetmgr.exe
2009-04-06 20:15 169,984 a------- c:\windows\system32\dllcache\iisui.dll
2009-04-06 20:15 5,632 a------- c:\windows\system32\dllcache\iisrstap.dll
2009-04-06 20:15 14,336 a------- c:\windows\system32\dllcache\iisreset.exe
2009-04-06 20:15 6,144 a------- c:\windows\system32\dllcache\ftpsapi2.dll
2009-04-06 20:15 94,720 a------- c:\windows\system32\dllcache\certmap.ocx
2009-04-06 19:45 <DIR> --d----- c:\program files\IObit
2009-04-06 19:45 <DIR> --d----- c:\docume~1\joe&sh~1\applic~1\IObit
2009-04-03 01:10 <DIR> -cd-h--- c:\windows\ie8
2009-04-02 00:18 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-29 12:48 <DIR> --d----- c:\windows\system32\Adobe
2009-03-20 19:37 <DIR> --dsh--- c:\documents and settings\joe & sherrie\IECompatCache
2009-03-20 19:24 <DIR> --dsh--- c:\documents and settings\joe & sherrie\PrivacIE
2009-03-20 19:20 <DIR> --dsh--- c:\documents and settings\joe & sherrie\IETldCache
2009-03-20 19:18 <DIR> --d----- c:\windows\ie8updates
2009-03-20 19:14 105,984 -------- c:\windows\system32\dllcache\iecompat.dll
2009-03-14 23:26 <DIR> --d----- c:\program files\VideoLAN

==================== Find3M ====================

2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-10 22:18 934,792 -------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 -------- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\vgx.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\dllcache\corpol.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-04 01:00 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-04 01:00 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-25 18:58 3,565,568 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 18:58 3,565,568 a------- c:\windows\system32\dllcache\ati2mtag.sys
2009-02-25 17:42 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-02-25 17:41 325,120 a------- c:\windows\system32\ati2dvag.dll
2009-02-25 17:30 11,841,536 a------- c:\windows\system32\atioglxx.dll
2009-02-25 17:30 204,800 a------- c:\windows\system32\atipdlxx.dll
2009-02-25 17:29 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-02-25 17:29 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-02-25 17:29 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-02-25 17:29 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-02-25 17:27 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-02-25 17:26 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-02-25 17:16 3,817,984 a------- c:\windows\system32\ati3duag.dll
2009-02-25 17:09 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-02-25 16:59 2,670,080 a------- c:\windows\system32\ativvaxx.dll
2009-02-25 16:44 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-02-25 16:40 475,136 a------- c:\windows\system32\atikvmag.dll
2009-02-25 16:38 126,976 a------- c:\windows\system32\atiadlxx.dll
2009-02-25 16:38 17,408 a------- c:\windows\system32\atitvo32.dll
2009-02-25 16:37 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-02-25 16:35 290,816 a------- c:\windows\system32\atiok3x2.dll
2009-02-25 16:32 45,056 a------- c:\windows\system32\aticalrt.dll
2009-02-25 16:32 45,056 a------- c:\windows\system32\aticalcl.dll
2009-02-25 16:32 626,688 a------- c:\windows\system32\ati2cqag.dll
2009-02-25 16:30 3,227,648 a------- c:\windows\system32\aticaldd.dll
2009-02-25 15:15 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\dllcache\win32k.sys
2009-02-06 21:07 3,698,584 a------- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-26 13:55 182,995 a------- c:\windows\system32\atiicdxx.dat
2005-06-20 13:08 0 ac--h--- c:\docume~1\alluse~1\applic~1\gwseh.dat
2006-04-24 14:42 848 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-05-12 17:36 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051220080513\index.dat

============= FINISH: 19:48:54.21 ===============


Thanks again!!!

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:03:22 PM

Posted 24 April 2009 - 12:48 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 Hercules1

Hercules1
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 24 April 2009 - 08:50 PM

Thank you for helping! Following are the new dds scans you requested. The situation has not changed with my computer. It still freezes up, mostly when I attempt to watch a video (youtube is a good example) or even when I try to listen to a cd. It appears that most problems occur when trying to use the internet, but, freezing and even crashes can occur at any time. I did have a blue screen listing an IRQL NOT LESS THAN EQUAL error and have had some errors in the event monitor that showed many "unknown" reasons and some "IDE/Port 0 did not respond in the time" period errors, which I have no idea about because my hard drive is SATA. I'm hoping you can help me sort this problem out, or at least rule out an infection. Thank you!!!


DDS (Ver_09-03-16.01) - NTFSx86
Run by Joe & Sherrie at 21:28:37.84 on Fri 04/24/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2493 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Joe & Sherrie\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mWindow Title = Windows Internet Explorer provided by Comcast
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [EPSON Stylus CX6600 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /M "Stylus CX6600" /EF "HKCU"
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [EPSON Stylus CX6600 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\update
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} - hxxp://www.mushkin.com/_detect/InSPECS3_0.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.6.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120202317515
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135311071515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - hxxp://www.trendmicro.com/spyware-scan/as4web.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://zone.msn.com/bingame/feed/default/SproutLauncher.cab
DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} - hxxp://download.verizon.net/sfp/Cabs/hst/webinstall/HstWebInstall.cab
DPF: {E70CAD52-48BA-40DC-A417-9EE3693F1954} - hxxp://www.patriotmem.com/configurator/MemoryControl.ocx
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-21 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 953168]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]
R2 UnoInstallerService;Uno Installer;c:\program files\m-audio uno\UnoInst.exe [2007-1-19 106496]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090424.003\NAVENG.sys [2009-4-24 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090424.003\NAVEX15.sys [2009-4-24 876144]
S3 EVOLUSB;%EVOL_USB_SvcDesc%;c:\windows\system32\drivers\evolusb.sys [2007-1-19 21984]
S3 MAUSBBB;Service for M-Audio Black Box (WDM);c:\windows\system32\drivers\mausbbb.sys [2007-7-6 103296]
S4 MAudioBlackBoxService;M-Audio BlackBox Installer;c:\program files\m-audio\black box\MAUSBBBInst.exe [2007-7-6 57344]

=============== Created Last 30 ================

2009-04-19 23:26 53,248 a------- c:\windows\system32\CSVer.dll
2009-04-19 23:24 <DIR> --d----- C:\Intel
2009-04-14 18:14 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-09 00:04 <DIR> --d----- c:\windows\system32\HouseCall 6.6
2009-04-06 20:39 116,224 a------- c:\windows\system32\dllcache\xrxwiadr.dll
2009-04-06 20:37 53,760 a------- c:\windows\system32\dllcache\wiamsmud.dll
2009-04-06 20:36 687,999 a------- c:\windows\system32\dllcache\usrwdxjs.sys
2009-04-06 20:35 47,616 a------- c:\windows\system32\dllcache\umaxcam.dll
2009-04-06 20:34 123,995 a------- c:\windows\system32\dllcache\tjisdn.sys
2009-04-06 20:33 155,648 a------- c:\windows\system32\dllcache\stlnprop.dll
2009-04-06 20:32 147,200 a------- c:\windows\system32\dllcache\smidispb.dll
2009-04-06 20:31 68,608 a------- c:\windows\system32\dllcache\sis6306p.sys
2009-04-06 20:30 495,616 a------- c:\windows\system32\dllcache\sblfx.dll
2009-04-06 20:29 9,216 a------- c:\windows\system32\dllcache\rsmgrstr.dll
2009-04-06 20:28 17,792 a------- c:\windows\system32\dllcache\ppa.sys
2009-04-06 20:27 44,544 a------- c:\windows\system32\dllcache\ovui2.dll
2009-04-06 20:26 7,552 a------- c:\windows\system32\dllcache\nsmmc.sys
2009-04-06 20:25 19,968 a------- c:\windows\system32\dllcache\mxnic.sys
2009-04-06 20:24 8,320 a------- c:\windows\system32\dllcache\memcard.sys
2009-04-06 20:23 253,952 a------- c:\windows\system32\dllcache\kdsusd.dll
2009-04-06 20:22 154,496 a------- c:\windows\system32\dllcache\icam4usb.sys
2009-04-06 20:21 289,887 a------- c:\windows\system32\dllcache\hsf_fall.sys
2009-04-06 20:20 322,432 a------- c:\windows\system32\dllcache\g400m.sys
2009-04-06 20:19 347,550 a------- c:\windows\system32\dllcache\es56tpi.sys
2009-04-06 20:18 334,208 a------- c:\windows\system32\dllcache\ds1wdm.sys
2009-04-06 20:17 28,672 a------- c:\windows\system32\dllcache\cyycoins.dll
2009-04-06 20:16 66,082 a------- c:\windows\system32\dllcache\c_20108.nls
2009-04-06 20:15 762,780 a------- c:\windows\system32\dllcache\3cwmcru.sys
2009-04-06 20:15 53,376 a------- c:\windows\system32\dllcache\1394bus.sys
2009-04-06 20:15 11,264 a------- c:\windows\system32\dllcache\1394vdbg.sys
2009-04-06 20:15 7,168 a------- c:\windows\system32\dllcache\wamregps.dll
2009-04-06 20:15 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2009-04-06 20:15 19,968 a------- c:\windows\system32\dllcache\inetsloc.dll
2009-04-06 20:15 7,680 a------- c:\windows\system32\dllcache\inetmgr.exe
2009-04-06 20:15 169,984 a------- c:\windows\system32\dllcache\iisui.dll
2009-04-06 20:15 5,632 a------- c:\windows\system32\dllcache\iisrstap.dll
2009-04-06 20:15 14,336 a------- c:\windows\system32\dllcache\iisreset.exe
2009-04-06 20:15 6,144 a------- c:\windows\system32\dllcache\ftpsapi2.dll
2009-04-06 20:15 94,720 a------- c:\windows\system32\dllcache\certmap.ocx
2009-04-06 19:45 <DIR> --d----- c:\program files\IObit
2009-04-06 19:45 <DIR> --d----- c:\docume~1\joe&sh~1\applic~1\IObit
2009-04-03 01:10 <DIR> -cd-h--- c:\windows\ie8
2009-04-02 00:18 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-29 12:48 <DIR> --d----- c:\windows\system32\Adobe

==================== Find3M ====================

2009-04-21 19:54 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-21 19:54 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-21 10:06 989,696 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 22:18 934,792 -------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 -------- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\vgx.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\dllcache\corpol.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\dllcache\pdh.dll
2009-02-28 00:55 105,984 -------- c:\windows\system32\dllcache\iecompat.dll
2009-02-25 18:58 3,565,568 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 18:58 3,565,568 a------- c:\windows\system32\dllcache\ati2mtag.sys
2009-02-25 17:42 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-02-25 17:41 325,120 a------- c:\windows\system32\dllcache\ati2dvag.dll
2009-02-25 17:41 325,120 a------- c:\windows\system32\ati2dvag.dll
2009-02-25 17:30 11,841,536 a------- c:\windows\system32\atioglxx.dll
2009-02-25 17:30 204,800 a------- c:\windows\system32\atipdlxx.dll
2009-02-25 17:29 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-02-25 17:29 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-02-25 17:29 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-02-25 17:29 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-02-25 17:27 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-02-25 17:26 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-02-25 17:16 3,817,984 a------- c:\windows\system32\dllcache\ati3duag.dll
2009-02-25 17:16 3,817,984 a------- c:\windows\system32\ati3duag.dll
2009-02-25 17:09 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-02-25 16:59 2,670,080 a------- c:\windows\system32\dllcache\ativvaxx.dll
2009-02-25 16:59 2,670,080 a------- c:\windows\system32\ativvaxx.dll
2009-02-25 16:44 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-02-25 16:40 475,136 a------- c:\windows\system32\atikvmag.dll
2009-02-25 16:38 126,976 a------- c:\windows\system32\atiadlxx.dll
2009-02-25 16:38 17,408 a------- c:\windows\system32\atitvo32.dll
2009-02-25 16:37 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-02-25 16:35 290,816 a------- c:\windows\system32\atiok3x2.dll
2009-02-25 16:32 45,056 a------- c:\windows\system32\aticalrt.dll
2009-02-25 16:32 45,056 a------- c:\windows\system32\aticalcl.dll
2009-02-25 16:32 626,688 a------- c:\windows\system32\dllcache\ati2cqag.dll
2009-02-25 16:32 626,688 a------- c:\windows\system32\ati2cqag.dll
2009-02-25 16:30 3,227,648 a------- c:\windows\system32\aticaldd.dll
2009-02-25 15:15 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\dllcache\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\dllcache\advapi32.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 473,600 a------- c:\windows\system32\dllcache\fastprox.dll
2009-02-09 08:10 453,120 a------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\dllcache\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 21:07 3,698,584 a------- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:11 110,592 a------- c:\windows\system32\dllcache\services.exe
2009-02-06 07:08 2,189,056 a------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 07:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 07:06 2,145,280 a------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 06:39:08 A------- 35,328 c:\windows\system32\dllcache\sc.exe
2006-04-24 14:42 848 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-05-12 17:36 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051220080513\index.dat

============= FINISH: 21:29:29.37 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/5/2005 5:13:30 PM
System Uptime: 4/24/2009 9:14:54 PM (0 hours ago)

Motherboard: Dell Inc. | | 0U7077
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 47.75 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 4/2/2009 12:15:39 AM - System Checkpoint
RP2: 4/2/2009 12:18:26 AM - Software Distribution Service 3.0
RP3: 4/2/2009 1:25:13 AM - Installed Windows XP WgaNotify.
RP4: 4/2/2009 6:19:26 PM - Software Distribution Service 3.0
RP5: 4/2/2009 9:19:13 PM - Made by Registry Mechanic O
RP6: 4/3/2009 1:11:17 AM - Installed Windows Internet Explorer 8.
RP7: 4/3/2009 1:12:03 AM - Software Distribution Service 3.0
RP8: 4/5/2009 12:49:51 AM - System Checkpoint
RP9: 4/5/2009 2:44:17 PM - Made by Registry Mechanic O
RP10: 4/6/2009 5:21:09 PM - Software Distribution Service 3.0
RP11: 4/6/2009 5:35:22 PM - Removed Java™ SE Runtime Environment 6 Update 1
RP12: 4/6/2009 5:35:51 PM - Removed Java™ 6 Update 2
RP13: 4/6/2009 5:36:18 PM - Removed Java™ 6 Update 3
RP14: 4/6/2009 5:36:54 PM - Removed Java™ 6 Update 5
RP15: 4/6/2009 5:37:22 PM - Removed Java™ 6 Update 7
RP16: 4/6/2009 5:37:50 PM - Removed Java™ SE Runtime Environment 6
RP17: 4/6/2009 6:05:14 PM - Removed Java™ 6 Update 12
RP18: 4/6/2009 6:07:06 PM - Installed Java™ 6 Update 13
RP19: 4/6/2009 7:46:18 PM - Advanced SystemCare RestorePoint
RP20: 4/6/2009 11:17:05 PM - Installed Java™ 6 Update 13
RP21: 4/6/2009 11:19:01 PM - Installed Java™ 6 Update 13
RP22: 4/7/2009 10:40:12 PM - Made by Registry Mechanic O
RP23: 4/8/2009 10:55:33 PM - Made by Registry Mechanic O
RP24: 4/9/2009 9:37:41 PM - Made by Registry Mechanic O
RP25: 4/10/2009 5:36:50 PM - Installed ATI Catalyst Control Center
RP26: 4/10/2009 5:37:58 PM - Installed ATI Catalyst Registration
RP27: 4/10/2009 5:38:19 PM - Installed World of Warcraft FREE Trial
RP28: 4/10/2009 5:45:03 PM - Removed World of Warcraft FREE Trial
RP29: 4/11/2009 2:30:25 PM - Restore Operation
RP30: 4/11/2009 3:55:16 PM - Fixed e-mail
RP31: 4/12/2009 10:38:46 PM - System Checkpoint
RP32: 4/13/2009 5:01:33 PM - Software Distribution Service 3.0
RP33: 4/13/2009 10:51:45 PM - Made by Registry Mechanic O
RP34: 4/14/2009 6:15:57 PM - Software Distribution Service 3.0
RP35: 4/15/2009 12:59:26 AM - Installed Windows XP KB915800-v4.
RP36: 4/15/2009 12:59:40 AM - Installed Windows XP Windows Search 4.0.
RP37: 4/16/2009 1:23:38 AM - System Checkpoint
RP38: 4/17/2009 1:45:04 AM - System Checkpoint
RP39: 4/17/2009 10:20:17 PM - Made by Registry Mechanic O
RP40: 4/18/2009 10:48:33 PM - System Checkpoint
RP41: 4/20/2009 9:17:06 PM - System Checkpoint
RP42: 4/22/2009 7:00:46 PM - System Checkpoint
RP43: 4/22/2009 7:14:40 PM - Software Distribution Service 3.0
RP44: 4/22/2009 7:38:31 PM - Made by Registry Mechanic O
RP45: 4/23/2009 5:36:36 PM - Software Distribution Service 3.0

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
ABBYY FineReader 5.0 Sprint Plus
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 8.1.4
Adobe Shockwave Player 11.5
Advanced SystemCare 3
AmpliTube 2 Live
ASIO4ALL
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
AutoUpdate
Banctec Service Agreement
Bespelled
Black Box
Broadcom Advanced Control Suite 2
CardRd81
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner (remove only)
CCScore
CleanUp!
CR2
Critical Update for Windows Media Player 11 (KB959772)
Debugging Tools for Windows (x86)
Dell Driver Reset Tool
Dell Support 5.0.0 (630)
Dell System Restore
Desktop Doctor
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab Decrypter 2.9.7.0
EPSON CardMonitor
EPSON Copy Utility 3
EPSON CX6600 Reference Guide
EPSON PhotoStarter3.2
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
getPlus®_ocx
Google Earth
Google Toolbar for Internet Explorer
HD Tune 2.55
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
HLPIndex
HLPRFO
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel Application Accelerator
Intel® 537EP V9x DF PCI Modem
Internet Explorer Default Page
Kodak EasyShare software
KSU
LimeWire 5.1.2
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Flash Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Event Monitor
Modem Helper
Modem On Hold
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
My Way Search Assistant
Nero 7 Ultra Edition
neroxml
Notifier
OTtBP
OTtBPSDK
Photo Click
QuickTime
RealPlayer Basic
Registry Mechanic 8.0
RiffWorks Standard
ScanToWeb
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SereneScene Marine Aquarium 2
SFR
SHASTA
SKIN0001
Skins
SKINXSDK
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Symantec AntiVirus Client
Uno
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
WebFldrs XP
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 11
Windows PowerShell™ 1.0
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
WIRELESS
WordPerfect Office 12
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

4/23/2009 2:13:51 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

==== End Of File ===========================

Thanks again for the help!!!

#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:22 PM

Posted 25 April 2009 - 02:24 PM

Hi Hercules1,



We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, then please do the following.


Step1

Please download GMER Rootkit Scanner from Here or Here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Step2
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


In your next reply, please post back:

1.GMER log
2.RSIT log.txt and info.txt.Thanks.

#5 Hercules1

Hercules1
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 25 April 2009 - 07:58 PM

Here's the GMER log and RSIT log.txt and info.txt you requested. I had a little trouble with RSIT. It downloaded fine and appeared to run fine. But, after it started running, a screen appeared asking to to accept the terms of use. When I clicked "I accept," I got an error message from HijackThis asking to submit a report about the error to help them make HijackThis better. The following is the error message...

Error details:

An unexpected error has occured at procedure: modRegistry_IniGetString(sFile=system.ini, sSection=boot, sValue=Shell)

Error #5 - Invalid procedure call or argument

Windows version: Windows NT 5.01.2600
MSIE version: 8.0.6001.18702
HijackThis version: 2.0.2

I don't know if the error will help you diagnose the problem with my computer, but, I thought you should know it happened. Also, it still ran the HijackThis scan and produced the log.txt and info.txt files you asked for.

Following are the items you requested...

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-25 20:39:20
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA17887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA178BFE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\iaStor \Device\Ide\iaStor0 89B9E5A0
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 89B9E5A0
Device \FileSystem\Fastfat \Fat 9F43CD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:780] 89C06B50
Thread System [4:784] 89BD5BA0
Thread System [4:788] 89C23DC0
Thread System [4:792] 89BE50E0
Thread System [4:2000] 89C06B50
Thread System [4:1344] 89BD5BA0
Thread System [4:280] 89C23DC0
Thread System [4:2268] 89BE50E0
Thread System [4:3692] 89C06B50
Thread System [4:3704] 89BD5BA0
Thread System [4:3028] 89C23DC0
Thread System [4:560] 89BE50E0

---- EOF - GMER 1.0.15 ----

Logfile of random's system information tool 1.06 (written by random/random)
Run by Joe & Sherrie at 2009-04-25 20:39:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 49 GB (67%) free of 72 GB
Total RAM: 3326 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:57 PM, on 4/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Joe & Sherrie\Desktop\RSIT.exe
C:\Program Files\trend micro\Joe & Sherrie.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /M "Stylus CX6600" /EF "HKCU"
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-104354634-2703226084-1685821995-500\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'Administrator')
O4 - HKUS\S-1-5-21-104354634-2703226084-1685821995-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-104354634-2703226084-1685821995-500\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Administrator')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housec...ivex/hcImpl.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} (InSPECS3_0 Control) - http://www.mushkin.com/_detect/InSPECS3_0.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.6.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120202317515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135311071515
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} - http://download.verizon.net/sfp/Cabs/hst/w...tWebInstall.cab
O16 - DPF: {E70CAD52-48BA-40DC-A417-9EE3693F1954} (Project1.UserControl1) - http://www.patriotmem.com/configurator/MemoryControl.ocx
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe

--
End of file - 11711 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-01-01 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-13 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-01-01 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"IAAnotif"=C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe [2004-03-23 135168]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-25 339968]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"EPSON Stylus CX6600 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE [2004-02-29 98304]
"vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [2003-05-21 90112]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-03-02 98304]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-05-28 570664]
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-04-21 516440]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2008-01-22 152872]
"EPSON Stylus CX6600 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE [2004-02-29 98304]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe [2008-07-08 2828184]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Black Box Helper]
C:\Program Files\M-Audio\Black Box\BlackBoxHelper.exe [2006-03-20 667648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe [2004-07-19 306688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
??? ? []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe [2006-03-20 99840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2005-03-02 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2005-03-02 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
??? ? []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-04 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2005-11-04 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE [2004-02-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2
"WmdmPmSN"=3
"UPS"=3
"TrkWks"=2
"SysmonLog"=3
"SCardSvr"=3
"RDSessMgr"=3
"MSDTC"=3
"mnmsrvc"=3
"FastUserSwitchingCompatibility"=3
"AppMgmt"=3
"AOL ACS"=2
"Fax"=2
"MAudioBlackBoxService"=2
"Ati HotKey Poller"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-25 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2003-05-21 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:AC3 audio (ac3)"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupXu.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupXu.exe:*:Enabled:MSI starter"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:MSI starter"
"C:\WINDOWS\SYSTEM32\FXSCLNT.EXE"="C:\WINDOWS\SYSTEM32\FXSCLNT.EXE:*:Disabled:Microsoft Fax Console"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-04-25 20:39:55 ----D---- C:\rsit
2009-04-25 20:39:55 ----D---- C:\Program Files\trend micro
2009-04-19 23:26:21 ----A---- C:\WINDOWS\system32\CSVer.dll
2009-04-19 23:24:17 ----D---- C:\Intel
2009-04-14 18:19:44 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-14 18:19:37 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-14 18:17:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-14 18:17:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-14 18:16:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-14 18:16:06 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-14 18:14:33 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-10 17:40:00 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2009-04-09 00:04:09 ----D---- C:\WINDOWS\system32\HouseCall 6.6
2009-04-09 00:00:28 ----SHD---- C:\WINDOWS\CSC
2009-04-06 19:45:06 ----D---- C:\Program Files\IObit
2009-04-06 19:45:06 ----D---- C:\Documents and Settings\Joe & Sherrie\Application Data\IObit
2009-04-03 01:10:49 ----HDC---- C:\WINDOWS\ie8
2009-04-02 00:19:36 ----D---- C:\WINDOWS\system32\windowspowershell
2009-04-02 00:19:34 ----HDC---- C:\WINDOWS\$NtUninstallKB926139-v2$
2009-04-02 00:18:50 ----D---- C:\Program Files\Common Files\Windows Live
2009-03-29 12:48:35 ----D---- C:\WINDOWS\system32\Adobe

======List of files/folders modified in the last 1 months======

2009-04-25 20:45:39 ----D---- C:\WINDOWS\Temp
2009-04-25 20:40:13 ----D---- C:\WINDOWS\Prefetch
2009-04-25 20:39:55 ----AD---- C:\Program Files
2009-04-25 17:47:26 ----D---- C:\WINDOWS
2009-04-25 17:29:33 ----SD---- C:\WINDOWS\Tasks
2009-04-25 17:27:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-25 17:26:32 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-23 23:45:59 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-04-22 22:17:43 ----RASH---- C:\BOOT.INI
2009-04-22 22:17:43 ----N---- C:\WINDOWS\WIN.INI
2009-04-22 22:17:43 ----N---- C:\WINDOWS\SYSTEM.INI
2009-04-22 21:59:01 ----D---- C:\Program Files\SpeedFan
2009-04-22 19:38:32 ----D---- C:\Program Files\Registry Mechanic
2009-04-22 01:09:36 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-21 22:39:16 ----D---- C:\WINDOWS\system32\DRIVERS
2009-04-21 22:02:14 ----HD---- C:\WINDOWS\INF
2009-04-21 22:02:09 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-21 19:54:16 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-04-19 23:26:21 ----D---- C:\WINDOWS\SYSTEM32
2009-04-19 23:26:21 ----D---- C:\Program Files\Intel
2009-04-19 18:45:49 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-19 18:34:37 ----D---- C:\Program Files\Common Files
2009-04-19 02:08:14 ----D---- C:\WINDOWS\Debug
2009-04-18 01:17:45 ----D---- C:\Documents and Settings\Joe & Sherrie\Application Data\Mozilla
2009-04-17 21:02:29 ----D---- C:\WINDOWS\system32\CONFIG
2009-04-15 00:59:44 ----D---- C:\Documents and Settings\Joe & Sherrie\Application Data\Windows Desktop Search
2009-04-15 00:59:41 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-14 23:48:44 ----D---- C:\WINDOWS\network diagnostic
2009-04-14 18:25:25 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-14 18:20:47 ----D---- C:\WINDOWS\system32\WBEM
2009-04-14 18:20:47 ----D---- C:\WINDOWS\AppPatch
2009-04-14 18:19:46 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-04-14 18:17:25 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-14 18:17:12 ----SHD---- C:\WINDOWS\Installer
2009-04-14 18:17:12 ----D---- C:\Config.Msi
2009-04-14 18:17:06 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-04-14 00:25:50 ----D---- C:\WINDOWS\Help
2009-04-10 17:37:41 ----RSD---- C:\WINDOWS\ASSEMBLY
2009-04-10 17:37:30 ----D---- C:\WINDOWS\WinSxS
2009-04-10 17:37:16 ----D---- C:\Program Files\ATI Technologies
2009-04-09 00:17:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-09 00:04:10 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-06 20:14:32 ----D---- C:\I386
2009-04-06 20:14:32 ----D---- C:\DELL
2009-04-06 20:06:03 ----D---- C:\WINDOWS\system32\BWKDLogs
2009-04-06 20:06:03 ----D---- C:\Documents and Settings\Joe & Sherrie\Application Data\Ahead
2009-04-06 20:06:02 ----D---- C:\WINDOWS\SECURITY
2009-04-06 20:06:02 ----D---- C:\Program Files\LimeWire
2009-04-06 20:06:02 ----D---- C:\Program Files\Internet Explorer
2009-04-06 20:06:02 ----D---- C:\HJT
2009-04-06 20:06:02 ----D---- C:\Documents and Settings
2009-04-06 20:06:01 ----D---- C:\Program Files\Common Files\Services
2009-04-06 20:05:59 ----D---- C:\Program Files\CleanUp!
2009-04-06 17:37:57 ----D---- C:\Program Files\Java
2009-04-06 10:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-03 01:13:24 ----D---- C:\WINDOWS\system32\en-US
2009-04-03 01:13:23 ----D---- C:\WINDOWS\Media
2009-04-03 01:12:21 ----D---- C:\WINDOWS\ie8updates
2009-04-02 21:22:37 ----D---- C:\Documents and Settings\Joe & Sherrie\Application Data\LimeWire
2009-04-02 21:19:44 ----D---- C:\WINDOWS\Minidump
2009-04-02 18:21:03 ----D---- C:\WINDOWS\Microsoft.NET
2009-04-02 00:18:27 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-02 00:15:32 ----SHD---- C:\System Volume Information
2009-04-02 00:15:32 ----D---- C:\WINDOWS\system32\Restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 SbcpHid;SbcpHid; \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys []
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-03-02 8552]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673]
R2 NAVAPEL;NAVAPEL; \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-25 3565568]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-01-27 150528]
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2006-01-24 18816]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-06 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-06 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-16 61157]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-06 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVAP;NAVAP; \??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys []
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090424.003\NAVENG.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090424.003\NAVEX15.sys []
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-10-29 260096]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081]
S3 aujasnkj;aujasnkj; \??\C:\DOCUME~1\JOE&SH~1\LOCALS~1\Temp\aujasnkj.sys []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]
S3 E100B;IntelŪ PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 EVOLUSB;%EVOL_USB_SvcDesc%; C:\WINDOWS\system32\drivers\evolusb.sys [2004-10-20 21984]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\system32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 MAUSBBB;Service for M-Audio Black Box (WDM); C:\WINDOWS\system32\DRIVERS\mausbbb.sys [2006-03-20 103296]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DefWatch;DefWatch; C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe [2003-05-21 32768]
R2 EPSON_PM_RPCV2_01;EPSON V3 Service2(03); C:\WINDOWS\system32\E_S00RP1.EXE [2004-02-18 65536]
R2 IAANTMon;IAA Event Monitor; C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [2004-03-23 73852]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-21 953168]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 Norton AntiVirus Server;Symantec AntiVirus Client; C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe [2003-05-21 610304]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 StatusAgent4;Epson Printer Status Agent4; C:\WINDOWS\system32\SAgent4.exe [2004-02-04 122880]
R2 UnoInstallerService;Uno Installer; C:\Program Files\M-Audio Uno\UnoInst.exe [2004-12-04 106496]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S2 ATI Smart;ATI Smart; C:\WINDOWS\SYSTEM32\ati2sgag.exe [2009-02-25 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-01 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-25 602112]
S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S4 MAudioBlackBoxService;M-Audio BlackBox Installer; C:\Program Files\M-Audio\Black Box\MAUSBBBInst.exe [2006-03-16 57344]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-04-25 20:46:00

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00D0-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D261CA3-5C68-494A-89D1-5DE68ED23146}\Setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83021AC3-086F-4B77-ACCD-1BD7C9AB211E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
ABBYY FineReader 5.0 Sprint Plus-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 8.1.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11.5-->C:\WINDOWS\system32\Adobe\uninstaller.exe
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
AmpliTube 2 Live-->C:\Program Files\InstallShield Installation Information\{02745B66-661A-465C-9CA7-27E8099766FB}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x6974
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Banctec Service Agreement-->MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
Bespelled-->"C:\Program Files\MSN Games\Bespelled\Uninstall.exe" "C:\Program Files\MSN Games\Bespelled\install.log"
Black Box-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DE17D6A-E60F-4BE4-ABE5-D07D9F93704D}\setup.exe" -l0x9 -removeonly
Broadcom Advanced Control Suite 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033
CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Debugging Tools for Windows (x86)-->MsiExec.exe /I{48F95CE7-69D9-4967-81F7-D763CABFBD53}
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support 5.0.0 (630)-->rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
Desktop Doctor-->MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVDFab Decrypter 2.9.7.0-->"C:\Program Files\DVDFab Decrypter\unins000.exe"
EPSON CardMonitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON CX6600 Reference Guide-->C:\Program Files\epson\guide\cx6600_e\uninstall.exe
EPSON PhotoStarter3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE704636-ECD0-426C-952E-05B8DABD1949}\Setup.exe" -l0x9 uninst
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\Setup.exe" -l0x9 Uninstall
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT-->MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC-->MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
ESSTUTOR-->MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
getPlusŪ_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Earth-->MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HD Tune 2.55-->"C:\Program Files\HD Tune\unins000.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HLPIndex-->MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPRFO-->MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
IntelŪ 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "IntelŪ 537EP V9x DF PCI Modem"
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140007_1e1a2512\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LimeWire 5.1.2-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Communicator 2007-->MsiExec.exe /X{E5BA0430-919F-46DD-B656-0796F8A5ADFF}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Ultra Edition-->MsiExec.exe /X{98EFD8F0-08DE-48DB-B922-A2EBAB711033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Photo Click-->MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log
RiffWorks Standard-->C:\Program Files\Sonoma Wire Works\RiffWorks Standard\Uninstall.exe
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
SereneScene Marine Aquarium 2-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SereneScreen\Marine Aquarium 2\Uninst.isu"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001-->MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Symantec AntiVirus Client-->MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
Uno-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8E28912-A7B8-488C-B259-33F9014B9D09}\setup.exe" -l0x9
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office InfoPath 2007 Help (KB957243)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {766DF26B-5F03-48ED-9307-5326F2790ED0}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows PowerShell™ 1.0-->"C:\WINDOWS\$NtUninstallKB926139-v2$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}

======Hosts File======

127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com

======System event log======

Computer Name: D8SDZW61
Event Code: 9
Message: The device, \Device\Ide\IdePort0, did not respond within the timeout period.

Record Number: 66
Source Name: atapi
Time Written: 20090423020839.000000-240
Event Type: error
User:

Computer Name: D8SDZW61
Event Code: 9
Message: The device, \Device\Ide\IdePort0, did not respond within the timeout period.

Record Number: 65
Source Name: atapi
Time Written: 20090423020327.000000-240
Event Type: error
User:

Computer Name: D8SDZW61
Event Code: 9
Message: The device, \Device\Ide\IdePort0, did not respond within the timeout period.

Record Number: 64
Source Name: atapi
Time Written: 20090423015815.000000-240
Event Type: error
User:

Computer Name: D8SDZW61
Event Code: 9
Message: The device, \Device\Ide\IdePort0, did not respond within the timeout period.

Record Number: 63
Source Name: atapi
Time Written: 20090423015303.000000-240
Event Type: error
User:

Computer Name: D8SDZW61
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 21
Source Name: Tcpip
Time Written: 20090423001048.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: D8SDZW61
Event Code: 1000
Message: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x02541f9d.

Record Number: 36
Source Name: Application Error
Time Written: 20090419014559.000000-240
Event Type: error
User:

Computer Name: D8SDZW61
Event Code: 3024
Message: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog


Record Number: 18
Source Name: Windows Search Service
Time Written: 20090418013619.000000-240
Event Type: error
User:

Computer Name: D8SDZW61
Event Code: 3036
Message: The content source <mapi://{s-1-5-18}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
Unspecified error
(0x80004005)


Record Number: 17
Source Name: Windows Search Service
Time Written: 20090418013619.000000-240
Event Type: warning
User:

Computer Name: D8SDZW61
Event Code: 3024
Message: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog


Record Number: 15
Source Name: Windows Search Service
Time Written: 20090418013537.000000-240
Event Type: error
User:

Computer Name: D8SDZW61
Event Code: 3036
Message: The content source <outlookexpress://{s-1-5-21-104354634-2703226084-1685821995-1005}/{31391ef3-b3ac-4f12-94d8-dc2da45e9526}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
(0x81270005)


Record Number: 14
Source Name: Windows Search Service
Time Written: 20090418013536.000000-240
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Sonic Shared;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\WINDOWS\system32\WindowsPowerShell\v1.0
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Thanks again for all your help!!!

Edited by Hercules1, 25 April 2009 - 08:00 PM.


#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:22 PM

Posted 26 April 2009 - 03:22 AM

Hi Hercules1,



Step1

Please run HijackThis! and click "Do a system scan only." Place checks next to the following entries,(if present):

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".


Step2

Please disable Spybot S&D's protection,or it will interfere.
  • You can enable it after you're clean.
  • Open Spybot and click on 'Mode' and check 'Advanced Mode'.
  • Click on 'Tools' in bottom left hand corner.
  • Click on the 'System Startup' icon.
  • Uncheck 'Teatimer' box and/or uncheck 'Resident'.
  • Click the 'Allow Change' box.
  • Then, check next to the computer clock to see if the icon for Spybot is still there.
  • If it is, right click it and choose 'exit Spybot-S&D Resident'.
  • Restart the computer.
  • If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
  • http://www.russelltexas.com/malware/teatimer.htm

Step3

Please disable Windows Defender protection,or it will interfere.

  • Go to Start > All Programs > Windows Defender.
  • Click on Tools at the top.
  • Under Settings, click on Options.
  • Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
  • Under Real-time protection options, uncheck (untick) Use real-time protection (recommended) box.
  • Click on the Save button at the bottom right hand corner.

Step4

If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. You will see the below prompt when you first run ComboFix:


Posted Image


The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once Recovery Console is installed, you should see a blue screen prompt like the one below:


Posted Image

1.Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

2.Click Yes to allow Combofix to continue scanning for malware.

When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.


In your next reply, please post back:

1.Combofix log
2.New HJT log

Tell me how your pc is acting now.

#7 Hercules1

Hercules1
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 26 April 2009 - 12:52 PM

I had to download Combofix twice. The first attempt gave me an error message saying some of the files were corrupt then froze the computer. I manually shut the computer down by holding the off button then restarted it. The second attempt at loading Combofix worked. Also, I ran HijackThis a second time after running Combofix because I could not find a log file from the first run on my Desktop or anywhere else in the files. So, heres the results of the HijackThis and Combofix logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:19 PM, on 4/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Joe & Sherrie\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /M "Stylus CX6600" /EF "HKCU"
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-104354634-2703226084-1685821995-500\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'Administrator')
O4 - HKUS\S-1-5-21-104354634-2703226084-1685821995-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-104354634-2703226084-1685821995-500\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Administrator')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housec...ivex/hcImpl.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} (InSPECS3_0 Control) - http://www.mushkin.com/_detect/InSPECS3_0.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.6.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120202317515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135311071515
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} - http://download.verizon.net/sfp/Cabs/hst/w...tWebInstall.cab
O16 - DPF: {E70CAD52-48BA-40DC-A417-9EE3693F1954} (Project1.UserControl1) - http://www.patriotmem.com/configurator/MemoryControl.ocx
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe

--
End of file - 10506 bytes


ComboFix 09-04-25.A3 - Joe & Sherrie 04/26/2009 13:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2711 [GMT -4:00]
Running from: c:\documents and settings\Joe & Sherrie\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.

2009-04-26 00:39 . 2009-04-26 16:47 -------- d-----w c:\program files\trend micro
2009-04-26 00:39 . 2009-04-26 00:46 -------- d-----w C:\rsit
2009-04-20 03:26 . 2008-05-01 20:35 53248 ----a-w c:\windows\system32\CSVer.dll
2009-04-20 03:24 . 2009-04-20 03:24 -------- d-----w C:\Intel
2009-04-14 22:14 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-10 21:40 . 2009-04-10 21:40 -------- d-----w c:\documents and settings\All Users\Application Data\ATI
2009-04-09 04:04 . 2009-04-09 04:04 -------- d-----w c:\documents and settings\Administrator\Application Data\HouseCall 6.6
2009-04-09 04:04 . 2009-04-09 04:04 -------- d-----w c:\windows\system32\HouseCall 6.6
2009-04-09 01:07 . 2009-04-09 01:07 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-04-09 00:54 . 2009-04-09 00:54 -------- d-----w c:\documents and settings\Administrator\Application Data\IObit
2009-04-09 00:46 . 2009-04-09 00:46 105432 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-08 21:25 . 2009-04-08 21:25 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-04-08 03:31 . 2009-04-08 03:31 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-04-08 03:31 . 2009-04-08 03:31 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-04-07 00:39 . 2008-04-14 00:12 116224 ----a-w c:\windows\system32\dllcache\xrxwiadr.dll
2009-04-07 00:37 . 2001-08-18 02:36 53760 ----a-w c:\windows\system32\dllcache\wiamsmud.dll
2009-04-07 00:36 . 2001-08-17 17:28 687999 ----a-w c:\windows\system32\dllcache\usrwdxjs.sys
2009-04-07 00:35 . 2001-08-18 02:36 47616 ----a-w c:\windows\system32\dllcache\umaxcam.dll
2009-04-07 00:34 . 2001-08-17 16:14 123995 ----a-w c:\windows\system32\dllcache\tjisdn.sys
2009-04-07 00:33 . 2001-08-18 02:36 155648 ----a-w c:\windows\system32\dllcache\stlnprop.dll
2009-04-07 00:32 . 2001-08-17 18:56 147200 ----a-w c:\windows\system32\dllcache\smidispb.dll
2009-04-07 00:31 . 2001-08-17 16:50 68608 ----a-w c:\windows\system32\dllcache\sis6306p.sys
2009-04-07 00:30 . 2001-08-18 02:36 495616 ----a-w c:\windows\system32\dllcache\sblfx.dll
2009-04-07 00:29 . 2001-08-18 02:36 9216 ----a-w c:\windows\system32\dllcache\rsmgrstr.dll
2009-04-07 00:28 . 2001-08-17 17:53 17792 ----a-w c:\windows\system32\dllcache\ppa.sys
2009-04-07 00:27 . 2001-08-18 02:36 44544 ----a-w c:\windows\system32\dllcache\ovui2.dll
2009-04-07 00:26 . 2001-08-17 17:53 7552 ----a-w c:\windows\system32\dllcache\nsmmc.sys
2009-04-07 00:25 . 2001-08-17 17:49 19968 ----a-w c:\windows\system32\dllcache\mxnic.sys
2009-04-07 00:24 . 2001-08-17 17:58 8320 ----a-w c:\windows\system32\dllcache\memcard.sys
2009-04-07 00:23 . 2008-04-14 00:11 48640 ----a-w c:\windows\system32\dllcache\kdsui.dll
2009-04-07 00:22 . 2001-08-17 18:06 154496 ----a-w c:\windows\system32\dllcache\icam4usb.sys
2009-04-07 00:21 . 2001-08-17 17:28 289887 ----a-w c:\windows\system32\dllcache\hsf_fall.sys
2009-04-07 00:20 . 2001-08-17 16:49 322432 ----a-w c:\windows\system32\dllcache\g400m.sys
2009-04-07 00:19 . 2001-08-17 17:28 347550 ----a-w c:\windows\system32\dllcache\es56tpi.sys
2009-04-07 00:18 . 2001-08-17 16:20 334208 ----a-w c:\windows\system32\dllcache\ds1wdm.sys
2009-04-07 00:17 . 2001-08-18 02:36 28672 ----a-w c:\windows\system32\dllcache\cyycoins.dll
2009-04-07 00:16 . 2004-08-04 11:00 66082 ----a-w c:\windows\system32\dllcache\c_20108.nls
2009-04-07 00:15 . 2008-04-13 18:46 53376 ----a-w c:\windows\system32\dllcache\1394bus.sys
2009-04-07 00:15 . 2001-08-17 18:06 11264 ----a-w c:\windows\system32\dllcache\1394vdbg.sys
2009-04-07 00:15 . 2001-08-17 17:28 762780 ----a-w c:\windows\system32\dllcache\3cwmcru.sys
2009-04-07 00:15 . 2004-08-04 11:00 7168 ----a-w c:\windows\system32\dllcache\wamregps.dll
2009-04-07 00:15 . 2001-08-17 18:56 66048 ----a-w c:\windows\system32\dllcache\s3legacy.dll
2009-04-07 00:15 . 2004-08-04 11:00 7680 ----a-w c:\windows\system32\dllcache\inetmgr.exe
2009-04-07 00:15 . 2004-08-04 11:00 19968 ----a-w c:\windows\system32\dllcache\inetsloc.dll
2009-04-07 00:15 . 2004-08-04 11:00 5632 ----a-w c:\windows\system32\dllcache\iisrstap.dll
2009-04-07 00:15 . 2004-08-04 11:00 169984 ----a-w c:\windows\system32\dllcache\iisui.dll
2009-04-07 00:15 . 2004-08-04 11:00 6144 ----a-w c:\windows\system32\dllcache\ftpsapi2.dll
2009-04-07 00:15 . 2004-08-04 11:00 14336 ----a-w c:\windows\system32\dllcache\iisreset.exe
2009-04-07 00:15 . 2004-08-04 11:00 94720 ----a-w c:\windows\system32\dllcache\certmap.ocx
2009-04-06 23:45 . 2009-04-07 00:11 -------- d-----w c:\documents and settings\Joe & Sherrie\Application Data\IObit
2009-04-06 23:45 . 2009-04-06 23:45 -------- d-----w c:\program files\IObit
2009-04-03 05:10 . 2009-04-03 05:11 -------- dc-h--w c:\windows\ie8
2009-04-02 04:18 . 2009-04-02 04:18 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-29 16:48 . 2009-03-29 16:48 -------- d-----w c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 17:28 . 2007-05-25 00:21 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-26 17:27 . 2009-04-07 03:40 1743 ----a-w C:\SMax.log
2009-04-26 17:27 . 2009-01-22 23:06 48559 ----a-w C:\aaw7boot.log
2009-04-26 06:17 . 2005-06-09 22:51 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-23 01:59 . 2009-02-01 00:26 -------- d-----w c:\program files\SpeedFan
2009-04-21 23:54 . 2009-01-22 04:52 15688 ----a-w c:\windows\SYSTEM32\lsdelete.exe
2009-04-21 23:54 . 2009-01-21 19:37 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-20 03:26 . 2005-03-03 00:09 -------- d-----w c:\program files\Intel
2009-04-15 04:59 . 2008-10-09 04:53 -------- d-----w c:\documents and settings\Joe & Sherrie\Application Data\Windows Desktop Search
2009-04-14 22:17 . 2009-01-20 19:28 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-13 03:37 . 2005-03-06 01:35 105432 -c--a-w c:\documents and settings\Joe & Sherrie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-10 21:37 . 2005-03-03 00:10 -------- d-----w c:\program files\ATI Technologies
2009-04-09 04:17 . 2008-11-01 06:12 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-07 00:06 . 2006-01-06 04:53 -------- d-----w c:\documents and settings\Joe & Sherrie\Application Data\Ahead
2009-04-07 00:06 . 2007-02-25 06:19 -------- d-----w c:\program files\LimeWire
2009-04-07 00:05 . 2006-04-26 02:51 -------- d-----w c:\program files\CleanUp!
2009-04-06 21:37 . 2005-03-03 00:09 -------- d-----w c:\program files\Java
2009-04-06 19:32 . 2008-11-01 06:12 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2008-11-01 06:12 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-03 01:22 . 2006-12-31 20:53 -------- d-----w c:\documents and settings\Joe & Sherrie\Application Data\LimeWire
2009-03-21 14:06 . 2004-08-04 11:00 989696 ----a-w c:\windows\SYSTEM32\DLLCACHE\kernel32.dll
2009-03-16 12:37 . 2005-06-09 22:51 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-15 03:26 . 2009-03-15 03:26 -------- d-----w c:\program files\VideoLAN
2009-03-11 02:18 . 2006-04-10 17:00 934792 ------w c:\windows\SYSTEM32\DLLCACHE\WgaTray.exe
2009-03-11 02:18 . 2006-04-10 17:00 239496 ------w c:\windows\SYSTEM32\DLLCACHE\wgaLogon.dll
2009-03-09 09:19 . 2008-12-05 01:45 410984 ----a-w c:\windows\SYSTEM32\deploytk.dll
2009-03-08 18:09 . 2004-08-04 11:00 638816 ----a-w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2009-03-08 18:09 . 2004-08-04 11:00 391536 ----a-w c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
2009-03-08 08:41 . 2004-08-04 11:00 5937152 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2009-03-08 08:39 . 2007-05-09 01:38 11063808 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
2009-03-08 08:34 . 2004-08-04 11:00 914944 ----a-w c:\windows\SYSTEM32\wininet.dll
2009-03-08 08:34 . 2004-08-04 11:00 914944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
2009-03-08 08:34 . 2004-08-04 11:00 1206784 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
2009-03-08 08:34 . 2004-08-04 11:00 236544 ----a-w c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
2009-03-08 08:34 . 2004-08-04 11:00 43008 ----a-w c:\windows\SYSTEM32\licmgr10.dll
2009-03-08 08:34 . 2004-08-04 11:00 43008 ----a-w c:\windows\SYSTEM32\DLLCACHE\licmgr10.dll
2009-03-08 08:34 . 2004-08-04 11:00 105984 ----a-w c:\windows\SYSTEM32\DLLCACHE\url.dll
2009-03-08 08:34 . 2004-08-04 11:00 193536 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll
2009-03-08 08:34 . 2004-08-04 11:00 109568 ----a-w c:\windows\SYSTEM32\DLLCACHE\occache.dll
2009-03-08 08:33 . 2004-08-04 11:00 759296 ----a-w c:\windows\SYSTEM32\DLLCACHE\vgx.dll
2009-03-08 08:33 . 2004-08-04 11:00 18944 ----a-w c:\windows\SYSTEM32\DLLCACHE\corpol.dll
2009-03-08 08:33 . 2004-08-04 11:00 18944 ----a-w c:\windows\SYSTEM32\corpol.dll
2009-03-08 08:33 . 2004-08-04 11:00 25600 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
2009-03-08 08:33 . 2004-08-04 11:00 726528 ----a-w c:\windows\SYSTEM32\DLLCACHE\jscript.dll
2009-03-08 08:33 . 2004-08-04 11:00 229376 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
2009-03-08 08:33 . 2004-08-04 11:00 420352 ----a-w c:\windows\SYSTEM32\vbscript.dll
2009-03-08 08:33 . 2004-08-04 11:00 420352 ----a-w c:\windows\SYSTEM32\DLLCACHE\vbscript.dll
2009-03-08 08:33 . 2004-08-04 11:00 125952 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
2009-03-08 08:32 . 2004-08-04 11:00 72704 ----a-w c:\windows\SYSTEM32\DLLCACHE\admparse.dll
2009-03-08 08:32 . 2004-08-04 11:00 72704 ----a-w c:\windows\SYSTEM32\admparse.dll
2009-03-08 08:32 . 2004-08-04 11:00 173056 ----a-w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2009-03-08 08:32 . 2004-08-04 11:00 163840 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
2009-03-08 08:32 . 2004-08-04 11:00 71680 ----a-w c:\windows\SYSTEM32\iesetup.dll
2009-03-08 08:32 . 2004-08-04 11:00 71680 ----a-w c:\windows\SYSTEM32\DLLCACHE\iesetup.dll
2009-03-08 08:32 . 2004-08-04 11:00 55808 ----a-w c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
2009-03-08 08:32 . 2004-08-04 11:00 128512 ----a-w c:\windows\SYSTEM32\DLLCACHE\advpack.dll
2009-03-08 08:32 . 2004-08-04 11:00 94720 ----a-w c:\windows\SYSTEM32\DLLCACHE\inseng.dll
2009-03-08 08:32 . 2007-05-09 01:38 594432 ----a-w c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
2009-03-08 08:32 . 2007-05-09 01:38 1985024 ----a-w c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
2009-03-08 08:32 . 2004-08-04 11:00 611840 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll
2009-03-08 08:24 . 2004-08-04 11:00 68608 ----a-w c:\windows\SYSTEM32\DLLCACHE\hmmapi.dll
2009-03-08 08:22 . 2004-08-04 11:00 156160 ----a-w c:\windows\SYSTEM32\msls31.dll
2009-03-08 08:22 . 2004-08-04 11:00 156160 ----a-w c:\windows\SYSTEM32\DLLCACHE\msls31.dll
2009-03-08 08:11 . 2007-05-09 01:38 445952 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
2009-03-06 14:22 . 2004-08-04 11:00 284160 ----a-w c:\windows\SYSTEM32\pdh.dll
2009-03-06 14:22 . 2004-08-04 11:00 284160 ----a-w c:\windows\SYSTEM32\DLLCACHE\pdh.dll
2009-02-28 04:55 . 2009-03-20 23:14 105984 ------w c:\windows\SYSTEM32\DLLCACHE\iecompat.dll
2009-02-27 01:54 . 2008-04-05 05:35 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 22:58 . 1980-01-01 06:00 3565568 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 22:58 . 1980-01-01 06:00 3565568 ----a-w c:\windows\SYSTEM32\DLLCACHE\ati2mtag.sys
2009-02-25 21:42 . 2008-12-01 20:52 442368 ----a-w c:\windows\SYSTEM32\ATIDEMGX.dll
2009-02-25 21:41 . 1980-01-01 06:00 325120 ----a-w c:\windows\SYSTEM32\DLLCACHE\ati2dvag.dll
2009-02-25 21:41 . 1980-01-01 06:00 325120 ----a-w c:\windows\SYSTEM32\ati2dvag.dll
2009-02-25 21:30 . 1980-01-01 06:00 11841536 ----a-w c:\windows\SYSTEM32\atioglxx.dll
2009-02-25 21:30 . 1980-01-01 06:00 204800 ----a-w c:\windows\SYSTEM32\atipdlxx.dll
2009-02-25 21:29 . 1980-01-01 06:00 155648 ----a-w c:\windows\SYSTEM32\Oemdspif.dll
2009-02-25 21:29 . 1980-01-01 06:00 26112 ----a-w c:\windows\SYSTEM32\Ati2mdxx.exe
2009-02-25 21:29 . 1980-01-01 06:00 43520 ----a-w c:\windows\SYSTEM32\ati2edxx.dll
2009-02-25 21:29 . 1980-01-01 06:00 155648 ----a-w c:\windows\SYSTEM32\ati2evxx.dll
2009-02-25 21:27 . 1980-01-01 06:00 602112 ----a-w c:\windows\SYSTEM32\ati2evxx.exe
2009-02-25 21:26 . 1980-01-01 06:00 53248 ----a-w c:\windows\SYSTEM32\ATIDDC.DLL
2009-02-25 21:16 . 1980-01-01 06:00 3817984 ----a-w c:\windows\SYSTEM32\DLLCACHE\ati3duag.dll
2009-02-25 21:16 . 1980-01-01 06:00 3817984 ----a-w c:\windows\SYSTEM32\ati3duag.dll
2009-02-25 21:09 . 1980-01-01 06:00 307200 ----a-w c:\windows\SYSTEM32\atiiiexx.dll
2009-02-25 20:59 . 1980-01-01 06:00 2670080 ----a-w c:\windows\SYSTEM32\DLLCACHE\ativvaxx.dll
2009-02-25 20:59 . 1980-01-01 06:00 2670080 ----a-w c:\windows\SYSTEM32\ativvaxx.dll
2009-02-25 20:44 . 2008-12-01 19:57 49664 ----a-w c:\windows\SYSTEM32\amdpcom32.dll
2009-02-25 20:40 . 2006-02-05 00:21 475136 ----a-w c:\windows\SYSTEM32\atikvmag.dll
2009-02-25 20:38 . 2008-12-01 19:52 126976 ----a-w c:\windows\SYSTEM32\atiadlxx.dll
2009-02-25 20:38 . 1980-01-01 06:00 17408 ----a-w c:\windows\SYSTEM32\atitvo32.dll
2009-02-25 20:37 . 2006-02-05 00:21 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-25 20:35 . 2008-12-01 19:50 290816 ----a-w c:\windows\SYSTEM32\atiok3x2.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\SYSTEM32\aticalrt.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\SYSTEM32\aticalcl.dll
2009-02-25 20:32 . 1980-01-01 06:00 626688 ----a-w c:\windows\SYSTEM32\DLLCACHE\ati2cqag.dll
2009-02-25 20:32 . 1980-01-01 06:00 626688 ----a-w c:\windows\SYSTEM32\ati2cqag.dll
2009-02-25 20:30 . 2009-02-25 20:30 3227648 ----a-w c:\windows\SYSTEM32\aticaldd.dll
2009-02-25 19:15 . 2006-02-05 00:22 593920 ------w c:\windows\SYSTEM32\ati2sgag.exe
2009-02-09 12:10 . 2004-08-04 11:00 729088 ----a-w c:\windows\SYSTEM32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 11:00 729088 ----a-w c:\windows\SYSTEM32\DLLCACHE\lsasrv.dll
2006-04-24 18:42 . 2006-04-24 18:42 848 --sha-w c:\windows\SYSTEM32\KGyGaAvL.sys
2008-05-12 21:36 . 2008-05-12 21:36 32768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008051220080513\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2008-01-22 152872]
"EPSON Stylus CX6600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE" [2004-02-29 98304]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"EPSON Stylus CX6600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE" [2004-02-29 98304]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-03-03 98304]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-21 516440]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll
"midi1"= evolusbn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"UPS"=3 (0x3)
"TrkWks"=2 (0x2)
"SysmonLog"=3 (0x3)
"SCardSvr"=3 (0x3)
"RDSessMgr"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"AppMgmt"=3 (0x3)
"AOL ACS"=2 (0x2)
"Fax"=2 (0x2)
"MAudioBlackBoxService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupXu.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-21 953168]
R3 EVOLUSB;%EVOL_USB_SvcDesc%;c:\windows\system32\drivers\evolusb.sys [2004-10-20 21984]
R3 MAUSBBB;Service for M-Audio Black Box (WDM);c:\windows\system32\DRIVERS\mausbbb.sys [2006-03-20 103296]
R4 MAudioBlackBoxService;M-Audio BlackBox Installer;c:\program files\M-Audio\Black Box\MAUSBBBInst.exe [2006-03-16 57344]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-21 64160]
S2 UnoInstallerService;Uno Installer;c:\program files\M-Audio Uno\UnoInst.exe [2004-12-04 106496]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 23:54]

2009-04-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mWindow Title = Windows Internet Explorer provided by Comcast
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\update
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} - hxxp://www.mushkin.com/_detect/InSPECS3_0.cab
DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} - hxxp://download.verizon.net/sfp/Cabs/hst/webinstall/HstWebInstall.cab
DPF: {E70CAD52-48BA-40DC-A417-9EE3693F1954} - hxxp://www.patriotmem.com/configurator/MemoryControl.ocx
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 13:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus CX6600 Series = c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /M "Stylus CX6600" /EF "HKCU"????????????????????????????????????????p?????D~0?A~????*?A~??B~????w?C~??????????????????Y???B~????????????????????T???I??b??????D~??B~??????B~o?B~??Y???????????B~????????????????????????????S??|??????????Y?????????????w?C~S?B~??B~?vB~????????????>?+?????????$????%D?????K???????4????IB~????????????????????????????????T????JB~????????????+S????????????????C~??????????????C~????????8???????????`??

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-104354634-2703226084-1685821995-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-104354634-2703226084-1685821995-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-104354634-2703226084-1685821995-1005)
@Allowed: (Read) (S-1-5-21-104354634-2703226084-1685821995-1005)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-104354634-2703226084-1685821995-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,db,c6,93,d5,3f,5c,44,b2,56,dd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,db,c6,93,d5,3f,5c,44,b2,56,dd,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6052)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-26 13:39
ComboFix-quarantined-files.txt 2009-04-26 17:39

Pre-Run: 51,038,019,584 bytes free
Post-Run: 51,013,193,728 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

329 --- E O F --- 2009-04-23 21:37


I have to leave to pick up my wife, so, I'll have to get back to you on how the computer is acting. Thanks again for all the help you've given!!!

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:22 PM

Posted 26 April 2009 - 02:19 PM

Hi Hercules1,




You're doing well. :thumbup2: The logs look good. It seemed that Combofix has replaced the corrupted Windows system core file for you. We need to see the log. Please do the following:

Click Start -> Run -> copy and paste the text present inside the quote box below in the Open field -> OK

notepad C:\combofix.txt


When Notepad opens, click Edit > Select all then Edit > Copy
Reply to this post and press Ctrl+V to paste the log in your reply.



Step1


Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step2



Please do an online scan with Kaspersky Online Scanner.
Before performing online scan, you should have Java installed first. Please do the following.
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 13...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
  • After the Java installation has finished, please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database has finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "Kas", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation

Please post back the logs in your next reply.

1.KAS Scan Report
2.Fresh HJT log

Tell me how your pc is running now.

#9 Hercules1

Hercules1
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 26 April 2009 - 03:40 PM

sundavis,

Here's the log you requested. I'm going to perform the rest of the steps as you instructed after I post this log. It appeared as if you wanted this first while I do the others.

ComboFix 09-04-25.A3 - Joe & Sherrie 04/26/2009 13:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2711 [GMT -4:00]
Running from: c:\documents and settings\Joe & Sherrie\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.

2009-04-26 00:39 . 2009-04-26 16:47 -------- d-----w c:\program files\trend micro
2009-04-26 00:39 . 2009-04-26 00:46 -------- d-----w C:\rsit
2009-04-20 03:26 . 2008-05-01 20:35 53248 ----a-w c:\windows\system32\CSVer.dll
2009-04-20 03:24 . 2009-04-20 03:24 -------- d-----w C:\Intel
2009-04-14 22:14 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-10 21:40 . 2009-04-10 21:40 -------- d-----w c:\documents and settings\All Users\Application Data\ATI
2009-04-09 04:04 . 2009-04-09 04:04 -------- d-----w c:\documents and settings\Administrator\Application Data\HouseCall 6.6
2009-04-09 04:04 . 2009-04-09 04:04 -------- d-----w c:\windows\system32\HouseCall 6.6
2009-04-09 01:07 . 2009-04-09 01:07 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-04-09 00:54 . 2009-04-09 00:54 -------- d-----w c:\documents and settings\Administrator\Application Data\IObit
2009-04-09 00:46 . 2009-04-09 00:46 105432 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-08 21:25 . 2009-04-08 21:25 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-04-08 03:31 . 2009-04-08 03:31 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-04-08 03:31 . 2009-04-08 03:31 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-04-07 00:39 . 2008-04-14 00:12 116224 ----a-w c:\windows\system32\dllcache\xrxwiadr.dll
2009-04-07 00:37 . 2001-08-18 02:36 53760 ----a-w c:\windows\system32\dllcache\wiamsmud.dll
2009-04-07 00:36 . 2001-08-17 17:28 687999 ----a-w c:\windows\system32\dllcache\usrwdxjs.sys
2009-04-07 00:35 . 2001-08-18 02:36 47616 ----a-w c:\windows\system32\dllcache\umaxcam.dll
2009-04-07 00:34 . 2001-08-17 16:14 123995 ----a-w c:\windows\system32\dllcache\tjisdn.sys
2009-04-07 00:33 . 2001-08-18 02:36 155648 ----a-w c:\windows\system32\dllcache\stlnprop.dll
2009-04-07 00:32 . 2001-08-17 18:56 147200 ----a-w c:\windows\system32\dllcache\smidispb.dll
2009-04-07 00:31 . 2001-08-17 16:50 68608 ----a-w c:\windows\system32\dllcache\sis6306p.sys
2009-04-07 00:30 . 2001-08-18 02:36 495616 ----a-w c:\windows\system32\dllcache\sblfx.dll
2009-04-07 00:29 . 2001-08-18 02:36 9216 ----a-w c:\windows\system32\dllcache\rsmgrstr.dll
2009-04-07 00:28 . 2001-08-17 17:53 17792 ----a-w c:\windows\system32\dllcache\ppa.sys
2009-04-07 00:27 . 2001-08-18 02:36 44544 ----a-w c:\windows\system32\dllcache\ovui2.dll
2009-04-07 00:26 . 2001-08-17 17:53 7552 ----a-w c:\windows\system32\dllcache\nsmmc.sys
2009-04-07 00:25 . 2001-08-17 17:49 19968 ----a-w c:\windows\system32\dllcache\mxnic.sys
2009-04-07 00:24 . 2001-08-17 17:58 8320 ----a-w c:\windows\system32\dllcache\memcard.sys
2009-04-07 00:23 . 2008-04-14 00:11 48640 ----a-w c:\windows\system32\dllcache\kdsui.dll
2009-04-07 00:22 . 2001-08-17 18:06 154496 ----a-w c:\windows\system32\dllcache\icam4usb.sys
2009-04-07 00:21 . 2001-08-17 17:28 289887 ----a-w c:\windows\system32\dllcache\hsf_fall.sys
2009-04-07 00:20 . 2001-08-17 16:49 322432 ----a-w c:\windows\system32\dllcache\g400m.sys
2009-04-07 00:19 . 2001-08-17 17:28 347550 ----a-w c:\windows\system32\dllcache\es56tpi.sys
2009-04-07 00:18 . 2001-08-17 16:20 334208 ----a-w c:\windows\system32\dllcache\ds1wdm.sys
2009-04-07 00:17 . 2001-08-18 02:36 28672 ----a-w c:\windows\system32\dllcache\cyycoins.dll
2009-04-07 00:16 . 2004-08-04 11:00 66082 ----a-w c:\windows\system32\dllcache\c_20108.nls
2009-04-07 00:15 . 2008-04-13 18:46 53376 ----a-w c:\windows\system32\dllcache\1394bus.sys
2009-04-07 00:15 . 2001-08-17 18:06 11264 ----a-w c:\windows\system32\dllcache\1394vdbg.sys
2009-04-07 00:15 . 2001-08-17 17:28 762780 ----a-w c:\windows\system32\dllcache\3cwmcru.sys
2009-04-07 00:15 . 2004-08-04 11:00 7168 ----a-w c:\windows\system32\dllcache\wamregps.dll
2009-04-07 00:15 . 2001-08-17 18:56 66048 ----a-w c:\windows\system32\dllcache\s3legacy.dll
2009-04-07 00:15 . 2004-08-04 11:00 7680 ----a-w c:\windows\system32\dllcache\inetmgr.exe
2009-04-07 00:15 . 2004-08-04 11:00 19968 ----a-w c:\windows\system32\dllcache\inetsloc.dll
2009-04-07 00:15 . 2004-08-04 11:00 5632 ----a-w c:\windows\system32\dllcache\iisrstap.dll
2009-04-07 00:15 . 2004-08-04 11:00 169984 ----a-w c:\windows\system32\dllcache\iisui.dll
2009-04-07 00:15 . 2004-08-04 11:00 6144 ----a-w c:\windows\system32\dllcache\ftpsapi2.dll
2009-04-07 00:15 . 2004-08-04 11:00 14336 ----a-w c:\windows\system32\dllcache\iisreset.exe
2009-04-07 00:15 . 2004-08-04 11:00 94720 ----a-w c:\windows\system32\dllcache\certmap.ocx
2009-04-06 23:45 . 2009-04-07 00:11 -------- d-----w c:\documents and settings\Joe & Sherrie\Application Data\IObit
2009-04-06 23:45 . 2009-04-06 23:45 -------- d-----w c:\program files\IObit
2009-04-03 05:10 . 2009-04-03 05:11 -------- dc-h--w c:\windows\ie8
2009-04-02 04:18 . 2009-04-02 04:18 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-29 16:48 . 2009-03-29 16:48 -------- d-----w c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 17:28 . 2007-05-25 00:21 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-26 17:27 . 2009-04-07 03:40 1743 ----a-w C:\SMax.log
2009-04-26 17:27 . 2009-01-22 23:06 48559 ----a-w C:\aaw7boot.log
2009-04-26 06:17 . 2005-06-09 22:51 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-23 01:59 . 2009-02-01 00:26 -------- d-----w c:\program files\SpeedFan
2009-04-21 23:54 . 2009-01-22 04:52 15688 ----a-w c:\windows\SYSTEM32\lsdelete.exe
2009-04-21 23:54 . 2009-01-21 19:37 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-20 03:26 . 2005-03-03 00:09 -------- d-----w c:\program files\Intel
2009-04-15 04:59 . 2008-10-09 04:53 -------- d-----w c:\documents and settings\Joe & Sherrie\Application Data\Windows Desktop Search
2009-04-14 22:17 . 2009-01-20 19:28 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-13 03:37 . 2005-03-06 01:35 105432 -c--a-w c:\documents and settings\Joe & Sherrie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-10 21:37 . 2005-03-03 00:10 -------- d-----w c:\program files\ATI Technologies
2009-04-09 04:17 . 2008-11-01 06:12 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-07 00:06 . 2006-01-06 04:53 -------- d-----w c:\documents and settings\Joe & Sherrie\Application Data\Ahead
2009-04-07 00:06 . 2007-02-25 06:19 -------- d-----w c:\program files\LimeWire
2009-04-07 00:05 . 2006-04-26 02:51 -------- d-----w c:\program files\CleanUp!
2009-04-06 21:37 . 2005-03-03 00:09 -------- d-----w c:\program files\Java
2009-04-06 19:32 . 2008-11-01 06:12 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2008-11-01 06:12 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-03 01:22 . 2006-12-31 20:53 -------- d-----w c:\documents and settings\Joe & Sherrie\Application Data\LimeWire
2009-03-21 14:06 . 2004-08-04 11:00 989696 ----a-w c:\windows\SYSTEM32\DLLCACHE\kernel32.dll
2009-03-16 12:37 . 2005-06-09 22:51 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-15 03:26 . 2009-03-15 03:26 -------- d-----w c:\program files\VideoLAN
2009-03-11 02:18 . 2006-04-10 17:00 934792 ------w c:\windows\SYSTEM32\DLLCACHE\WgaTray.exe
2009-03-11 02:18 . 2006-04-10 17:00 239496 ------w c:\windows\SYSTEM32\DLLCACHE\wgaLogon.dll
2009-03-09 09:19 . 2008-12-05 01:45 410984 ----a-w c:\windows\SYSTEM32\deploytk.dll
2009-03-08 18:09 . 2004-08-04 11:00 638816 ----a-w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2009-03-08 18:09 . 2004-08-04 11:00 391536 ----a-w c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
2009-03-08 08:41 . 2004-08-04 11:00 5937152 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2009-03-08 08:39 . 2007-05-09 01:38 11063808 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
2009-03-08 08:34 . 2004-08-04 11:00 914944 ----a-w c:\windows\SYSTEM32\wininet.dll
2009-03-08 08:34 . 2004-08-04 11:00 914944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
2009-03-08 08:34 . 2004-08-04 11:00 1206784 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
2009-03-08 08:34 . 2004-08-04 11:00 236544 ----a-w c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
2009-03-08 08:34 . 2004-08-04 11:00 43008 ----a-w c:\windows\SYSTEM32\licmgr10.dll
2009-03-08 08:34 . 2004-08-04 11:00 43008 ----a-w c:\windows\SYSTEM32\DLLCACHE\licmgr10.dll
2009-03-08 08:34 . 2004-08-04 11:00 105984 ----a-w c:\windows\SYSTEM32\DLLCACHE\url.dll
2009-03-08 08:34 . 2004-08-04 11:00 193536 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll
2009-03-08 08:34 . 2004-08-04 11:00 109568 ----a-w c:\windows\SYSTEM32\DLLCACHE\occache.dll
2009-03-08 08:33 . 2004-08-04 11:00 759296 ----a-w c:\windows\SYSTEM32\DLLCACHE\vgx.dll
2009-03-08 08:33 . 2004-08-04 11:00 18944 ----a-w c:\windows\SYSTEM32\DLLCACHE\corpol.dll
2009-03-08 08:33 . 2004-08-04 11:00 18944 ----a-w c:\windows\SYSTEM32\corpol.dll
2009-03-08 08:33 . 2004-08-04 11:00 25600 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
2009-03-08 08:33 . 2004-08-04 11:00 726528 ----a-w c:\windows\SYSTEM32\DLLCACHE\jscript.dll
2009-03-08 08:33 . 2004-08-04 11:00 229376 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
2009-03-08 08:33 . 2004-08-04 11:00 420352 ----a-w c:\windows\SYSTEM32\vbscript.dll
2009-03-08 08:33 . 2004-08-04 11:00 420352 ----a-w c:\windows\SYSTEM32\DLLCACHE\vbscript.dll
2009-03-08 08:33 . 2004-08-04 11:00 125952 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
2009-03-08 08:32 . 2004-08-04 11:00 72704 ----a-w c:\windows\SYSTEM32\DLLCACHE\admparse.dll
2009-03-08 08:32 . 2004-08-04 11:00 72704 ----a-w c:\windows\SYSTEM32\admparse.dll
2009-03-08 08:32 . 2004-08-04 11:00 173056 ----a-w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2009-03-08 08:32 . 2004-08-04 11:00 163840 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
2009-03-08 08:32 . 2004-08-04 11:00 71680 ----a-w c:\windows\SYSTEM32\iesetup.dll
2009-03-08 08:32 . 2004-08-04 11:00 71680 ----a-w c:\windows\SYSTEM32\DLLCACHE\iesetup.dll
2009-03-08 08:32 . 2004-08-04 11:00 55808 ----a-w c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
2009-03-08 08:32 . 2004-08-04 11:00 128512 ----a-w c:\windows\SYSTEM32\DLLCACHE\advpack.dll
2009-03-08 08:32 . 2004-08-04 11:00 94720 ----a-w c:\windows\SYSTEM32\DLLCACHE\inseng.dll
2009-03-08 08:32 . 2007-05-09 01:38 594432 ----a-w c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
2009-03-08 08:32 . 2007-05-09 01:38 1985024 ----a-w c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
2009-03-08 08:32 . 2004-08-04 11:00 611840 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll
2009-03-08 08:24 . 2004-08-04 11:00 68608 ----a-w c:\windows\SYSTEM32\DLLCACHE\hmmapi.dll
2009-03-08 08:22 . 2004-08-04 11:00 156160 ----a-w c:\windows\SYSTEM32\msls31.dll
2009-03-08 08:22 . 2004-08-04 11:00 156160 ----a-w c:\windows\SYSTEM32\DLLCACHE\msls31.dll
2009-03-08 08:11 . 2007-05-09 01:38 445952 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
2009-03-06 14:22 . 2004-08-04 11:00 284160 ----a-w c:\windows\SYSTEM32\pdh.dll
2009-03-06 14:22 . 2004-08-04 11:00 284160 ----a-w c:\windows\SYSTEM32\DLLCACHE\pdh.dll
2009-02-28 04:55 . 2009-03-20 23:14 105984 ------w c:\windows\SYSTEM32\DLLCACHE\iecompat.dll
2009-02-27 01:54 . 2008-04-05 05:35 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 22:58 . 1980-01-01 06:00 3565568 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 22:58 . 1980-01-01 06:00 3565568 ----a-w c:\windows\SYSTEM32\DLLCACHE\ati2mtag.sys
2009-02-25 21:42 . 2008-12-01 20:52 442368 ----a-w c:\windows\SYSTEM32\ATIDEMGX.dll
2009-02-25 21:41 . 1980-01-01 06:00 325120 ----a-w c:\windows\SYSTEM32\DLLCACHE\ati2dvag.dll
2009-02-25 21:41 . 1980-01-01 06:00 325120 ----a-w c:\windows\SYSTEM32\ati2dvag.dll
2009-02-25 21:30 . 1980-01-01 06:00 11841536 ----a-w c:\windows\SYSTEM32\atioglxx.dll
2009-02-25 21:30 . 1980-01-01 06:00 204800 ----a-w c:\windows\SYSTEM32\atipdlxx.dll
2009-02-25 21:29 . 1980-01-01 06:00 155648 ----a-w c:\windows\SYSTEM32\Oemdspif.dll
2009-02-25 21:29 . 1980-01-01 06:00 26112 ----a-w c:\windows\SYSTEM32\Ati2mdxx.exe
2009-02-25 21:29 . 1980-01-01 06:00 43520 ----a-w c:\windows\SYSTEM32\ati2edxx.dll
2009-02-25 21:29 . 1980-01-01 06:00 155648 ----a-w c:\windows\SYSTEM32\ati2evxx.dll
2009-02-25 21:27 . 1980-01-01 06:00 602112 ----a-w c:\windows\SYSTEM32\ati2evxx.exe
2009-02-25 21:26 . 1980-01-01 06:00 53248 ----a-w c:\windows\SYSTEM32\ATIDDC.DLL
2009-02-25 21:16 . 1980-01-01 06:00 3817984 ----a-w c:\windows\SYSTEM32\DLLCACHE\ati3duag.dll
2009-02-25 21:16 . 1980-01-01 06:00 3817984 ----a-w c:\windows\SYSTEM32\ati3duag.dll
2009-02-25 21:09 . 1980-01-01 06:00 307200 ----a-w c:\windows\SYSTEM32\atiiiexx.dll
2009-02-25 20:59 . 1980-01-01 06:00 2670080 ----a-w c:\windows\SYSTEM32\DLLCACHE\ativvaxx.dll
2009-02-25 20:59 . 1980-01-01 06:00 2670080 ----a-w c:\windows\SYSTEM32\ativvaxx.dll
2009-02-25 20:44 . 2008-12-01 19:57 49664 ----a-w c:\windows\SYSTEM32\amdpcom32.dll
2009-02-25 20:40 . 2006-02-05 00:21 475136 ----a-w c:\windows\SYSTEM32\atikvmag.dll
2009-02-25 20:38 . 2008-12-01 19:52 126976 ----a-w c:\windows\SYSTEM32\atiadlxx.dll
2009-02-25 20:38 . 1980-01-01 06:00 17408 ----a-w c:\windows\SYSTEM32\atitvo32.dll
2009-02-25 20:37 . 2006-02-05 00:21 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-25 20:35 . 2008-12-01 19:50 290816 ----a-w c:\windows\SYSTEM32\atiok3x2.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\SYSTEM32\aticalrt.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\SYSTEM32\aticalcl.dll
2009-02-25 20:32 . 1980-01-01 06:00 626688 ----a-w c:\windows\SYSTEM32\DLLCACHE\ati2cqag.dll
2009-02-25 20:32 . 1980-01-01 06:00 626688 ----a-w c:\windows\SYSTEM32\ati2cqag.dll
2009-02-25 20:30 . 2009-02-25 20:30 3227648 ----a-w c:\windows\SYSTEM32\aticaldd.dll
2009-02-25 19:15 . 2006-02-05 00:22 593920 ------w c:\windows\SYSTEM32\ati2sgag.exe
2009-02-09 12:10 . 2004-08-04 11:00 729088 ----a-w c:\windows\SYSTEM32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 11:00 729088 ----a-w c:\windows\SYSTEM32\DLLCACHE\lsasrv.dll
2006-04-24 18:42 . 2006-04-24 18:42 848 --sha-w c:\windows\SYSTEM32\KGyGaAvL.sys
2008-05-12 21:36 . 2008-05-12 21:36 32768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008051220080513\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2008-01-22 152872]
"EPSON Stylus CX6600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE" [2004-02-29 98304]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"EPSON Stylus CX6600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE" [2004-02-29 98304]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-03-03 98304]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-21 516440]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll
"midi1"= evolusbn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"UPS"=3 (0x3)
"TrkWks"=2 (0x2)
"SysmonLog"=3 (0x3)
"SCardSvr"=3 (0x3)
"RDSessMgr"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"AppMgmt"=3 (0x3)
"AOL ACS"=2 (0x2)
"Fax"=2 (0x2)
"MAudioBlackBoxService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupXu.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-21 953168]
R3 EVOLUSB;%EVOL_USB_SvcDesc%;c:\windows\system32\drivers\evolusb.sys [2004-10-20 21984]
R3 MAUSBBB;Service for M-Audio Black Box (WDM);c:\windows\system32\DRIVERS\mausbbb.sys [2006-03-20 103296]
R4 MAudioBlackBoxService;M-Audio BlackBox Installer;c:\program files\M-Audio\Black Box\MAUSBBBInst.exe [2006-03-16 57344]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-21 64160]
S2 UnoInstallerService;Uno Installer;c:\program files\M-Audio Uno\UnoInst.exe [2004-12-04 106496]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 23:54]

2009-04-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mWindow Title = Windows Internet Explorer provided by Comcast
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\update
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} - hxxp://www.mushkin.com/_detect/InSPECS3_0.cab
DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} - hxxp://download.verizon.net/sfp/Cabs/hst/webinstall/HstWebInstall.cab
DPF: {E70CAD52-48BA-40DC-A417-9EE3693F1954} - hxxp://www.patriotmem.com/configurator/MemoryControl.ocx
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 13:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus CX6600 Series = c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /M "Stylus CX6600" /EF "HKCU"????????????????????????????????????????p?????D~0?A~????*?A~??B~????w?C~??????????????????Y???B~????????????????????T???I??b??????D~??B~??????B~o?B~??Y???????????B~????????????????????????????S??|??????????Y?????????????w?C~S?B~??B~?vB~????????????>?+?????????$????%D?????K???????4????IB~????????????????????????????????T????JB~????????????+S????????????????C~??????????????C~????????8???????????`??

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-104354634-2703226084-1685821995-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-104354634-2703226084-1685821995-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-104354634-2703226084-1685821995-1005)
@Allowed: (Read) (S-1-5-21-104354634-2703226084-1685821995-1005)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-104354634-2703226084-1685821995-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,db,c6,93,d5,3f,5c,44,b2,56,dd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,db,c6,93,d5,3f,5c,44,b2,56,dd,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6052)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-26 13:39
ComboFix-quarantined-files.txt 2009-04-26 17:39

Pre-Run: 51,038,019,584 bytes free
Post-Run: 51,013,193,728 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

329 --- E O F --- 2009-04-23 21:37

#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:22 PM

Posted 26 April 2009 - 04:14 PM

Hi Hercules1,



This copy is not i want it. Can you navigate to the following file path to locate the previous log. That content should be different from the copy.

C:\Qoobox\ComboFix2.txt

#11 Hercules1

Hercules1
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 26 April 2009 - 04:22 PM

sundavis,

I've run into another problem. I can't get Java to install. This happened once before a long time ago when I tried to run a Trendmicro on-line scan. Back then it said I didn't have Jave installed when I knew I did. At that time I used Add/Remove Programs to delete it from my computer and tried to reinstall it thinking something happened to the original and a fresh install would help. I'm getting the same problem now that I did back then and I never resolved what the cause was. I followed the steps you have listed to the point where it begins the installation. Then, it stops and gives me a Java Setup error. It says...

Error 25099. Unzipping core files failed.

I tried downloading and installing twice. I even looked in Add/Remove Programs and Windows Install Clean UP to see if there was anything left from previous attempts. I'm not finding anything that's left from the past.

Any ideas how to work around this and get it to install?

#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:22 PM

Posted 26 April 2009 - 04:32 PM

Hi Hercules1,



Please download JavaRa and unzip it to your desktop. For more info: http://fileforum.betanews.com/detail/JavaRa/1207335071/1
  • Double-click on JavaRa.exe to start the program.
  • Click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.
Reboot your pc normally.

Now install the update java.

#13 Hercules1

Hercules1
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 26 April 2009 - 04:35 PM

I didn't realize you had posted prior to my last post. I can't seem to navigate to the file path you requested. What should I do to find it?

#14 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:22 PM

Posted 26 April 2009 - 04:45 PM

Show All Files

Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:
  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)
You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:
  • Show hidden files and folders
Click Apply and then click OK

Then, Go to C disk---> C:\Qoobox\ComboFix2.txt

The error message of java maybe the download is corrupted, you need to redownlad it. If you have the problems, try flashget. http://www.flashget.com/en/download.htm

Start flashget, File menu>New Download> copy/paste the following bold intoURL box, then press OK.

http://javadl.sun.com/webapps/download/AutoDL?BundleId=29219

#15 Hercules1

Hercules1
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 26 April 2009 - 05:39 PM

When I followed your instructions for finding C:\Qoobox\ComboFix2.txt, the only .txt files I find in the Qoobox folder are are one for add/remove programs log and ComboFix-quarantined-files.txt. I don't see anything for C:\Qoobox\ComboFix2.txt anywhere.

Also, I tried using Flashget to download Java and recieved the same error 25099. I did notice that the error occurs when the installation is at "Extracting Installer."

Thanks for your patience in dealing with this problem!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users